Caddy limiting transfer speeds

SpaceFlier · July 23, 2024, 1:27pm

1. The problem I’m having:

Im hosting a jellyfin server on the same machine as caddy (proxmox lxc) and ive noticed that even while on lan the video stream is buffering way to much. Connecting directly to the jellyfin ip gives me perfect speeds and no buffering, but when i go through caddy i seem limited to 20mbit based on the chrome developer network usage tab and my switch’s logs. The dns record is managed by cloudlfare and i have dns proxying off, pihole is setup as a local dns to send jellyfin.mydomain.net to the caddy local ip, and tracert shows jellyfin.mydomain.net goes straight to my router and then caddy’s local ip. Using iperf3 to test the connection speeds between the machines i got 25gig between jellyfin and caddy, and 1gig between caddy and my pc (as expected from my netowrk setup). There doesnt appear to be anything bottlenecking caddy. htop from the jellyfin server and caddy show minimal CPU usage with no cpu core ever going past around 20%.

2. Error messages and/or full log output:

Jul 23 13:12:51 caddy caddy[138]: {"level":"debug","ts":1721740371.3320642,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.5.3:8096","total_upstreams":1}
Jul 23 13:12:51 caddy caddy[138]: {"level":"debug","ts":1721740371.3337307,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.5.3:8096","duration":0.001627235,"request":{"remote_ip":"172.68.64.200","remote_port":"38928","client_ip":"172.68.64.200","proto":"HTTP/2.0","method":"GET","host":"jellyfin.mydomain.net","uri":"/ScheduledTasks?IsEnabled=true","headers":{"Priority":["u=1, i"],"Sec-Fetch-Mode":["cors"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Site":["same-origin"],"Authorization":["REDACTED"],"X-Forwarded-Host":["jellyfin.mydomain.net"],"Cdn-Loop":["cloudflare"],"X-Forwarded-For":["172.68.64.200"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Ch-Ua":["\"Not/A)Brand\";v=\"8\", \"Chromium\";v=\"126\", \"Google Chrome\";v=\"126\""],"X-Forwarded-Proto":["https"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Cf-Ray":["8a7beca8bb80a88e-SYD"],"Sec-Fetch-Dest":["empty"],"Cf-Ipcountry":["AU"],"Accept-Encoding":["gzip, br"],"Accept":["application/json"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Connecting-Ip":["138.130.8.127"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"jellyfin.mydomain.net"}},"headers":{"Date":["Tue, 23 Jul 2024 13:12:50 GMT"],"Server":["Kestrel"],"X-Response-Time-Ms":["1.0933"],"Content-Length":["0"]},"status":401}
Jul 23 13:12:51 caddy caddy[138]: {"level":"debug","ts":1721740371.596284,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:51 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["3lnD-LBAvtDgkKL9sGeiDBR72krsChyyCbW8KIj_OPmKidm5fE4"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:52 caddy caddy[138]: {"level":"debug","ts":1721740372.1005063,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:51 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["3lnD-LBAQqj2vklttYChClK8zkXQDF9e9nVfKgHOkKFWf4d9bEY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:52 caddy caddy[138]: {"level":"debug","ts":1721740372.5951188,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:52 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["Xhy1Tzt5Nrgbbmv3iId9kKS3A1NFcKjjbSTNk8JNkqyxxAHE08E"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:53 caddy caddy[138]: {"level":"debug","ts":1721740373.0836532,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:52 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["3lnD-LBAXFP7SNvc82iMSMeElSX_9w5oQPRgPFCDPTQIuHvwH00"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:53 caddy caddy[138]: {"level":"debug","ts":1721740373.572321,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:53 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["Xhy1Tzt5VxOYaTUFkuXq-jv1U2tr2uXJ7rG5Qbrp8EWgr0jIvqs"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:54 caddy caddy[138]: {"level":"debug","ts":1721740374.073328,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:53 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["3lnD-LBAZJ6V6cINbvlf46XjUZwRNwlaWgSbGdl3S7LvTFNeOJ0"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:54 caddy caddy[138]: {"level":"debug","ts":1721740374.5602999,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:54 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["Xhy1Tzt5ke91WR6TzccRy_60XhebIM8SVLp5yQXoCkI5uTbCDHU"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:55 caddy caddy[138]: {"level":"debug","ts":1721740375.0505624,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["808"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:54 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["Xhy1Tzt5DcbPwc5uuliXSenvaD0Q1BwI2HyRyofjTVGnhwX3m-Y"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:55 caddy caddy[138]: {"level":"debug","ts":1721740375.5393639,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/380806448147","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["1697003727"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["1199"],"Content-Type":["application/json"],"Date":["Tue, 23 Jul 2024 13:12:55 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["Xhy1Tzt5Pw9JGA_qoCvwdGfq9874e4BGSmaaHpXXLL_wpnvL40Q"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Jul 23 13:12:55 caddy caddy[138]: {"level":"error","ts":1721740375.5396762,"logger":"http.acme_client","msg":"challenge failed","identifier":"spacebase.mydomain.net","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"2606:4700:3030::ac43:9fa3: Invalid response from http://spacebase.mydomain.net/.well-known/acme-challenge/ofilZXzkL5U-YEOpDXbDPzs1XIs5aTCdsvyvRxx4q34: 522","instance":"","subproblems":[]}}
Jul 23 13:12:55 caddy caddy[138]: {"level":"error","ts":1721740375.539717,"logger":"http.acme_client","msg":"validating authorization","identifier":"spacebase.mydomain.net","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"2606:4700:3030::ac43:9fa3: Invalid response from http://spacebase.mydomain.net/.well-known/acme-challenge/ofilZXzkL5U-YEOpDXbDPzs1XIs5aTCdsvyvRxx4q34: 522","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1697003727/289872639127","attempt":2,"max_attempts":3}
Jul 23 13:12:55 caddy caddy[138]: {"level":"error","ts":1721740375.5397532,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"spacebase.mydomain.net","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - 2606:4700:3030::ac43:9fa3: Invalid response from http://spacebase.mydomain.net/.well-known/acme-challenge/ofilZXzkL5U-YEOpDXbDPzs1XIs5aTCdsvyvRxx4q34: 522"}
Jul 23 13:12:55 caddy caddy[138]: {"level":"debug","ts":1721740375.5398319,"logger":"events","msg":"event","name":"cert_failed","id":"209ae035-4be5-4bc8-9565-cfc89791273f","origin":"tls","data":{"error":{},"identifier":"spacebase.mydomain.net","issuers":["acme-v02.api.letsencrypt.org-directory"],"remaining":303320316768634,"renewal":true}}
Jul 23 13:12:55 caddy caddy[138]: {"level":"error","ts":1721740375.5398464,"logger":"tls.renew","msg":"will retry","error":"[spacebase.mydomain.net] Renew: [spacebase.mydomain.net] solving challenge: spacebase.mydomain.net: [spacebase.mydomain.net] authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - 2606:4700:3030::ac43:9fa3: Invalid response from http://spacebase.mydomain.net/.well-known/acme-challenge/ofilZXzkL5U-YEOpDXbDPzs1XIs5aTCdsvyvRxx4q34: 522 (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":43.856875127,"max_duration":2592000}

ate":["Tue, 23 Jul 2024 13:13:02 GMT"],"Server":["Kestrel"],"Access-Control-Allow-Origin":["*"]},"status":200}
Jul 23 13:13:03 caddy caddy[138]: {"level":"debug","ts":1721740383.5876462,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.5.3:8096","total_upstreams":1}
Jul 23 13:13:03 caddy caddy[138]: {"level":"debug","ts":1721740383.5910647,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.5.3:8096","duration":0.00336103,"request":{"remote_ip":"172.68.64.200","remote_port":"38928","client_ip":"172.68.64.200","proto":"HTTP/2.0","method":"GET","host":"jellyfin.mydomain.net","uri":"/videos/bfe1a9fc-717e-4b92-48a3-2eecbe89ce97/master.m3u8?DeviceId=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2fDE3MTk2NzAzNDExMjE1&MediaSourceId=bfe1a9fc717e4b9248a32eecbe89ce97&VideoCodec=av1,hevc,h264,hevc&AudioCodec=aac,opus,flac&AudioStreamIndex=1&VideoBitrate=119616000&AudioBitrate=384000&MaxFramerate=23.976025&PlaySessionId=106020c28fa6468bbfc062feba2ae96c&api_key=a9699fd0d585450389e88bc1af6c667a&TranscodingMaxAudioChannels=2&RequireAvc=false&Tag=39ed73b483b2e5881df559503b3b56d5&SegmentContainer=mp4&MinSegments=1&BreakOnNonKeyFrames=True&hevc-level=150&hevc-videobitdepth=10&hevc-profile=main10&hevc-rangetype=SDR,HDR10,HLG&hevc-deinterlace=true&TranscodeReasons=ContainerNotSupported,%20AudioCodecNotSupported","headers":{"Sec-Fetch-Site":["same-origin"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"],"Sec-Ch-Ua-Platform":["\"Windows\""],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["jellyfin.mydomain.net"],"Cdn-Loop":["cloudflare"],"Cf-Ipcountry":["AU"],"Accept-Encoding":["gzip, br"],"Sec-Ch-Ua-Mobile":["?0"],"Priority":["u=1, i"],"Accept":["*/*"],"Sec-Fetch-Mode":["cors"],"Sec-Ch-Ua":["\"Not/A)Brand\";v=\"8\", \"Chromium\";v=\"126\", \"Google Chrome\";v=\"126\""],"Cf-Ray":["8a7becf55dd1a88e-SYD"],"Sec-Fetch-Dest":["empty"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Connecting-Ip":["138.130.8.127"],"X-Forwarded-For":["172.68.64.200"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"jellyfin.mydomain.net"}},"headers":{"Content-Length":["1902"],"Content-Type":["application/vnd.apple.mpegurl"],"Date":["Tue, 23 Jul 2024 13:13:03 GMT"],"Server":["Kestrel"],"Expires":["0"],"X-Response-Time-Ms":["2.7969"]},"status":200}
Jul 23 13:13:03 caddy caddy[138]: {"level":"debug","ts":1721740383.643174,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.5.3:8096","total_upstreams":1}
Jul 23 13:13:03 caddy caddy[138]: {"level":"debug","ts":1721740383.8763254,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.5.3:8096","duration":0.233042691,"request":{"remote_ip":"172.68.64.200","remote_port":"38928","client_ip":"172.68.64.200","proto":"HTTP/2.0","method":"GET","host":"jellyfin.mydomain.net","uri":"/videos/bfe1a9fc-717e-4b92-48a3-2eecbe89ce97/main.m3u8?DeviceId=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2fDE3MTk2NzAzNDExMjE1&MediaSourceId=bfe1a9fc717e4b9248a32eecbe89ce97&VideoCodec=av1,hevc,h264,hevc&AudioCodec=aac,opus,flac&AudioStreamIndex=1&VideoBitrate=119616000&AudioBitrate=384000&MaxFramerate=23.976025&PlaySessionId=106020c28fa6468bbfc062feba2ae96c&api_key=a9699fd0d585450389e88bc1af6c667a&TranscodingMaxAudioChannels=2&RequireAvc=false&Tag=39ed73b483b2e5881df559503b3b56d5&SegmentContainer=mp4&MinSegments=1&BreakOnNonKeyFrames=True&hevc-level=150&hevc-videobitdepth=10&hevc-profile=main10&hevc-rangetype=SDR,HDR10,HLG&hevc-deinterlace=true&TranscodeReasons=ContainerNotSupported,%20AudioCodecNotSupported","headers":{"Sec-Fetch-Mode":["cors"],"X-Forwarded-Proto":["https"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Accept-Encoding":["gzip, br"],"Sec-Ch-Ua":["\"Not/A)Brand\";v=\"8\", \"Chromium\";v=\"126\", \"Google Chrome\";v=\"126\""],"Sec-Ch-Ua-Platform":["\"Windows\""],"Cf-Ray":["8a7becf5ae00a88e-SYD"],"Accept":["*/*"],"X-Forwarded-For":["172.68.64.200"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Sec-Ch-Ua-Mobile":["?0"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"],"Sec-Fetch-Dest":["empty"],"Cdn-Loop":["cloudflare"],"Sec-Fetch-Site":["same-origin"],"Cf-Connecting-Ip":["138.130.8.127"],"Cf-Ipcountry":["AU"],"Priority":["u=1, i"],"X-Forwarded-Host":["jellyfin.mydomain.net"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"jellyfin.mydomain.net"}},"headers":{"X-Response-Time-Ms":["232.2588"],"Content-Length":["525600"],"Content-Type":["application/vnd.apple.mpegurl"],"Date":["Tue, 23 Jul 2024 13:13:03 GMT"],"Server":["Kestrel"]},"status":200}
Jul 23 13:13:04 caddy caddy[138]: {"level":"debug","ts":1721740384.1808825,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.5.3:8096","total_upstreams":1}
Jul 23 13:13:04 caddy caddy[138]: {"level":"debug","ts":1721740384.1878211,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.5.3:8096","duration":0.006899414,"request":{"remote_ip":"192.168.2.10","remote_port":"39634","client_ip":"192.168.2.10","proto":"HTTP/2.0","method":"GET","host":"jellyfin.mydomain.net","uri":"/metrics","headers":{"X-Forwarded-Host":["jellyfin.mydomain.net"],"Accept":["application/openmetrics-text;version=1.0.0;q=0.5,application/openmetrics-text;version=0.0.1;q=0.4,text/plain;version=0.0.4;q=0.3,*/*;q=0.2"],"Accept-Encoding":["gzip"],"User-Agent":["Prometheus/2.51.2"],"X-Prometheus-Scrape-Timeout-Seconds":["10"],"Referer":["http://jellyfin.mydomain.net:80/metrics"],"X-Forwarded-For":["192.168.2.10"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"jellyfin.mydomain.net"}},"headers":{"Server":["Kestrel"],"X-Response-Time-Ms":["6.1886"],"Content-Type":["application/openmetrics-text; version=1.0.0; charset=utf-8"],"Date":["Tue, 23 Jul 2024 13:13:03 GMT"]},"status":200}
Jul 23 13:13:04 caddy caddy[138]: {"level":"debug","ts":1721740384.4455743,"logger":"events","msg":"event","name":"tls_get_certificate","id":"48dafbb1-aee9-4c07-ac48-4bb7ea479996","origin":"tls","data":{"client_hello":{"CipherSuites":[4865,4866,4867,49195,49196,49199,49200,49171,49192,156,157,47,53,10],"ServerName":"jellyfin.mydomain.net","SupportedCurves":[29,23,24,25,25497,65074],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537,513,1539],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771,770,769],"RemoteAddr":{"IP":"108.162.250.175","Port":42678,"Zone":""},"LocalAddr":{"IP":"192.168.5.2","Port":443,"Zone":""}}}}
Jul 23 13:13:04 caddy caddy[138]: {"level":"debug","ts":1721740384.445606,"logger":"tls.handshake","msg":"choosing certificate","identifier":"jellyfin.mydomain.net","num_choices":1}
Jul 23 13:13:04 caddy caddy[138]: {"level":"debug","ts":1721740384.4456217,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"jellyfin.mydomain.net","subjects":["jellyfin.mydomain.net"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"0916e2804dfa4fb9bf16957e8239112d1fe6c29a8b079a3b447ea46922823fac"}
Jul 23 13:13:04 caddy caddy[138]: {"level":"debug","ts":1721740384.445629,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"108.162.250.175","remote_port":"42678","subjects":["jellyfin.mydomain.net"],"managed":true,"expiration":1729510838,"hash":"0916e2804dfa4fb9bf16957e8239112d1fe6c29a8b079a3b447ea46922823fac"}
Jul 23 13:13:04 caddy caddy[138]: {"level":"debug","ts":1721740384.4713538,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.5.3:8096","total_upstreams":1}
Jul 23 13:13:05 caddy caddy[138]: {"level":"debug","ts":1721740385.800905,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.5.3:8096","duration":1.329457224,"request":{"remote_ip":"108.162.250.175","remote_port":"42678","client_ip":"108.162.250.175","proto":"HTTP/2.0","method":"GET","host":"jellyfin.mydomain.net","uri":"/videos/bfe1a9fc-717e-4b92-48a3-2eecbe89ce97/hls1/main/-1.mp4?DeviceId=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyNi4wLjAuMCBTYWZhcmkvNTM3LjM2fDE3MTk2NzAzNDExMjE1&MediaSourceId=bfe1a9fc717e4b9248a32eecbe89ce97&VideoCodec=av1,hevc,h264,hevc&AudioCodec=aac,opus,flac&AudioStreamIndex=1&VideoBitrate=119616000&AudioBitrate=384000&MaxFramerate=23.976025&PlaySessionId=106020c28fa6468bbfc062feba2ae96c&api_key=a9699fd0d585450389e88bc1af6c667a&TranscodingMaxAudioChannels=2&RequireAvc=false&Tag=39ed73b483b2e5881df559503b3b56d5&SegmentContainer=mp4&MinSegments=1&BreakOnNonKeyFrames=True&hevc-level=150&hevc-videobitdepth=10&hevc-profile=main10&hevc-rangetype=SDR,HDR10,HLG&hevc-deinterlace=true&TranscodeReasons=ContainerNotSupported,%20AudioCodecNotSupported&runtimeTicks=0&actualSegmentLengthTicks=0","headers":{"Cf-Ipcountry":["AU"],"Accept":["*/*"],"Sec-Fetch-Dest":["empty"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"],"Accept-Encoding":["gzip, br"],"Sec-Ch-Ua":["\"Not/A)Brand\";v=\"8\", \"Chromium\";v=\"126\", \"Google Chrome\";v=\"126\""],"Cdn-Loop":["cloudflare"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Fetch-Site":["same-origin"],"Priority":["u=1, i"],"Cf-Connecting-Ip":["138.130.8.127"],"X-Forwarded-For":["108.162.250.175"],"Cf-Ray":["8a7becfa88b8a88e-SYD"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Mode":["cors"],"X-Forwarded-Host":["jellyfin.mydomain.net"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"jellyfin.mydomain.net"}},"headers":{"Server":["Kestrel"],"Accept-Ranges":["bytes"],"Last-Modified":["Tue, 23 Jul 2024 13:13:05 GMT"],"X-Response-Time-Ms":["1328.6833"],"Content-Length":["1428"],"Content-Type":["video/mp4"],"Date":["Tue, 23 Jul 2024 13:13:05 GMT"]},"status":200}
Jul 23 13:13:05 caddy caddy[138]: {"level":"debug","ts":1721740385.8670933,"logger":"events","msg":"event","name":"tls_get_certificate","id":"3b62931f-c851-4003-9449-f6937efec98f","origin":"tls","data":{"client_hello":{"CipherSuites":[4865,4866,4867,49195,49196,49199,49200,49171,49192,156,157,47,53,10],"ServerName":"jellyfin.mydomain.net","SupportedCurves":[29,23,24,25,25497,65074],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537,513,1539],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771,770,769],"RemoteAddr":{"IP":"108.162.250.166","Port":29134,"Zone":""},"LocalAddr":{"IP":"192.168.5.2","Port":443,"Zone":""}}}}
Jul 23 13:13:05 caddy caddy[138]: {"level":"debug","ts":1721740385.867118,"logger":"tls.handshake","msg":"choosing certificate","identifier":"jellyfin.mydomain.net","num_choices":1}
Jul 23 13:13:05 caddy caddy[138]: {"level":"debug","ts":1721740385.8671396,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"jellyfin.mydomain.net","subjects":["jellyfin.mydomain.net"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"0916e2804dfa4fb9bf16957e8239112d1fe6c29a8b079a3b447ea46922823fac"}
Jul 23 13:13:05 caddy caddy[138]: {"level":"debug","ts":1721740385.8671496,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"108.162.250.166","remote_port":"29134","subjects":["jellyfin.mydomain.net"],"managed":true,"expiration":1729510838,"hash":"0916e2804dfa4fb9bf16957e8239112d1fe6c29a8b079a3b447ea46922823fac"}
Jul 23 13:13:05 caddy caddy[138]: {"level":"debug","ts":1721740385.8881183,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.5.3:8096","total_upstreams":1}

3. Caddy version:

4. How I installed and ran Caddy:

a. System environment:

Proxmox LXC container, direct debain install
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=

b. Command:

Auto-start with systemctl

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddy config:

{
        debug
}
# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
jellyfin.mydomain.net {
        log {
                output file /var/log/caddy/access.log {
                        roll_size 1gb
                        roll_keep 5
                        roll_keep_for 720h
                }
        }
        reverse_proxy 192.168.5.3:8096
}
sub1.mydomain.net {
        reverse_proxy 192.168.5.10:5055
}
sub2.mydomain.net {
        reverse_proxy 192.168.5.4:3000
}
sub3.mydomain.net {
        reverse_proxy 192.168.5.7:80
}
sub4.mydomain.net {
        reverse_proxy 192.168.5.6:2283
}
(auth) {
        reverse_proxy /outpost.goauthentik.io/* http://192.168.5.5:9000
        forward_auth http://192.168.5.5:9000 {
                uri /outpost.goauthentik.io/auth/caddy
                copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
                trusted_proxies private_ranges
        }
}

sub5.mydomain.net {
        reverse_proxy 192.168.5.5:9000
}
sub6.mydomain.net {
        reverse_proxy 192.168.5.9:22300
}

Mohammed90 · July 24, 2024, 9:12am

That’s strange. We have many users hosting Jellyfin with Caddy without issues. It makes me wonder if network issue is at play here. Can you try capturing traffic with Wireshark for analysis? You might see “retransmission” or other possible indicators. It could be an issue with the MTU, for example.

SpaceFlier · July 25, 2024, 6:51am

I’m not to well versed in Wireshark, is there any specific steps you want me to follow or a specific set of packets to capture from a filter?

Mohammed90 · August 22, 2024, 9:32am

I honestly not sure how to put it in steps. For me, network troubleshooting is mostly poking at the inspectors and checking for signs of faults, such as “retransmission”. Start by searching for Wireshark tutorials and venture from there.

WereCatf · August 22, 2024, 2:22pm

Do you have Internet streaming bitrate limit set in your Jellyfin settings?

system · September 21, 2024, 2:22pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.