Caddy returning HTTP 502 for specific subdomains

1. Caddy version (caddy version):

v2.4.2 h1:chB106RlsIaY4mVEyq9OQM5g/9lHYVputo/LAX2ndFg=

2. How I run Caddy:

Through Docker for Windows (docker-compose.yml & linux containers), use portainer to easily manage all other containers.

a. System environment:

Windows 10 Pro
Version 10.0.19042 Build 19042
Docker Engine
Version: 20.10.7

b. Command:

docker-compose up -d

c. Service/unit/compose file:

.env

MY_DOMAIN=lssound.design
DOCKER_MY_NETWORK=caddy_net
EMAIL=nate_thomas_95@hotmail.com

docker-compose.yml

version: "3.7"
services:
  caddy:
    image: caddy
    container_name: caddy
    hostname: caddy
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    env_file:
      - ./.env
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - ./data:/data
      - ./config:/config
      - ./html/hello:/var/www/hello
    stdin_open: true  #docker run -i
    tty: true         #docker run -t

d. My complete Caddyfile or JSON config:

# Services on docker
home.{$MY_DOMAIN} {
    reverse_proxy 192.168.0.18:8082
}
office.{$MY_DOMAIN} {
	encode gzip
	@collabora {
		path /loleaflet/*				# Client part of LibreOffice Online 
		path /hosting/discovery			# WOPI discovery url
		path /hosting/capabilities		# Show capabilities as JSON
		path /lool/*					# Main websocket, uploads/downloads, presentations
	}
	reverse_proxy @collabora https://192.168.0.18:9980 {
		transport http {
			tls_insecure_skip_verify
		}
	}
}
cloud.{$MY_DOMAIN} {
	encode gzip
	reverse_proxy 192.168.0.18:8143
	header {
		Strict-Transport-Security max-age=31536000;
	}
	redir /.well-known/carddav /remote.php/carddav 301
	redir /.well-known/caldav /remote.php/caldav 301
}
ombi.{$MY_DOMAIN} {
    reverse_proxy 192.168.0.18:3579
}
vaultwarden.{$MY_DOMAIN} {
	# Uncomment this if you want to get a cert via ACME (Let's Encrypt or ZeroSSL).
	tls {$EMAIL}
	# This setting may have compatibility issues with some browsers
	# (e.g., attachment downloading on Firefox). Try disabling this
	# if you encounter issues.
	encode gzip
	# Notifications redirected to the websockets server
	reverse_proxy /notifications/hub 192.168.0.18:3012
	# Proxy everything else to Rocket
	reverse_proxy 192.168.0.18:8800 {
	   # Send the true remote IP to Rocket, so that vaultwarden can put this in the
	   # log, so that fail2ban can ban the correct IP.
	   header_up X-Real-IP {remote_host}
	}
}
portainer.{$MY_DOMAIN} {
    reverse_proxy 192.168.0.18:9000
}

# Services not on docker
sonarr.{$MY_DOMAIN} {
    reverse_proxy 192.168.0.18:8989
}
radarr.{$MY_DOMAIN} {
    reverse_proxy 192.168.0.18:7878
}
hello.lssound.design {
	root * /var/www/hello
	encode zstd gzip
	templates
	file_server {
		index caddy.html
	}
}

3. The problem I’m having:

Working subdomains - (HTTP 200 and page resolves)
office hello
Non-Working Subdomains - (HTTP 502 and page eventually times out)
cloud ombi vaultwarden portainer sonarr radarr
Trying to access my subdomains like I usually would (at home on Chrome Browser)
After about 5-30 seconds the browser throws a 502 error whenever I attempt to access them.

4. Error messages and/or full log output:

Caddy logs (last 250 lines): 2021/08/06 07:21:01.690 INFO using provided configuration {"config_file": "/et - Pastebin.com

5. What I already tried:

Restarted the Caddy docker container.
Restarted Windows 10.
Re-wrote the caddyfile
Re-created the docker container from scratch.
Set up a new subdomain in the caddyfile then re-started the docker container:
Caddyfile

test.lssound.design{
	respond "It works!"
}

Which works using curl -v and in-browser.

6. Links to relevant resources:

Please upgrade to v2.4.3, there’s some important bug fixes in that release.

A 502 just means that Caddy cannot reach your upstream apps. Make sure you’re using the right address to connect to them, and that they’re properly running. Make sure there’s no firewall preventing outbound access on those ports.

Thankyou for the reply, I have updated to 2.4.3 successfully.
However the issue still remains, I have double checked that the ports 80 and 443 for HTTP and HTTPS are visible on canyouseeme.org so caddy can get the certificates.
Checking via local IP address and ports for each of the services comes up with their respective webpages for each of the services too.
I’ve also checked the server firewall with nothing conflicting or blocking these ports, I’ll double check incase I’ve missed anything.
The router’s firewall has nothing defined either.

Thanks again for looking into it! Let me know if there is anything you want me to do and I’ll reply with any further logs

I’m not sure there’s anything else I can suggest. A 502 means a connection problem between Caddy and the upstream, not a problem with Caddy itself.

Ways to “debug” issues should be suggested / referenced. It’s not specific to Caddy, but the author of the topic needs to step-by-step make sure that the problem is with the endpoint Caddy is trying to connect to.

Btw, I looked at the logs pastebin, and I have no idea how to read it, it’s a mess of json and text and no identation.

Could you suggest a tool that you can feed such a log into and get a nice online HTML or any other readable output that can be opened via a URL. It’s not productive to try to help someone without suggesting tools to share logs in a readable way.

Sorry about that - I’ve formatted the logs appropriately now (https://jsonformatter.curiousconcept.com)
This is all the logs from the last hour or so. I know it is long but I want to provide as much information as possible.

{
   "level":"info",
   "ts":1628321681.392912,
   "msg":"using provided configuration",
   "config_file":"/etc/caddy/Caddyfile",
   "config_adapter":"caddyfile"
}{
   "level":"info",
   "ts":1628321681.3970284,
   "logger":"admin",
   "msg":"admin endpoint started",
   "address":"tcp/localhost:2019",
   "enforce_origin":false,
   "origins":[
      "127.0.0.1:2019",
      "localhost:2019",
      "[::1]:2019"
   ]
}{
   "level":"info",
   "ts":1628321681.397284,
   "logger":"http",
   "msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS",
   "server_name":"srv0",
   "https_port":443
}{
   "level":"info",
   "ts":1628321681.3973403,
   "logger":"http",
   "msg":"enabling automatic HTTP->HTTPS redirects",
   "server_name":"srv0"
}{
   "level":"info",
   "ts":1628321681.3972893,
   "logger":"tls.cache.maintenance",
   "msg":"started background certificate maintenance",
   "cache":"0xc0000c07e0"
}{
   "level":"info",
   "ts":1628321681.3982368,
   "logger":"http",
   "msg":"enabling automatic TLS certificate management",
   "domains":[
      "portainer.lssound.design",
      "office.lssound.design",
      "sonarr.lssound.design",
      "radarr.lssound.design",
      "cloud.lssound.design",
      "home.lssound.design",
      "ombi.lssound.design",
      "vaultwarden.lssound.design"
   ]
}{
   "level":"info",
   "ts":1628321681.3983011,
   "logger":"tls",
   "msg":"cleaning storage unit",
   "description":"FileStorage:/data/caddy"
}{
   "level":"info",
   "ts":1628321681.476313,
   "msg":"autosaved config (load with --resume flag)",
   "file":"/config/caddy/autosave.json"
}{
   "level":"info",
   "ts":1628321681.4763575,
   "msg":"serving initial configuration"
}{
   "level":"info",
   "ts":1628321681.5916421,
   "logger":"tls",
   "msg":"finished cleaning storage units"
}{
   "level":"error",
   "ts":1628321722.5049956,
   "logger":"http.log.error.log0",
   "msg":"dial tcp 192.168.0.18:8800: i/o timeout",
   "request":{
      "remote_addr":"192.168.32.1:50998",
      "proto":"HTTP/2.0",
      "method":"POST",
      "host":"vaultwarden.lssound.design",
      "uri":"/identity/connect/token",
      "headers":{
         "Sec-Fetch-Site":[
            "cross-site"
         ],
         "Sec-Fetch-Mode":[
            "cors"
         ],
         "Accept-Encoding":[
            "gzip, deflate, br"
         ],
         "Accept-Language":[
            "en-GB"
         ],
         "Content-Length":[
            "151"
         ],
         "Accept":[
            "application/json"
         ],
         "Device-Type":[
            "6"
         ],
         "User-Agent":[
            "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
         ],
         "Content-Type":[
            "application/x-www-form-urlencoded; charset=utf-8"
         ],
         "Sec-Fetch-Dest":[
            "empty"
         ]
      },
      "tls":{
         "resumed":false,
         "version":772,
         "cipher_suite":4865,
         "proto":"h2",
         "proto_mutual":true,
         "server_name":"vaultwarden.lssound.design"
      }
   },
   "duration":10.0093512,
   "status":502,
   "err_id":"cyvskr34k",
   "err_trace":"reverseproxy.statusError (reverseproxy.go:857)"
}{
   "level":"error",
   "ts":1628321736.7876713,
   "logger":"http.log.error",
   "msg":"dial tcp 192.168.0.18:3579: i/o timeout",
   "request":{
      "remote_addr":"192.168.32.1:51024",
      "proto":"HTTP/2.0",
      "method":"GET",
      "host":"ombi.lssound.design",
      "uri":"/",
      "headers":{
         "Cache-Control":[
            "no-cache"
         ],
         "Upgrade-Insecure-Requests":[
            "1"
         ],
         "User-Agent":[
            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.71 Safari/537.36"
         ],
         "Accept-Language":[
            "en-US,en;q=0.9"
         ],
         "Accept":[
            "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"
         ],
         "Sec-Fetch-Site":[
            "none"
         ],
         "Accept-Encoding":[
            "gzip, deflate, br"
         ],
         "Pragma":[
            "no-cache"
         ]
      },
      "tls":{
         "resumed":false,
         "version":772,
         "cipher_suite":4865,
         "proto":"h2",
         "proto_mutual":true,
         "server_name":"ombi.lssound.design"
      }
   },
   "duration":10.0098259,
   "status":502,
   "err_id":"uk4k02e5r",
   "err_trace":"reverseproxy.statusError (reverseproxy.go:857)"
}{
   "level":"error",
   "ts":1628321766.681049,
   "logger":"http.log.error.log0",
   "msg":"dial tcp 192.168.0.18:8800: i/o timeout",
   "request":{
      "remote_addr":"192.168.32.1:51042",
      "proto":"HTTP/2.0",
      "method":"POST",
      "host":"vaultwarden.lssound.design",
      "uri":"/identity/connect/token",
      "headers":{
         "Accept":[
            "application/json"
         ],
         "Device-Type":[
            "2"
         ],
         "Sec-Fetch-Dest":[
            "empty"
         ],
         "Accept-Encoding":[
            "gzip, deflate, br"
         ],
         "Sec-Ch-Ua-Mobile":[
            "?0"
         ],
         "User-Agent":[
            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
         ],
         "Content-Type":[
            "application/x-www-form-urlencoded; charset=utf-8"
         ],
         "Origin":[
            "chrome-extension://nngceckbapebfimnlniiiahkandclblb"
         ],
         "Content-Length":[
            "151"
         ],
         "Dnt":[
            "1"
         ],
         "Sec-Ch-Ua":[
            "\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"92\""
         ],
         "Sec-Fetch-Site":[
            "none"
         ],
         "Sec-Fetch-Mode":[
            "cors"
         ],
         "Accept-Language":[
            "en-US,en;q=0.9"
         ]
      },
      "tls":{
         "resumed":false,
         "version":772,
         "cipher_suite":4865,
         "proto":"h2",
         "proto_mutual":true,
         "server_name":"vaultwarden.lssound.design"
      }
   },
   "duration":10.010017,
   "status":502,
   "err_id":"nw4u2859w",
   "err_trace":"reverseproxy.statusError (reverseproxy.go:857)"
}{
   "level":"error",
   "ts":1628321816.9797835,
   "logger":"http.log.error",
   "msg":"dial tcp 192.168.0.18:8082: i/o timeout",
   "request":{
      "remote_addr":"192.168.32.1:51054",
      "proto":"HTTP/2.0",
      "method":"GET",
      "host":"home.lssound.design",
      "uri":"/service-worker.js",
      "headers":{
         "Referer":[
            "https://home.lssound.design/service-worker.js"
         ],
         "User-Agent":[
            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
         ],
         "Accept-Encoding":[
            "gzip, deflate, br"
         ],
         "Accept-Language":[
            "en-US,en;q=0.9"
         ],
         "Accept":[
            "*/*"
         ],
         "Sec-Fetch-Mode":[
            "same-origin"
         ],
         "Sec-Fetch-Dest":[
            "serviceworker"
         ],
         "Sec-Fetch-Site":[
            "same-origin"
         ],
         "Cache-Control":[
            "max-age=0"
         ],
         "Dnt":[
            "1"
         ],
         "Service-Worker":[
            "script"
         ]
      },
      "tls":{
         "resumed":false,
         "version":772,
         "cipher_suite":4865,
         "proto":"h2",
         "proto_mutual":true,
         "server_name":"home.lssound.design"
      }
   },
   "duration":10.0009549,
   "status":502,
   "err_id":"er0hcpmh0",
   "err_trace":"reverseproxy.statusError (reverseproxy.go:857)"
}{
   "level":"error",
   "ts":1628321973.4177878,
   "logger":"http.log.error",
   "msg":"dial tcp 192.168.0.18:8082: i/o timeout",
   "request":{
      "remote_addr":"192.168.32.1:51054",
      "proto":"HTTP/2.0",
      "method":"GET",
      "host":"home.lssound.design",
      "uri":"/service-worker.js",
      "headers":{
         "Cache-Control":[
            "max-age=0"
         ],
         "Dnt":[
            "1"
         ],
         "Sec-Fetch-Site":[
            "same-origin"
         ],
         "Sec-Fetch-Mode":[
            "same-origin"
         ],
         "User-Agent":[
            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
         ],
         "Accept-Encoding":[
            "gzip, deflate, br"
         ],
         "Accept":[
            "*/*"
         ],
         "Service-Worker":[
            "script"
         ],
         "Sec-Fetch-Dest":[
            "serviceworker"
         ],
         "Referer":[
            "https://home.lssound.design/service-worker.js"
         ],
         "Accept-Language":[
            "en-US,en;q=0.9"
         ]
      },
      "tls":{
         "resumed":false,
         "version":772,
         "cipher_suite":4865,
         "proto":"h2",
         "proto_mutual":true,
         "server_name":"home.lssound.design"
      }
   },
   "duration":10.0002829,
   "status":502,
   "err_id":"h9xfdf4pj",
   "err_trace":"reverseproxy.statusError (reverseproxy.go:857)"
}{
   "level":"error",
   "ts":1628321980.291709,
   "logger":"http.log.error",
   "msg":"dial tcp 192.168.0.18:8082: i/o timeout",
   "request":{
      "remote_addr":"192.168.32.1:51054",
      "proto":"HTTP/2.0",
      "method":"HEAD",
      "host":"home.lssound.design",
      "uri":"/?alive",
      "headers":{
         "Sec-Ch-Ua-Mobile":[
            "?0"
         ],
         "User-Agent":[
            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
         ],
         "Sec-Fetch-Mode":[
            "cors"
         ],
         "Accept-Encoding":[
            "gzip, deflate, br"
         ],
         "Sec-Ch-Ua":[
            "\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"92\""
         ],
         "Dnt":[
            "1"
         ],
         "Accept":[
            "*/*"
         ],
         "Sec-Fetch-Site":[
            "same-origin"
         ],
         "Sec-Fetch-Dest":[
            "empty"
         ],
         "Referer":[
            "https://home.lssound.design/"
         ],
         "Accept-Language":[
            "en-US,en;q=0.9"
         ]
      },
      "tls":{
         "resumed":false,
         "version":772,
         "cipher_suite":4865,
         "proto":"h2",
         "proto_mutual":true,
         "server_name":"home.lssound.design"
      }
   },
   "duration":10.0065355,
   "status":502,
   "err_id":"y3gtgn28c",
   "err_trace":"reverseproxy.statusError (reverseproxy.go:857)"
}{
   "level":"error",
   "ts":1628321980.4049711,
   "logger":"http.log.error.log0",
   "msg":"dial tcp 192.168.0.18:8800: i/o timeout",
   "request":{
      "remote_addr":"192.168.32.1:51042",
      "proto":"HTTP/2.0",
      "method":"GET",
      "host":"vaultwarden.lssound.design",
      "uri":"/",
      "headers":{
         "Accept-Encoding":[
            "gzip, deflate, br"
         ],
         "User-Agent":[
            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
         ],
         "Sec-Fetch-Site":[
            "none"
         ],
         "Sec-Fetch-Mode":[
            "navigate"
         ],
         "Sec-Fetch-User":[
            "?1"
         ],
         "Sec-Fetch-Dest":[
            "document"
         ],
         "Sec-Ch-Ua":[
            "\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"92\""
         ],
         "Sec-Ch-Ua-Mobile":[
            "?0"
         ],
         "Dnt":[
            "1"
         ],
         "Upgrade-Insecure-Requests":[
            "1"
         ],
         "Accept":[
            "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
         ],
         "Accept-Language":[
            "en-US,en;q=0.9"
         ]
      },
      "tls":{
         "resumed":false,
         "version":772,
         "cipher_suite":4865,
         "proto":"h2",
         "proto_mutual":true,
         "server_name":"vaultwarden.lssound.design"
      }
   },
   "duration":10.0005903,
   "status":502,
   "err_id":"ghfip0znt",
   "err_trace":"reverseproxy.statusError (reverseproxy.go:857)"
}""{
   "level":"error",
   "ts":1628322150.3617876,
   "logger":"http.log.error",
   "msg":"dial tcp 192.168.0.18:8989: i/o timeout",
   "request":{
      "remote_addr":"192.168.32.1:51304",
      "proto":"HTTP/1.1",
      "method":"GET",
      "host":"sonarr.lssound.design",
      "uri":"/feed/calendar/Sonarr.ics?apikey=9994427c03cc46479151e0be3869d6ce",
      "headers":{
         "If-None-Match":[
            "\"6103ac6e-b0cc\""
         ],
         "Accept":[
            "text/calendar"
         ],
         "User-Agent":[
            "macOS/11.4 (20F71) CalendarAgent/954"
         ],
         "Accept-Language":[
            "en-au"
         ],
         "Accept-Encoding":[
            "gzip, deflate, br"
         ],
         "Connection":[
            "keep-alive"
         ]
      },
      "tls":{
         "resumed":false,
         "version":772,
         "cipher_suite":4865,
         "proto":"http/1.1",
         "proto_mutual":true,
         "server_name":"sonarr.lssound.design"
      }
   },
   "duration":10.0092347,
   "status":502,
   "err_id":"ddp60vnet",
   "err_trace":"reverseproxy.statusError (reverseproxy.go:857)"
}

Like I said earlier, this just means that Caddy isn’t able to connect to the upstream. There’s nothing else that Caddy could log that would further help here.

From Caddy’s perspective, all it knows is that it tried to establish a connection and it never completed cause it never heard a response from the other end.

You’ll have to take a look at each piece of your networking environment between Caddy and the machine with that IP to figure out what in the chain is preventing the connection.

Thankyou for the help!

I fired up a test instance of caddy on my other desktop (StudioPC) and pointed ports 80 and 443 to the StudioPC (Caddyfile is the same as the ServerPC).
This worked!

Now my websites are fixed for the time being until I can investigate further as to why the ServerPC won’t allow outgoing or incoming ports 80 or 443. I have checked the firewall in Windows and nothing seems to be popping out as being the issue but it has lead me in the right direction at least.

Thankyou for taking the time to look into it even though it was no issue on Caddy’s end.

I will update further when/if I find anything in-case others need guidance with their own setups as it seems it will be a windows-specific issue.

A little bit of an update, did a little bit of digging and it looks like something is completely wrong with my setup.
I’ve attempted various fixes;
Checking the Windows Firewall (Docker for Windows Container are not reachable outside host anymore · Issue #4391 · docker/for-win · GitHub)
Hard reset of the router (re-entering port forwarding and settings) & double checking that ports 80 and 443 are forwarded.

I was messing around with caddy and found out that I cannot ping my servers’ local address within the caddy container which leads me to believe that it is something still to do with my PC but running out of options at the moment.

Still looking into what may be causing it but any ideas would be useful. Thanks!

Further Update.
Backed up my docker containers and decided to go Re-set docker which wiped my docker containers (made sure to back them up first!)
New files are as follows - some small changes to clean up the formatting and a test subdomain;
If I had to make an assumption it would probably be resetting Docker Desktop helped a little bit but not entirely sure.

Thankyou again for looking into it and I will mark it as solved for this post as this may help others if they are having similar issues.
docker-compose.yml

version: "3.7"

services:
  caddy:
    image: caddy:latest
    restart: unless-stopped
    container_name: "caddy"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./sites/hello:/srv/hello
      - caddy_data:/data
      - caddy_config:/config

volumes: 
  caddy_data:
    external: true
  caddy_config:

Caddyfile

test.lssound.design {
	handle_errors {
	respond "{http.error.status_code} {http.error.status_text}"
	}
	# handle_errors {
	# 	rewrite * /{http.error.status_code}
	# 	reverse_proxy https://http.cat {
	# 		header_up Host http.cat
	# 	}
	# }
}
home.lssound.design {
	reverse_proxy 192.168.0.18:8080
}
office.lssound.design {
	encode gzip
	@collabora {
		path /loleaflet/* # Client part of LibreOffice Online 
		path /hosting/discovery # WOPI discovery url
		path /hosting/capabilities # Show capabilities as JSON
		path /lool/* # Main websocket, uploads/downloads, presentations
	}
	reverse_proxy @collabora https://192.168.0.18:9980 {
		transport http {
			tls_insecure_skip_verify
		}
	}
}
cloud.lssound.design {
	encode gzip
	reverse_proxy 192.168.0.18:8143
	header {
		Strict-Transport-Security max-age=31536000;
	}
	redir /.well-known/carddav /remote.php/carddav 301
	redir /.well-known/caldav /remote.php/caldav 301
}
ombi.lssound.design {
	reverse_proxy 192.168.0.18:3579
}
vaultwarden.lssound.design:443 {
	# Uncomment this if you want to get a cert via ACME (Let's Encrypt or ZeroSSL).
	tls nate_thomas_95@hotmail.com

	# This setting may have compatibility issues with some browsers
	# (e.g., attachment downloading on Firefox). Try disabling this
	# if you encounter issues.
	encode gzip

	# Notifications redirected to the websockets server
	reverse_proxy /notifications/hub 192.168.0.18:3012

	# Proxy everything else to Rocket
	reverse_proxy 192.168.0.18:8800 {
		# Send the true remote IP to Rocket, so that vaultwarden can put this in the
		# log, so that fail2ban can ban the correct IP.
		header_up X-Real-IP {remote_host}
	}
}
portainer.lssound.design {
	reverse_proxy 192.168.0.18:9000
}

# Services not on docker
sonarr.lssound.design {
	reverse_proxy 192.168.0.18:8989
}
radarr.lssound.design {
	reverse_proxy 192.168.0.18:7878
}
hello.lssound.design {
	root * /srv/hello
	encode zstd gzip
	templates
	file_server {
		index caddy.html
	}
}

This topic was automatically closed after 30 days. New replies are no longer allowed.