Caddy as reverse proxy in local network

Help
1

1. Caddy version:

2.6.4

2. How I installed, and run Caddy:

docker

a. System environment:

docker

b. Command:

Paste command here.

c. Service/unit/compose file:

version: "3.7"

services:
  caddy:
    image: caddy:latest
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - $PWD/Caddyfile:/etc/caddy/Caddyfile
      - $PWD/site:/srv
    networks:
      priv_lan:
        ipv4_address: 192.168.1.11

networks:

  # The priv_lan network is already setup, so it is an 'external' network
  priv_lan:
    external:
      name: priv_lan

d. My complete Caddy config:

{
    auto_https off
}

x.home.lan {
  reverse_proxy 192.168.1.205:5000 
}

3. The problem I’m having:

I would like to use Caddy in my local network as reverse proxy. In Adguard home I set DNS rewrite: *.home.lan → 192.168.1.11. So any subdomain at *.home.lan resolves to Caddy’s IP address. I do not need https, so I disabled it. I set ipv4_address, because I would like that the container shows up as a real IP on my local network.

After bringing docker-compose up, I can ping Caddy’s IP, but that’s all, I can’t access services defined in the Caddyfile.

4. Error messages and/or full log output:

mihalkoadrian@Adrian-MacBook-Pro ~ % curl http://x.home.lan
curl: (7) Failed to connect to x.home.lan port 80 after 74 ms: Couldn't connect to server
mihalkoadrian@Adrian-MacBook-Pro ~ % dig x.home.lan

; <<>> DiG 9.10.6 <<>> x.home.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44224
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;x.home.lan.			IN	A

;; ANSWER SECTION:
x.home.lan.		10	IN	A	192.168.1.11

madrian@debian:~/docker/caddy$ docker-compose up
Building with native build. Learn about native build in Compose here: https://docs.docker.com/go/compose-native-build/
Starting caddy_caddy_1 ... done
Attaching to caddy_caddy_1
caddy_1  | {"level":"info","ts":1676500201.4216044,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
caddy_1  | {"level":"warn","ts":1676500201.424177,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
caddy_1  | {"level":"info","ts":1676500201.4265282,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
caddy_1  | {"level":"warn","ts":1676500201.427776,"logger":"http","msg":"automatic HTTPS is completely disabled for server","server_name":"srv0"}
caddy_1  | {"level":"info","ts":1676500201.42843,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
caddy_1  | {"level":"info","ts":1676500201.428868,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
caddy_1  | {"level":"info","ts":1676500201.4293804,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
caddy_1  | {"level":"info","ts":1676500201.4301066,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
caddy_1  | {"level":"info","ts":1676500201.4305398,"msg":"serving initial configuration"}
caddy_1  | {"level":"info","ts":1676500201.4311547,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00040b420"}
caddy_1  | {"level":"info","ts":1676500201.4316404,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
caddy_1  | {"level":"info","ts":1676500201.4320703,"logger":"tls","msg":"finished cleaning storage units"}

5. What I already tried:

6. Links to relevant resources:

2

Is priv_lan network configured externally as a Docker macvlan bridge?

Can you please elaborate on “can’t access”? There’s a million possible things that can prevent you from being able to access something - firewalls, routing issues, configuration issues. If you could explain the exact behaviour that occurs when you attempt to access the services and failing - what results or error messages you get, what screens you see, etc - we might be able to suggest what specific kind of issue you’re experiencing.

1 Like
3

Yes, using:

docker network create -d macvlan
–subnet=192.168.1.0/24
–gateway=192.168.1.1
-o parent=ens192 priv_lan

Already included in the log file, but here it is again:

mihalkoadrian@Adrian-MacBook-Pro ~ % curl http://x.home.lan
curl: (7) Failed to connect to x.home.lan port 80 after 74 ms: Couldn't connect to server

x.home.lan is defined in Caddyfile, I can ping it, but I get Couldn’t connect to server when I am trying to connect to this address. I think it is some of network configuration issue, because I don’t see any connection attempt in Caddy’s log.

Thank you,
Adrian

4

I found the error, I need to specify port :80, I think because I am not using https.

{
    auto_https off
    debug
}

service1.home.lan:80 {
 reverse_proxy 192.168.1.54:7878
}

service2.home.lan:80 {
  reverse_proxy 192.168.1.155:5005
}

First reverse proxy works without any problem, 1.54 is a physical PC on my network.

But, there is a problem with accessing any service on the host (1.155, where the Caddy and other containers are hosted).

caddy_1 | {"level":"error","ts":1676570117.1278238,"logger":"http.log.error","msg":"dial tcp 192.168.1.155:5000: i/o timeout","request":{"remote_ip":"192.168.1.226","remote_port":"63823","proto":"HTTP/1.1","method":"GET","host":"x.home.lan","uri":"/","headers":{"User-Agent":["curl/7.86.0"],"Accept":["*/*"]}},"duration":3.001463332,"status":502,"err_id":"03ed6wa13","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}

5
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.