Improve logging from webhook

When an error occurs in the webhook (either with itself or due to invalid input), it returns a 4xx/5xx and some error text. For security reasons, Caddy reduces all of these results to a simple 400/503. Since aiohttp only logs the response code, and Caddy only logs admin problems, this information was lost. We don't really do anything with access logs, so just enable them only for the errors.
matplotlib · Feb 13, 2025 · 76760f1 · 76760f1
1 parent e8e37f7
commit 76760f1
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/templates/Caddyfile.j2 b/templates/Caddyfile.j2
@@ -22,6 +22,15 @@ https://{{ caddy.addresses.webhook }} {
 http://{{ caddy.addresses.webhook }} {
 {% endif %}
 
+	# Include access logs when an error occurs, since we mask any internal errors
+	# from escaping to the outside world, but otherwise don't log.
+	log {
+		output discard
+	}
+	log errors {
+		no_hostname
+	}
+
 	root * {{ caddy.site_dir }}
 
 	# https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#delivery-headers
@@ -41,6 +50,9 @@ http://{{ caddy.addresses.webhook }} {
 			# Don't leak out internal problems.
 			@error status 4xx 5xx
 			handle_response @error {
+				log_name errors
+				log_append api_error_code {rp.status_code}
+				log_append api_error_text {rp.status_text}
 				error 400
 			}
 		}
@@ -51,6 +63,9 @@ http://{{ caddy.addresses.webhook }} {
 			# Don't leak out internal problems.
 			@error status 4xx 5xx
 			handle_response @error {
+				log_name errors
+				log_append api_error_code {rp.status_code}
+				log_append api_error_text {rp.status_text}
 				error 503
 			}
 		}