1. Caddy version (caddy version
):
Caddy 2.5.1
2. How I run Caddy:
Docker Container
a. System environment:
Windows 10
Portainer
DuckDNS
c. Service/unit/compose file:
version: "3.7"
services:
caddy:
container_name: caddy
image: caddy:latest
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- /d/Docker/Caddy/Caddyfile:/etc/caddy/Caddyfile
- /d/Docker/Caddy/site:/srv
- /d/Docker/Caddy/caddy_data:/data
- /d/Docker/Caddy/caddy_config:/config
d. My complete Caddyfile or JSON config:
totallylegitmedia.duckdns.org
reverse_proxy localhost:8096
3. The problem I’m having:
I am trying to use Caddy to reverse proxy my DuckDNS subdomain to my jellyfin docker container. Sometimes I will get "Warning: Potential Security Risk, but the request will time out after hitting accept risk.
4. Error messages and/or full log output:
{"level":"info","ts":1653460568.8948114,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1653460568.896762,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":3}
{"level":"info","ts":1653460568.9035113,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1653460568.9041646,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1653460568.9041975,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1653460568.9052007,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002b3d50"}
{"level":"info","ts":1653460568.9057665,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1653460568.9063392,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["totallylegitmedia.duckdns.org"]}
{"level":"info","ts":1653460568.9291306,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1653460568.9291692,"msg":"serving initial configuration"}
{"level":"info","ts":1653460568.9661863,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"error","ts":1653460633.3531284,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"58590","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.003102,"status":502,"err_id":"z3q87szt4","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653460634.189818,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"58602","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003688,"status":502,"err_id":"jhs2hku0h","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653460657.1559389,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"58780","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0004329,"status":502,"err_id":"zgmge0ebw","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653460657.9890382,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"58788","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0005587,"status":502,"err_id":"uxhsaqmkr","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653460679.634629,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"58958","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Accept":["*/*"],"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0004499,"status":502,"err_id":"awrzfx4xy","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653460680.4719067,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"58970","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0004724,"status":502,"err_id":"6wde2jcrd","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653460892.264213,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"60612","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0004203,"status":502,"err_id":"7a6c2x0wb","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653460893.1083963,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"60622","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003128,"status":502,"err_id":"0whybfunt","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653460893.184399,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"60624","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Accept":["*/*"],"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0006076,"status":502,"err_id":"z4a9avkn7","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653460894.0214045,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"60640","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003491,"status":502,"err_id":"r3mdbxwuw","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653462552.5237916,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45186","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0010239,"status":502,"err_id":"tjbhwn2zp","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653462552.6458266,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45188","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003689,"status":502,"err_id":"ywc303evn","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653462553.4842632,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45202","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0004491,"status":502,"err_id":"xccfpb2j8","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653462555.4185257,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45220","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0005067,"status":502,"err_id":"5k5ejbca1","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653462556.251429,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45228","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003688,"status":502,"err_id":"q5xjk0adb","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653462588.7423756,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45484","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0004092,"status":502,"err_id":"w5h8bevzj","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653462589.5836868,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45494","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003333,"status":502,"err_id":"fa6pmupje","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653462599.5544667,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45574","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003701,"status":502,"err_id":"rsipx4b0z","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653462600.3961668,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45586","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003136,"status":502,"err_id":"7i0nc5akp","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653462698.61262,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"46342","proto":"HTTP/2.0","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Pragma":["no-cache"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-US"],"Cache-Control":["no-cache"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0008006,"status":502,"err_id":"jyyyzpe7m","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653462709.3740876,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"46432","proto":"HTTP/2.0","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br"],"Pragma":["no-cache"],"Cache-Control":["no-cache"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Dest":["document"],"Accept-Language":["en-US"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0006163,"status":502,"err_id":"fj6bpnw3b","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653462724.0741606,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"46554","proto":"HTTP/2.0","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Cache-Control":["no-cache"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36"],"Sec-Fetch-Dest":["document"],"Pragma":["no-cache"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-US"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003884,"status":502,"err_id":"sfywxj00y","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
{"level":"error","ts":1653462743.0203896,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"46708","proto":"HTTP/2.0","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br"],"Pragma":["no-cache"],"Cache-Control":["no-cache"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"],"Accept-Language":["en-US"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0005984,"status":502,"err_id":"ddxxk1fgp","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
5. What I already tried:
I have already tried different dockerhub files and Caddyfile setups as well as tried to follow a few guides on YouTube.