1. Caddy version (caddy version
):
v2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8=
2. How I run Caddy:
Note: My binary is built with the following modules:
- Standard
- Cloudflare
- NTLM-Transport
- Prometheus
a. System environment:
Caddy: Native Install
Hypervisor: Hyper-V
OS: Ubuntu Server 18.04.4
b. Command:
caddy run, caddy start, caddy stop
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
{
email certs@alexsguardian.net
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
default_sni centaurus
admin localhost:2019
}
(header) {
header / {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Xss-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Content-Security-Policy "upgrade-insecure-requests"
Referrer-Policy "strict-origin-when-cross-origin"
Cache-Control "public, max-age=15, must-revalidate"
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture *; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none'"
}
}
(tls) {
tls {
dns cloudflare <token>
}
}
lab.alexsguardian.net {
# import header
import tls
log {
output file /var/log/caddy/lab.log {
roll_size 50mb
roll_keep 5
roll_keep_for 80h
}
}
route / {
reverse_proxy 192.168.9.2:3000
}
route /portainer {
uri strip_prefix /portainer
reverse_proxy 192.168.9.8:9000/portainer/
}
route /portainer/api/websocket/ {
uri strip_prefix /portainer
reverse_proxy 192.168.9.8:9000/api/websocket/
}
route /sonarr {
reverse_proxy 10.8.8.79:8989
}
route /radarr {
reverse_proxy 10.8.8.79:7878
}
route /tautulli {
reverse_proxy 192.168.9.8:8181
}
}
3. The problem I’m having:
I am trying to use routes to direct subdirectories to different services. All services (except portainer, which I don’t really care for at the moment) support subdirectories and are already configured on their side.
4. Error messages and/or full log output:
Latest Error on current config:
2020/05/07 20:50:30.871 info http.log.access.log0 handled request {"request": {"method": "GET", "uri": "/radarr/login?returnUrl=/radarr/", "proto": "HTTP/1.1", "remote_addr": "172.69.50.51:31444", "host": "lab.alexsguardian.net", "headers": {"Cdn-Loop": ["cloudflare"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 Edg/81.0.416.68"], "Sec-Fetch-Dest": ["document"], "Connection": ["Keep-Alive"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Cache-Control": ["max-age=0"], "Upgrade-Insecure-Requests": ["1"], "Sec-Fetch-Mode": ["navigate"], "Accept-Language": ["en,en-US;q=0.9"], "Cf-Request-Id": ["02928085470000f17eb30d5200000001"], "Cf-Ipcountry": ["US"], "X-Forwarded-For": ["73.130.234.167"], "X-Forwarded-Proto": ["https"], "Dnt": ["1"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Sec-Fetch-Site": ["cross-site"], "Sec-Fetch-User": ["?1"], "Cookie": ["tautulli_token_7d5762e1f10743c2a9c8746fd1aa071a=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxMzQxMzcyNCwidXNlciI6ImFsZXhhbmR6b3JzIiwiZXhwIjoxNTg5NjQ2NTIxLCJ1c2VyX2dyb3VwIjoiYWRtaW4ifQ.KD5ZAns20VfSz7VafOqHCTmQJFhN8cI0323Y2txIEnQ; __cfduid=d372c2274151a19adff0e04412003d9e71587138771; grafana_session=4af1617776b262b658a938b56f840e41"], "Accept-Encoding": ["gzip"], "Cf-Ray": ["58fdd04edfeff17e-PIT"], "Cf-Connecting-Ip": ["73.130.234.167"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "", "proto_mutual": true, "server_name": "lab.alexsguardian.net"}}, "common_log": "172.69.50.51 - - [07/May/2020:20:50:30 +0000] \"GET /radarr/login?returnUrl=/radarr/ HTTP/1.1\" 0 0", "duration": 0.000051801, "size": 0, "status": 0, "resp_headers": {"Server": ["Caddy"]}}
2020/05/07 20:50:34.370 info http.log.access.log0 handled request {"request": {"method": "GET", "uri": "/tautulli/api/v2?apikey=183694165a7a404d8e2e7eec518ff851&cmd=get_activity", "proto": "HTTP/1.1", "remote_addr": "172.69.50.9:53816", "host": "lab.alexsguardian.net", "headers": {"User-Agent": ["python-requests/2.21.0"], "Accept": ["*/*"], "Connection": ["Keep-Alive"], "Accept-Encoding": ["gzip"], "X-Forwarded-Proto": ["https"], "Cookie": ["__cfduid=d2aef4f8d672bd9de92f546c7c7b84e641588882020; redirect_to=%2Ftautulli%2Fapi%2Fv2%3Fapikey%3D183694165a7a404d8e2e7eec518ff851%26cmd%3Dget_activity"], "Cdn-Loop": ["cloudflare"], "Cf-Connecting-Ip": ["73.130.234.167"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Cf-Request-Id": ["02928092bd0000f186cf32d200000001"], "Cf-Ipcountry": ["US"], "X-Forwarded-For": ["73.130.234.167"], "Cf-Ray": ["58fdd0646c58f186-PIT"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "", "proto_mutual": true, "server_name": "lab.alexsguardian.net"}}, "common_log": "172.69.50.9 - - [07/May/2020:20:50:34 +0000] \"GET /tautulli/api/v2?apikey=183694165a7a404d8e2e7eec518ff851&cmd=get_activity HTTP/1.1\" 0 0", "duration": 0.0000287, "size": 0, "status": 0, "resp_headers": {"Server": ["Caddy"]}}
Radarr and Sonarr both return blank pages and the url in full is: https://lab.alexsguardian.net/radarr/login?returnUrl=/radarr/
https://lab.alexsguardian.net/sonarr/login?returnUrl=/sonarr/
Tautulli is just a blank page with the full url:
https://lab.alexsguardian.net/tautulli/
5. What I already tried:
I’ve tried the following route setups. Only using one route as an example.
route /sonarr {
reverse_proxy 10.8.8.79:9898
}
route /sonarr/ {
reverse_proxy 10.8.8.79:9898/sonarr
}
route /sonarr {
reverse_proxy 10.8.8.79/sonarr/
}
6. Links to relevant resources:
Old v1 config for same domain:
lab.alexsguardian.net {
gzip
tls certs@alexsguardian.net {
dns cloudflare
}
# header / {
# Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# X-Xss-Protection "1; mode=block"
# X-Content-Type-Options "nosniff"
# X-Frame-Options "DENY"
# Content-Security-Policy "upgrade-insecure-requests"
# Referrer-Policy "strict-origin-when-cross-origin"
# Cache-Control "public, max-age=15, must-revalidate"
# Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture *; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none'"
# }
errors /srv/logs/lab/errors/E!-lab-agnet.log {
rotate_size 50
rotate_age 90
rotate_keep 20
rotate_compress
502 /srv/erpages/500.html
}
log / /srv/logs/lab/lab-agnet.log {
rotate_size 50
rotate_age 90
rotate_keep 20
rotate_compress
}
proxy / http://192.168.9.2:3000 {
transparent
websocket
}
proxy /portainer/ 10.8.8.52:9000 {
without /portainer
transparent
header_upstream -Connection
}
proxy /portainer/api/websocket/ portainer:9000 {
without /portainer
transparent
websocket
}
proxy /sonarr 10.8.8.79:8989 {
transparent
websocket
}
proxy /radarr 10.8.8.79:7878 {
transparent
websocket
}
proxy /tautulli 192.168.9.8:8181 {
transparent
websocket
}
Also note the first route works (port 3000 one).
I have no idea if I am using routes right so any help would be appreciated. Would also prefer not to setup subdomains for these apps as I’d like to keep them under my lab subdomain.