Caddy can't phone out but nginx-pm can?

1. Output of caddy version:

lucaslorentz/caddy-docker-proxy:2.4.0

2. How I run Caddy:

Tried it with the small example script from the offical documentary as well as building one with xcaddy to support the cloudflare-dns plugin

Custom Docker image with cloudflare-dns plugin

a. System environment:

Debian 11
systemd yes I guess?

Docker yes - although I don’t know if using plugins or anything else is easier without it.

b. Command:

xcaddy build \
    --with github.com/caddyserver/<cloudflare-dns plugin link>

as this didn’t work I tried my luck with docker a docker image

sudo docker-compose up -d

c. Service/unit/compose file:

version: "3.7"
services:
  proxied:
    # see here for guidance on which image / tag to choose:
    # https://github.com/lucaslorentz/caddy-docker-proxy#docker-images
    image: lucaslorentz/caddy-docker-proxy:2.4.0
    ports:
      - 80:80
      - 443:443
    environment:
      - CADDY_INGRESS_NETWORKS=caddy
    networks:
      proxied:
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /caddy_data:/data
    restart: unless-stopped

networks:
  proxied:
    external: true

volumes:
  caddy_data: {}

d. My complete Caddy config:

#Caddyfile

rd.meiermeier.com {
	reverse_proxy rustdesk:8000

	tls {
                dns cloudflare 
        }
}

hd.meiermeier.com {
    reverse_proxy heimdall:49153 {
        transparent
    }
}

3. The problem I’m having:

a misconfiguration? since npm does work!
Caddy does nothing besides presenting me the demo page on port 80.

I want to achieve:
Using Caddy as a reverse proxy with automatic ssl handling and if somehow possible automatic sub domain creation on my cloudflare or any other domain but this is highly optional and I would be thankful enough if I just get the basic reverse proxy operation going.

4. Error messages and/or full log output:

5. What I already tried:

Installed nginx-pm as a container which can phone outside, handle certs etc.

6. Links to relevant resources:

That’s an old version. Please upgrade to the latest, v2.8.1:

You’ll want to add -p 443:443/udp; Caddy now enables HTTP3 by default, which uses UDP.

Add a volume for /config as well, which is handy to see the generated config from your labels.

Why are you using caddy-docker-proxy if you’re using a Caddyfile? Kinda defeats the purpose of that plugin.

The caddy-docker-proxy project is to allow you to configure Caddy using docker labels. But you’re not doing that, as far as I can tell.

You might want the official Docker image instead: Docker

A couple things here:

Why do you have DNS challenge set up in one site but not the other?

Just checking, you do have an API key set up for your Cloudflare plugin? Just making sure you understood that that’s necessary, because it’s blank there (but obviously don’t post your API key, since that’s a secret).

Also, to use the cloudflare DNS plugin, you need a build of Caddy that includes it. It doesn’t ship with Caddy by default. Do you actually need it? You might not need a DNS plugin.

There’s no such thing as transparent in Caddy v2. Remove that. The proxy in v2 is “transparent” by default.

That would be because you haven’t actually told Caddy to run with that Caddyfile, according to your docker-compose.yml. You didn’t mount the Caddyfile into the container for it to use it.

What do you mean by “phone outside”?

I don’t understand what’s going on with your logs. What’s with all the INF all over? That definitely doesn’t look right.

1 Like

All these inf are probably just a copying error.
Here is a screenshot:

Now after some trying around after your good hints.
I ended up having this configuration:

version: "3.7"
services:
  caddy:
    image: slothcroissant/caddy-cloudflaredns
    ports:
      - 80:80
      - 443:443/udp
    environment:
      - CADDY_INGRESS_NETWORKS=caddy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes/caddy_data/_data/:/data
      - /var/lib/docker/volumes/caddy_config/_data:/config
      - /home/js/Documents/docker-compose/caddy:/caddy
    restart: unless-stopped

networks:
  default:
    external:
      name: proxied

volumes:
  caddy_data: {}

Caddyfile

tls 123@gmail.com { 
    dns cloudflare 123
  }

bw.meiermeier.com {
    reverse_proxy vaultwarden:3663 {
    }
}

lsof

sudo lsof -i :80
COMMAND      PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
docker-pr 183971 root    4u  IPv4 1270496      0t0  TCP *:http (LISTEN)

sudo lsof -i :443
COMMAND      PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
docker-pr 183957 root    4u  IPv4 1272340      0t0  UDP *:https

It still doesn’t work though.

You don’t need to mount the docker socket if you’re not using caddy-docker-proxy.

You don’t need this either, that’s only for caddy-docker-proxy.

This binds only port 443 UDP, but not TCP. You need both - 443:443 and - 443:443/udp to do both.

Why this? Are you trying to mount your Caddyfile? That’s not the right path. The path to the Caddyfile is /etc/caddy/Caddyfile. You need to mount it there.

That’s an invalid config. tls is a directive, so it must go within a site block. See the docs:

Also, you don’t need the braces on reverse_proxy because you’re not passing any subdirectives to it.

And I don’t see a vaultwarden service in your docker-compose.yml. Did you add your vaultwarden container to your proxied Docker network?

1 Like

Thank you again Francis!

I think I’m getting close to be done with the configuration.
However I’m still getting an error message this time concerning my email-address.

docker-compose

version: "3.7"
services:
  caddy:
    image: slothcroissant/caddy-cloudflaredns
    ports:
      - 80:80
      - 443:443/udp
      - 443:443
    environment:
      - CLOUDFLARE_EMAIL=1234@gmail.com 
      - CLOUDFLARE_API_TOKEN=1234
      - ACME_AGREE=true 
    volumes:
      - /var/lib/docker/volumes/caddy_data/_data/:/data
      - /var/lib/docker/volumes/caddy_config/_data:/config
      - /home/js/Documents/docker-compose/caddy/Caddyfile:/etc/caddy/Caddyfile
    restart: unless-stopped

networks:
  default:
    external:
      name: proxied

volumes:
  caddy_data: {}

Caddyfile

*.meiermeier.com {
    tls {
        email {$CLOUDFLARE_EMAIL}
        dns cloudflare {$CLOUDFLARE_API_TOKEN}
    }
}

meiermeier.com {
    redir https://hd.meiermeier.com
}

www.meiermeier.com {
    redir https://hd.meiermeier.com
}

hd.meiermeier {
    reverse_proxy 192.168.178.2:49153
}

www.meiermeier.com {
	redir https://meiermeier{uri}
}

I’m not sure if the last redirect should be higher

And yes the bitwarden and all other container are in my proxied network when they don’t have any special needs. For the ease of this thread I just provide hd for heimdall which will be served as the mainpage when you connect to my domain.

As the error reads

Error: adapting config using caddyfile: parsing caddyfile token for 'tls': /etc/caddy/Caddfile:3 - Error during parsing: unknown subdirective: email

there is no email option in tls (Caddyfile directive) — Caddy Documentation

The email is optional and comes right after tls, not within tls { }

So it should look like

*.meiermeier.com {
	tls {$CLOUDFLARE_EMAIL} {
		dns cloudflare {$CLOUDFLARE_API_TOKEN}
	}
}

instead

Please have a look at the documentation (in this case tls (Caddyfile directive) — Caddy Documentation)

1 Like

Thanks for the Answer Emily.

INF ts=1673738990.158599 msg=using provided configuration config_file=/etc/caddy/Caddyfile config_adapter=caddyfile

Error: adapting config using caddyfile: ambiguous site definition: www.meiermeier.com

Now I’m getting this error though. :frowning:

That’s cause you have two sites with the same address. Remove one of them.

1 Like

WOW! It does work!
One small issue I have is when I want to access my domain with typing

http://www.meiermeier.com/
http://meiermeier.com/

I receive this error

Does any of you guys know a solution for this? Is this even possible doing with Caddy or do I have to look in my cloudflare dashboard for it?

Thank you so much for the patient help you’ve provided so far especially for a beginner like me! :heart:

Ok seems like I was able to locate the problem I guess.
I got some help from a discord user and it seems that my cloudflare dns was causing the issue. I don’t know now if it was that cloudflare needed some time or that I’ve flushed the cache of the google dns to my website.

Thank you so much for your help!
@francislavoie and @IndeedNotJames

Oh by the way I ended up having this Caddyfile.
I don’t know if the new added lines at the top I got from the discord user are neccessary because I added them before we figured out the dns problem.

:80 {
    redir https://{host}{uri}
}

www.meiermeier.com:443 {
    redir https://hd.meiermeier.com
}

meiermeier.com:443 {
    redir https://hd.meiermeier.com
}

hd.meiermeier.com:443 {
    reverse_proxy 192.168.178.2:49153
    tls {$CLOUDFLARE_EMAIL} {
        dns cloudflare {$CLOUDFLARE_API_TOKEN}
    }
}

jf.meiermeier.com {
    reverse_proxy 192.168.178.2:8096
}

vs.meiermeier.com {
    reverse_proxy 192.168.178.2:8443
}

pt.meiermeier.com {
    reverse_proxy 192.168.178.2:9442
}

fb.meiermeier.com {
    reverse_proxy 192.168.178.2:8082
}