Caddy + Pihole + Wireguard

1. Caddy version (caddy version):

v. 2.3.0

2. How I run Caddy:


a. System environment:

Ubuntu 20.04 @ Digital Ocean

b. Command:

systemctl daemon-reload
systemctl enable caddy
systemctl start caddy

systemctl reload caddy

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

caddy fmt : no such file or directory

However, nano /etc/caddy/Caddyfile is the only way to access the file.

# The Caddyfile is an easy way to configure your Caddy web server.
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace the line below with your
# domain name.

# Set this path to your site's directory.
root * /var/www/html

# Enable the static file server.

# Another common task is to set up a reverse proxy: {
  reverse_proxy localhost:1080

# Or serve a PHP site through php-fpm:
# php_fastcgi localhost:9000
php_fastcgi unix//run/php/php7.4-fpm.sock

# Refer to the Caddy docs for more information:

3. The problem I’m having:

I am trying to access the Pihole web UI via https to get it setup, then hope to access Pihole via wireguard.

4. Error messages and/or full log output:

caddy.service - Caddy
Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-02-28 16:23:53 UTC; 1h 0min ago
Docs: Welcome — Caddy Documentation
Process: 15300 ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile (code=exited, status=1/FAILURE)
Main PID: 12890 (caddy)
Tasks: 6 (limit: 1137)
Memory: 10.2M
CGroup: /system.slice/caddy.service
└─12890 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

5. What I already tried:

I have rebuilt the droplet numerous times. After installing Pihole, I am able to access it via http, but once I install Caddy then the only thing I get is the default Caddy file. After that, I can no longer access Pihole and when I try https it tells me that it refused to connect.

Also, after making changes to my Caddyfile, the caddy.service fails.

6. Links to relevant resources:

When you want to serve more than one site, you must wrap each of them with { }, see the docs:

Thanks for getting back to me and for sharing that. So, if I understand it correctly, it should look as follows?

# Set this path to your site's directory. {
  root * /var/www/html

# Another common task is to set up a reverse proxy: {
  reverse_proxy localhost:1080

# Or serve a PHP site through php-fpm:
# php_fastcgi localhost:9000
localhost { php_fastcgi unix//run/php/php7.4-fpm.sock

Is that correct now?

Not quite…

This is sitting on its own, and you’re defining the same site further down, so remove that one.

This site doesn’t do anything, it just defines root but doesn’t serve anything. You’d probably want to add file_server in here.

It doesn’t quite make sense to have both reverse_proxy and file_server in the same site without having a matcher to separate the two. If you plan to serve static files (and not proxy) then you’d need root in this one.

This is not valid syntax, you need a new line after the { so that php_fastcgi is on its own line. You’re also missing root in here.

I get the feeling that you’re not sure what you’re trying to do. What exactly do you want Caddy to do? What site should serve what?

You are absolutely correct. This is the first time that I’ve ever used Caddy. Not to mention, yml files are not my strong side. Additionally, looking at this yet another time, I think I combined things from two different sample yml files, hence the syntax and other issues.

I have Pihole setup on a server on Digital Ocean and am using Wireguard from my home network to VPN all traffic through the Pihole back to my home network. I do this for a couple of different reasons, but they are generally irrelevant to this. The issue I have with this is that despite the secure connection with Wireguard, the Pihole setup does not have an SSL to access the web UI. From what I’ve been able to find in their docs and elsewhere online is to use Caddy to set that up.

If you have any other suggestions, I’m happy to hear them, but thought this seemed relatively easy. :thinking:

Thanks again.

Caddy doesn’t use YML for configuration. You’re using a Caddyfile, which has its own syntax (as described by the link I sent earlier).

So it sounds like all you want is to proxy to the pihole web UI that you’re running (which I assume is listening on port 1080) with Caddy? Then your config probably only needs to look like this: {
	reverse_proxy localhost:1080

You can remove everything else from the Caddyfile.

Yes, it is on 1080.

Apologies for my ignorance.

Today is the first day I have even heard of Caddy and started playing around with it to figure it out.

Thanks for your assistance.

This topic was automatically closed after 30 days. New replies are no longer allowed.