Caddy + DuckDNS + Docker, Cannot access subdomain with reverse proxy

holy_elbow · May 25, 2022, 7:20am

1. Caddy version (`caddy version`):

Caddy 2.5.1

2. How I run Caddy:

Docker Container

a. System environment:

Windows 10
Portainer
DuckDNS

c. Service/unit/compose file:

version: "3.7"

services:
  caddy:
    container_name: caddy
    image: caddy:latest
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - /d/Docker/Caddy/Caddyfile:/etc/caddy/Caddyfile
      - /d/Docker/Caddy/site:/srv
      - /d/Docker/Caddy/caddy_data:/data
      - /d/Docker/Caddy/caddy_config:/config

d. My complete Caddyfile or JSON config:

totallylegitmedia.duckdns.org

reverse_proxy localhost:8096

3. The problem I’m having:

I am trying to use Caddy to reverse proxy my DuckDNS subdomain to my jellyfin docker container. Sometimes I will get "Warning: Potential Security Risk, but the request will time out after hitting accept risk.

4. Error messages and/or full log output:

     

{"level":"info","ts":1653460568.8948114,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}

{"level":"warn","ts":1653460568.896762,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":3}

{"level":"info","ts":1653460568.9035113,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}

{"level":"info","ts":1653460568.9041646,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}

{"level":"info","ts":1653460568.9041975,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}

{"level":"info","ts":1653460568.9052007,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002b3d50"}

{"level":"info","ts":1653460568.9057665,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}

{"level":"info","ts":1653460568.9063392,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["totallylegitmedia.duckdns.org"]}

{"level":"info","ts":1653460568.9291306,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}

{"level":"info","ts":1653460568.9291692,"msg":"serving initial configuration"}

{"level":"info","ts":1653460568.9661863,"logger":"tls","msg":"finished cleaning storage units"}

{"level":"error","ts":1653460633.3531284,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"58590","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.003102,"status":502,"err_id":"z3q87szt4","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653460634.189818,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"58602","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003688,"status":502,"err_id":"jhs2hku0h","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653460657.1559389,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"58780","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0004329,"status":502,"err_id":"zgmge0ebw","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653460657.9890382,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"58788","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0005587,"status":502,"err_id":"uxhsaqmkr","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653460679.634629,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"58958","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Accept":["*/*"],"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0004499,"status":502,"err_id":"awrzfx4xy","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653460680.4719067,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"58970","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0004724,"status":502,"err_id":"6wde2jcrd","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653460892.264213,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"60612","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0004203,"status":502,"err_id":"7a6c2x0wb","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653460893.1083963,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"60622","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003128,"status":502,"err_id":"0whybfunt","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653460893.184399,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"60624","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Accept":["*/*"],"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0006076,"status":502,"err_id":"z4a9avkn7","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653460894.0214045,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"60640","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003491,"status":502,"err_id":"r3mdbxwuw","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653462552.5237916,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45186","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0010239,"status":502,"err_id":"tjbhwn2zp","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653462552.6458266,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45188","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003689,"status":502,"err_id":"ywc303evn","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653462553.4842632,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45202","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0004491,"status":502,"err_id":"xccfpb2j8","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653462555.4185257,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45220","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0005067,"status":502,"err_id":"5k5ejbca1","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653462556.251429,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45228","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003688,"status":502,"err_id":"q5xjk0adb","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653462588.7423756,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45484","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0004092,"status":502,"err_id":"w5h8bevzj","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653462589.5836868,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45494","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003333,"status":502,"err_id":"fa6pmupje","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653462599.5544667,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45574","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003701,"status":502,"err_id":"rsipx4b0z","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653462600.3961668,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"45586","proto":"HTTP/1.1","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Connection":["keep-alive"],"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003136,"status":502,"err_id":"7i0nc5akp","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653462698.61262,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"46342","proto":"HTTP/2.0","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Pragma":["no-cache"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-US"],"Cache-Control":["no-cache"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0008006,"status":502,"err_id":"jyyyzpe7m","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653462709.3740876,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"46432","proto":"HTTP/2.0","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br"],"Pragma":["no-cache"],"Cache-Control":["no-cache"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Dest":["document"],"Accept-Language":["en-US"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0006163,"status":502,"err_id":"fj6bpnw3b","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653462724.0741606,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"46554","proto":"HTTP/2.0","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"Cache-Control":["no-cache"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36"],"Sec-Fetch-Dest":["document"],"Pragma":["no-cache"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-US"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0003884,"status":502,"err_id":"sfywxj00y","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

{"level":"error","ts":1653462743.0203896,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8096: connect: connection refused","request":{"remote_ip":"172.17.0.1","remote_port":"46708","proto":"HTTP/2.0","method":"GET","host":"totallylegitmedia.duckdns.org","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br"],"Pragma":["no-cache"],"Cache-Control":["no-cache"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"],"Accept-Language":["en-US"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"totallylegitmedia.duckdns.org"}},"duration":0.0005984,"status":502,"err_id":"ddxxk1fgp","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}

5. What I already tried:

I have already tried different dockerhub files and Caddyfile setups as well as tried to follow a few guides on YouTube.

6. Links to relevant resources:

https://jellyfin.org/docs/general/networking/caddy.html

francislavoie · May 25, 2022, 2:21pm

When in Docker, localhost means “try to connect to this container”. Networking is isolated in Docker.

How are you running Jellyfin? Is it in another Docker container? If so, use the name of the docker container to connect to it. It needs to share a Docker Network for the containers to see eachother.

reverse_proxy jellyfin:8096

holy_elbow · May 25, 2022, 5:20pm

This seems like the solution as I have Jellyfin in another docker container.

system · June 24, 2022, 7:21am

This topic was automatically closed after 30 days. New replies are no longer allowed.