1. Caddy version (caddy version):
v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=
2. How I run Caddy:
a. System environment:
Ubuntu 20.04.3 via systemd
b. Command:
/usr/bin/caddy run --environ --config /media/data/1/git/peet_homeautomation/server_configs/kuat_config/Caddyfile
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /media/data/1/git/peet_homeautomation/server_configs/kuat_config/Caddyfile
ExecReload=/usr/bin/caddy reload --config /media/data/1/git/peet_homeautomation/server_configs/kuat_config/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
{
email my-email@gmail.com
}
####################################################################################
# Snippets
####################################################################################
####### Snippet 1 #######
(trustedlocations) {
@untrusted not remote_ip IP_ADDRESS_LIST
basicauth @untrusted {
USERNAME HASH_PASSWORD
}
}
(mylocations) {
import trustedlocations
reverse_proxy /sonarr* 127.0.0.1:8990 { # https://sonarr.tv/
}
reverse_proxy /radarr* 127.0.0.1:7880 { # https://github.com/Radarr/Radarr
}
}
portainer.dpeet.net {
encode gzip
reverse_proxy 127.0.0.1:9000 {
header_up X-Forwarded-Host {host}
}
}
ha.dpeet.net {
encode gzip
reverse_proxy 10.0.2.40:8123
}
3. The problem I’m having:
I have Eero routers, and when I activate Eero secure they take over the DNS to provide threat detection and adblocking. On reddit they have said “Eero secure hijacks all dns requests made by clients regardless of the dns settings. The gateway eero sends all dns requests through an encrypted tunnel to Zscaler where they are inspected. In that sense, the dns settings on clients doesn’t really matter (unless your using a pihole or something where the dns is a local IP).” and “It will, and does. It’ll block anything on port 53 and it also sets a DoH canary that should stop most browsers from doing DoH.”
Navigating to my websites (ie portainer.dpeet.net or dpeet.net/sonar) I’ll get the error
“Your connection is not private. NET::ERR_CERT_COMMON_NAME_INVALID”
under more information it says
“This server could not prove that it is portainer.dpeet.net; its security certificate is from dns1.eerodns.com.”
4. Error messages and/or full log output:
5. What I already tried:
I called Eero and they said it wasn’t their fault and to contact my system admin… Any hope that I can configure this to work with caddy?