1. The problem I’m having:
Im hosting a jellyfin server on the same machine as caddy (proxmox lxc) and ive noticed that even while on lan the video stream is buffering way to much. Connecting directly to the jellyfin ip gives me perfect speeds and no buffering, but when i go through caddy i seem limited to 20mbit based on the chrome developer network usage tab and my switch’s logs. The dns record is managed by cloudlfare and i have dns proxying off, pihole is setup as a local dns to send jellyfin.mydomain.net to the caddy local ip, and tracert shows jellyfin.mydomain.net goes straight to my router and then caddy’s local ip. Using iperf3 to test the connection speeds between the machines i got 25gig between jellyfin and caddy, and 1gig between caddy and my pc (as expected from my netowrk setup). There doesnt appear to be anything bottlenecking caddy. htop from the jellyfin server and caddy show minimal CPU usage with no cpu core ever going past around 20%.
2. Error messages and/or full log output:
Jul 23 13:12:51 caddy caddy[138]: {"level":"debug","ts":1721740371.3320642,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.5.3:8096","total_upstreams":1}
Jul 23 13:12:51 caddy caddy[138]: {"level":"debug","ts":1721740371.3337307,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.5.3:8096","duration":0.001627235,"request":{"remote_ip":"172.68.64.200","remote_port":"38928","client_ip":"172.68.64.200","proto":"HTTP/2.0","method":"GET","host":"jellyfin.mydomain.net","uri":"/ScheduledTasks?IsEnabled=true","headers":{"Priority":["u=1, i"],"Sec-Fetch-Mode":["cors"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Site":["same-origin"],"Authorization":["REDACTED"],"X-Forwarded-Host":["jellyfin.mydomain.net"],"Cdn-Loop":["cloudflare"],"X-Forwarded-For":["172.68.64.200"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Ch-Ua":["\"Not/A)Brand\";v=\"8\", \"Chromium\";v=\"126\", \"Google Chrome\";v=\"126\""],"X-Forwarded-Proto":["https"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Cf-Ray":["8a7beca8bb80a88e-SYD"],"Sec-Fetch-Dest":["empty"],"Cf-Ipcountry":["AU"],"Accept-Encoding":["gzip, br"],"Accept":["application/json"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Connecting-Ip":["138.130.8.127"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"jellyfin.mydomain.net"}},"headers":{"Date":["Tue, 23 Jul 2024 13:12:50 GMT"],"Server":["Kestrel"],"X-Response-Time-Ms":["1.0933"],"Content-Length":["0"]},"status":401}
Jul 23 13:12:51 caddy caddy[138]: {"level":"debug","ts":1721740371.596284,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:51 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["3lnD-LBAvtDgkKL9sGeiDBR72krsChyyCbW8KIj_OPmKidm5fE4"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:52 caddy caddy[138]: {"level":"debug","ts":1721740372.1005063,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:51 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["3lnD-LBAQqj2vklttYChClK8zkXQDF9e9nVfKgHOkKFWf4d9bEY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:52 caddy caddy[138]: {"level":"debug","ts":1721740372.5951188,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:52 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["Xhy1Tzt5Nrgbbmv3iId9kKS3A1NFcKjjbSTNk8JNkqyxxAHE08E"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:53 caddy caddy[138]: {"level":"debug","ts":1721740373.0836532,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:52 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["3lnD-LBAXFP7SNvc82iMSMeElSX_9w5oQPRgPFCDPTQIuHvwH00"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:53 caddy caddy[138]: {"level":"debug","ts":1721740373.572321,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:53 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["Xhy1Tzt5VxOYaTUFkuXq-jv1U2tr2uXJ7rG5Qbrp8EWgr0jIvqs"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:54 caddy caddy[138]: {"level":"debug","ts":1721740374.073328,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:53 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["3lnD-LBAZJ6V6cINbvlf46XjUZwRNwlaWgSbGdl3S7LvTFNeOJ0"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:54 caddy caddy[138]: {"level":"debug","ts":1721740374.5602999,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:54 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["Xhy1Tzt5ke91WR6TzccRy_60XhebIM8SVLp5yQXoCkI5uTbCDHU"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:55 caddy caddy[138]: {"level":"debug","ts":1721740375.0505624,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:54 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["Xhy1Tzt5DcbPwc5uuliXSenvaD0Q1BwI2HyRyofjTVGnhwX3m-Y"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:55 caddy caddy[138]: {"level":"debug","ts":1721740375.5393639,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["1199"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:55 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["Xhy1Tzt5Pw9JGA_qoCvwdGfq9874e4BGSmaaHpXXLL_wpnvL40Q"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:55 caddy caddy[138]: {"level":"error","ts":1721740375.5396762,"logger":"http.acme_client","msg":"challenge failed","identifier":"spacebase.mydomain.net","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"2606:4700:3030::ac43:9fa3: Invalid response from http://spacebase.mydomain.net/.well-known/acme-challenge/ofilZXzkL5U-YEOpDXbDPzs1XIs5aTCdsvyvRxx4q34: 522","instance":"","subproblems":[]}}
Jul 23 13:12:55 caddy caddy[138]: {"level":"error","ts":1721740375.539717,"logger":"http.acme_client","msg":"validating authorization","identifier":"spacebase.mydomain.net","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"2606:4700:3030::ac43:9fa3: Invalid response from http://spacebase.mydomain.net/.well-known/acme-challenge/ofilZXzkL5U-YEOpDXbDPzs1XIs5aTCdsvyvRxx4q34: 522","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1697003727/289872639127","attempt":2,"max_attempts":3}
Jul 23 13:12:55 caddy caddy[138]: {"level":"error","ts":1721740375.5397532,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"spacebase.mydomain.net","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - 2606:4700:3030::ac43:9fa3: Invalid response from http://spacebase.mydomain.net/.well-known/acme-challenge/ofilZXzkL5U-YEOpDXbDPzs1XIs5aTCdsvyvRxx4q34: 522"}
Jul 23 13:12:55 caddy caddy[138]: {"level":"debug","ts":1721740375.5398319,"logger":"events","msg":"event","name":"cert_failed","id":"209ae035-4be5-4bc8-9565-cfc89791273f","origin":"tls","data":{"error":{},"identifier":"spacebase.mydomain.net","issuers":["acme-v02.api.letsencrypt.org-directory"],"remaining":303320316768634,"renewal":true}}
Jul 23 13:12:55 caddy caddy[138]: {"level":"error","ts":1721740375.5398464,"logger":"tls.renew","msg":"will retry","error":"[spacebase.mydomain.net] Renew: [spacebase.mydomain.net] solving challenge: spacebase.mydomain.net: [spacebase.mydomain.net] authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - 2606:4700:3030::ac43:9fa3: Invalid response from http://spacebase.mydomain.net/.well-known/acme-challenge/ofilZXzkL5U-YEOpDXbDPzs1XIs5aTCdsvyvRxx4q34: 522 (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":43.856875127,"max_duration":2592000}
ate":["Tue, 23 Jul 2024 13:13:02 GMT"],"Server":["Kestrel"],"Access-Control-Allow-Origin":["*"]},"status":200}
Jul 23 13:13:03 caddy caddy[138]: {"level":"debug","ts":1721740383.5876462,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.5.3:8096","total_upstreams":1}
Jul 23 13:13:03 caddy caddy[138]: {"level":"debug","ts":1721740383.5910647,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.5.3:8096","duration":0.00336103,"request":{"remote_ip":"172.68.64.200","remote_port":"38928","client_ip":"172.68.64.200","proto":"HTTP/2.0","method":"GET","host":"jellyfin.mydomain.net","uri":"/videos/bfe1a9fc-717e-4b92-48a3-2eecbe89ce97/master.m3u8?DeviceId=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2fDE3MTk2NzAzNDExMjE1&MediaSourceId=bfe1a9fc717e4b9248a32eecbe89ce97&VideoCodec=av1,hevc,h264,hevc&AudioCodec=aac,opus,flac&AudioStreamIndex=1&VideoBitrate=119616000&AudioBitrate=384000&MaxFramerate=23.976025&PlaySessionId=106020c28fa6468bbfc062feba2ae96c&api_key=a9699fd0d585450389e88bc1af6c667a&TranscodingMaxAudioChannels=2&RequireAvc=false&Tag=39ed73b483b2e5881df559503b3b56d5&SegmentContainer=mp4&MinSegments=1&BreakOnNonKeyFrames=True&hevc-level=150&hevc-videobitdepth=10&hevc-profile=main10&hevc-rangetype=SDR,HDR10,HLG&hevc-deinterlace=true&TranscodeReasons=ContainerNotSupported,%20AudioCodecNotSupported","headers":{"Sec-Fetch-Site":["same-origin"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"],"Sec-Ch-Ua-Platform":["\"Windows\""],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["jellyfin.mydomain.net"],"Cdn-Loop":["cloudflare"],"Cf-Ipcountry":["AU"],"Accept-Encoding":["gzip, br"],"Sec-Ch-Ua-Mobile":["?0"],"Priority":["u=1, i"],"Accept":["*/*"],"Sec-Fetch-Mode":["cors"],"Sec-Ch-Ua":["\"Not/A)Brand\";v=\"8\", \"Chromium\";v=\"126\", \"Google Chrome\";v=\"126\""],"Cf-Ray":["8a7becf55dd1a88e-SYD"],"Sec-Fetch-Dest":["empty"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Connecting-Ip":["138.130.8.127"],"X-Forwarded-For":["172.68.64.200"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"jellyfin.mydomain.net"}},"headers":{"Content-Length":["1902"],"Content-Type":["application/vnd.apple.mpegurl"],"Date":["Tue, 23 Jul 2024 13:13:03 GMT"],"Server":["Kestrel"],"Expires":["0"],"X-Response-Time-Ms":["2.7969"]},"status":200}
Jul 23 13:13:03 caddy caddy[138]: {"level":"debug","ts":1721740383.643174,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.5.3:8096","total_upstreams":1}
Jul 23 13:13:03 caddy caddy[138]: {"level":"debug","ts":1721740383.8763254,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.5.3:8096","duration":0.233042691,"request":{"remote_ip":"172.68.64.200","remote_port":"38928","client_ip":"172.68.64.200","proto":"HTTP/2.0","method":"GET","host":"jellyfin.mydomain.net","uri":"/videos/bfe1a9fc-717e-4b92-48a3-2eecbe89ce97/main.m3u8?DeviceId=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2fDE3MTk2NzAzNDExMjE1&MediaSourceId=bfe1a9fc717e4b9248a32eecbe89ce97&VideoCodec=av1,hevc,h264,hevc&AudioCodec=aac,opus,flac&AudioStreamIndex=1&VideoBitrate=119616000&AudioBitrate=384000&MaxFramerate=23.976025&PlaySessionId=106020c28fa6468bbfc062feba2ae96c&api_key=a9699fd0d585450389e88bc1af6c667a&TranscodingMaxAudioChannels=2&RequireAvc=false&Tag=39ed73b483b2e5881df559503b3b56d5&SegmentContainer=mp4&MinSegments=1&BreakOnNonKeyFrames=True&hevc-level=150&hevc-videobitdepth=10&hevc-profile=main10&hevc-rangetype=SDR,HDR10,HLG&hevc-deinterlace=true&TranscodeReasons=ContainerNotSupported,%20AudioCodecNotSupported","headers":{"Sec-Fetch-Mode":["cors"],"X-Forwarded-Proto":["https"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Accept-Encoding":["gzip, br"],"Sec-Ch-Ua":["\"Not/A)Brand\";v=\"8\", \"Chromium\";v=\"126\", \"Google Chrome\";v=\"126\""],"Sec-Ch-Ua-Platform":["\"Windows\""],"Cf-Ray":["8a7becf5ae00a88e-SYD"],"Accept":["*/*"],"X-Forwarded-For":["172.68.64.200"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Sec-Ch-Ua-Mobile":["?0"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"],"Sec-Fetch-Dest":["empty"],"Cdn-Loop":["cloudflare"],"Sec-Fetch-Site":["same-origin"],"Cf-Connecting-Ip":["138.130.8.127"],"Cf-Ipcountry":["AU"],"Priority":["u=1, i"],"X-Forwarded-Host":["jellyfin.mydomain.net"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"jellyfin.mydomain.net"}},"headers":{"X-Response-Time-Ms":["232.2588"],"Content-Length":["525600"],"Content-Type":["application/vnd.apple.mpegurl"],"Date":["Tue, 23 Jul 2024 13:13:03 GMT"],"Server":["Kestrel"]},"status":200}
Jul 23 13:13:04 caddy caddy[138]: {"level":"debug","ts":1721740384.1808825,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.5.3:8096","total_upstreams":1}
Jul 23 13:13:04 caddy caddy[138]: {"level":"debug","ts":1721740384.1878211,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.5.3:8096","duration":0.006899414,"request":{"remote_ip":"192.168.2.10","remote_port":"39634","client_ip":"192.168.2.10","proto":"HTTP/2.0","method":"GET","host":"jellyfin.mydomain.net","uri":"/metrics","headers":{"X-Forwarded-Host":["jellyfin.mydomain.net"],"Accept":["application/openmetrics-text;version=1.0.0;q=0.5,application/openmetrics-text;version=0.0.1;q=0.4,text/plain;version=0.0.4;q=0.3,*/*;q=0.2"],"Accept-Encoding":["gzip"],"User-Agent":["Prometheus/2.51.2"],"X-Prometheus-Scrape-Timeout-Seconds":["10"],"Referer":["http://jellyfin.mydomain.net:80/metrics"],"X-Forwarded-For":["192.168.2.10"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"jellyfin.mydomain.net"}},"headers":{"Server":["Kestrel"],"X-Response-Time-Ms":["6.1886"],"Content-Type":["application/openmetrics-text; version=1.0.0; charset=utf-8"],"Date":["Tue, 23 Jul 2024 13:13:03 GMT"]},"status":200}
Jul 23 13:13:04 caddy caddy[138]: {"level":"debug","ts":1721740384.4455743,"logger":"events","msg":"event","name":"tls_get_certificate","id":"48dafbb1-aee9-4c07-ac48-4bb7ea479996","origin":"tls","data":{"client_hello":{"CipherSuites":[4865,4866,4867,49195,49196,49199,49200,49171,49192,156,157,47,53,10],"ServerName":"jellyfin.mydomain.net","SupportedCurves":[29,23,24,25,25497,65074],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537,513,1539],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771,770,769],"RemoteAddr":{"IP":"108.162.250.175","Port":42678,"Zone":""},"LocalAddr":{"IP":"192.168.5.2","Port":443,"Zone":""}}}}
Jul 23 13:13:04 caddy caddy[138]: {"level":"debug","ts":1721740384.445606,"logger":"tls.handshake","msg":"choosing certificate","identifier":"jellyfin.mydomain.net","num_choices":1}
Jul 23 13:13:04 caddy caddy[138]: {"level":"debug","ts":1721740384.4456217,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"jellyfin.mydomain.net","subjects":["jellyfin.mydomain.net"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"0916e2804dfa4fb9bf16957e8239112d1fe6c29a8b079a3b447ea46922823fac"}
Jul 23 13:13:04 caddy caddy[138]: {"level":"debug","ts":1721740384.445629,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"108.162.250.175","remote_port":"42678","subjects":["jellyfin.mydomain.net"],"managed":true,"expiration":1729510838,"hash":"0916e2804dfa4fb9bf16957e8239112d1fe6c29a8b079a3b447ea46922823fac"}
Jul 23 13:13:04 caddy caddy[138]: {"level":"debug","ts":1721740384.4713538,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.5.3:8096","total_upstreams":1}
Jul 23 13:13:05 caddy caddy[138]: {"level":"debug","ts":1721740385.800905,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.5.3:8096","duration":1.329457224,"request":{"remote_ip":"108.162.250.175","remote_port":"42678","client_ip":"108.162.250.175","proto":"HTTP/2.0","method":"GET","host":"jellyfin.mydomain.net","uri":"/videos/bfe1a9fc-717e-4b92-48a3-2eecbe89ce97/hls1/main/-1.mp4?DeviceId=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2fDE3MTk2NzAzNDExMjE1&MediaSourceId=bfe1a9fc717e4b9248a32eecbe89ce97&VideoCodec=av1,hevc,h264,hevc&AudioCodec=aac,opus,flac&AudioStreamIndex=1&VideoBitrate=119616000&AudioBitrate=384000&MaxFramerate=23.976025&PlaySessionId=106020c28fa6468bbfc062feba2ae96c&api_key=a9699fd0d585450389e88bc1af6c667a&TranscodingMaxAudioChannels=2&RequireAvc=false&Tag=39ed73b483b2e5881df559503b3b56d5&SegmentContainer=mp4&MinSegments=1&BreakOnNonKeyFrames=True&hevc-level=150&hevc-videobitdepth=10&hevc-profile=main10&hevc-rangetype=SDR,HDR10,HLG&hevc-deinterlace=true&TranscodeReasons=ContainerNotSupported,%20AudioCodecNotSupported&runtimeTicks=0&actualSegmentLengthTicks=0","headers":{"Cf-Ipcountry":["AU"],"Accept":["*/*"],"Sec-Fetch-Dest":["empty"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"],"Accept-Encoding":["gzip, br"],"Sec-Ch-Ua":["\"Not/A)Brand\";v=\"8\", \"Chromium\";v=\"126\", \"Google Chrome\";v=\"126\""],"Cdn-Loop":["cloudflare"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Fetch-Site":["same-origin"],"Priority":["u=1, i"],"Cf-Connecting-Ip":["138.130.8.127"],"X-Forwarded-For":["108.162.250.175"],"Cf-Ray":["8a7becfa88b8a88e-SYD"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Mode":["cors"],"X-Forwarded-Host":["jellyfin.mydomain.net"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"jellyfin.mydomain.net"}},"headers":{"Server":["Kestrel"],"Accept-Ranges":["bytes"],"Last-Modified":["Tue, 23 Jul 2024 13:13:05 GMT"],"X-Response-Time-Ms":["1328.6833"],"Content-Length":["1428"],"Content-Type":["video/mp4"],"Date":["Tue, 23 Jul 2024 13:13:05 GMT"]},"status":200}
Jul 23 13:13:05 caddy caddy[138]: {"level":"debug","ts":1721740385.8670933,"logger":"events","msg":"event","name":"tls_get_certificate","id":"3b62931f-c851-4003-9449-f6937efec98f","origin":"tls","data":{"client_hello":{"CipherSuites":[4865,4866,4867,49195,49196,49199,49200,49171,49192,156,157,47,53,10],"ServerName":"jellyfin.mydomain.net","SupportedCurves":[29,23,24,25,25497,65074],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537,513,1539],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771,770,769],"RemoteAddr":{"IP":"108.162.250.166","Port":29134,"Zone":""},"LocalAddr":{"IP":"192.168.5.2","Port":443,"Zone":""}}}}
Jul 23 13:13:05 caddy caddy[138]: {"level":"debug","ts":1721740385.867118,"logger":"tls.handshake","msg":"choosing certificate","identifier":"jellyfin.mydomain.net","num_choices":1}
Jul 23 13:13:05 caddy caddy[138]: {"level":"debug","ts":1721740385.8671396,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"jellyfin.mydomain.net","subjects":["jellyfin.mydomain.net"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"0916e2804dfa4fb9bf16957e8239112d1fe6c29a8b079a3b447ea46922823fac"}
Jul 23 13:13:05 caddy caddy[138]: {"level":"debug","ts":1721740385.8671496,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"108.162.250.166","remote_port":"29134","subjects":["jellyfin.mydomain.net"],"managed":true,"expiration":1729510838,"hash":"0916e2804dfa4fb9bf16957e8239112d1fe6c29a8b079a3b447ea46922823fac"}
Jul 23 13:13:05 caddy caddy[138]: {"level":"debug","ts":1721740385.8881183,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.5.3:8096","total_upstreams":1}
3. Caddy version:
4. How I installed and ran Caddy:
a. System environment:
Proxmox LXC container, direct debain install
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
b. Command:
Auto-start with systemctl
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
{
debug
}
# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
jellyfin.mydomain.net {
log {
output file /var/log/caddy/access.log {
roll_size 1gb
roll_keep 5
roll_keep_for 720h
}
}
reverse_proxy 192.168.5.3:8096
}
sub1.mydomain.net {
reverse_proxy 192.168.5.10:5055
}
sub2.mydomain.net {
reverse_proxy 192.168.5.4:3000
}
sub3.mydomain.net {
reverse_proxy 192.168.5.7:80
}
sub4.mydomain.net {
reverse_proxy 192.168.5.6:2283
}
(auth) {
reverse_proxy /outpost.goauthentik.io/* http://192.168.5.5:9000
forward_auth http://192.168.5.5:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
trusted_proxies private_ranges
}
}
sub5.mydomain.net {
reverse_proxy 192.168.5.5:9000
}
sub6.mydomain.net {
reverse_proxy 192.168.5.9:22300
}