Caddy reverse proxy without tls

J_K · December 3, 2022, 9:33am

1. Output of `caddy version`:

v2.6.2

2. How I run Caddy:

a. System environment:

I install Caddy in a VM with Debian 11 using 192.168.1.22. Run caddy with systemd.
I owned a domain “custom_domain.tld” with porkbun (DNS registrar) and cloudflare as DNS hosting.
Have a internal DNS pihole running with 192.168.1.20. Everything nameserver is pointing to the DNS.
My home ISP is CGNAT.

b. Command:

sudo systemctl restart caddy

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
AssertFileIsExecutable=/usr/bin/caddy
AssertPathExists=/etc/caddy/Caddyfile

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddy config:

{
        skip_install_trust
        log
        debug
}

(localTLS) {
        tls internal {
                on_demand
        }
}

(localHostOnly) {
        @localHostOnly {
                remote_ip forwarded 127.0.0.1
        }
}

(localSubnets) {
        @localSubnets {
                remote_ip forwarded 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
        }
}

https://dashy.custom_domain.tld {
        import localSubnets
        import localTLS
        reverse_proxy https://192.168.1.7:8006 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

https://jumpy.custom_domain.tld {
        import localSubnets
        import localTLS
        reverse_proxy https://192.168.1.5:8006 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

https://pfsense.custom_domain.tld {
        import localSubnets
        import localTLS
        reverse_proxy http://192.168.1.1
}

https://truenas.custom_domain.tld {
        import localSubnets
        import localTLS
        reverse_proxy http://192.168.1.10
}

https://pihole.custom_domain.tld {
        import localSubnets
        import localTLS
        reverse_proxy http://192.168.1.20
        encode zstd gzip
}

custom name: dashy, jumpy - proxmox
other name is exact service

3. The problem I’m having:

Internal DNS is working but reverse proxy is not. I access the domain (https://dashy.custom_domain.tld) to access my proxmox, log doesn’t have any information from journalctl and pfsense (router). I’m not touching SSL certificate yet with the Caddyfile based on what I read in documentation and the blog ( Advanced Caddy Options :: Guru Computing Blog)…

4. Error messages and/or full log output:

Dec 03 17:09:41 connecttest systemd[1]: Stopped Caddy.
Dec 03 17:09:41 connecttest systemd[1]: Starting Caddy...
Dec 03 17:09:41 connecttest caddy[19042]: caddy.HomeDir=/var/lib/caddy
Dec 03 17:09:41 connecttest caddy[19042]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Dec 03 17:09:41 connecttest caddy[19042]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Dec 03 17:09:41 connecttest caddy[19042]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Dec 03 17:09:41 connecttest caddy[19042]: caddy.Version=v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
Dec 03 17:09:41 connecttest caddy[19042]: runtime.GOOS=linux
Dec 03 17:09:41 connecttest caddy[19042]: runtime.GOARCH=amd64
Dec 03 17:09:41 connecttest caddy[19042]: runtime.Compiler=gc
Dec 03 17:09:41 connecttest caddy[19042]: runtime.NumCPU=3
Dec 03 17:09:41 connecttest caddy[19042]: runtime.GOMAXPROCS=3
Dec 03 17:09:41 connecttest caddy[19042]: runtime.Version=go1.19.2
Dec 03 17:09:41 connecttest caddy[19042]: os.Getwd=/
Dec 03 17:09:41 connecttest caddy[19042]: LANG=en_US.UTF-8
Dec 03 17:09:41 connecttest caddy[19042]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Dec 03 17:09:41 connecttest caddy[19042]: NOTIFY_SOCKET=/run/systemd/notify
Dec 03 17:09:41 connecttest caddy[19042]: HOME=/var/lib/caddy
Dec 03 17:09:41 connecttest caddy[19042]: LOGNAME=caddy
Dec 03 17:09:41 connecttest caddy[19042]: USER=caddy
Dec 03 17:09:41 connecttest caddy[19042]: INVOCATION_ID=64f2ba11250f44389aa9eaf98c6b4ccd
Dec 03 17:09:41 connecttest caddy[19042]: JOURNAL_STREAM=8:92222
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"info","ts":1670058581.9877987,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"warn","ts":1670058581.988877,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"info","ts":1670058581.989648,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"info","ts":1670058581.9898903,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0000e8d90"}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"info","ts":1670058581.9900846,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"info","ts":1670058581.990101,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"info","ts":1670058581.9904752,"logger":"pki.ca.local","msg":"root certificate trust store installation disabled; unconfigured clients may show warnings","path":"storage:pki/authorities/local/root.crt"}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"warn","ts":1670058581.9905403,"logger":"tls","msg":"YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place","docs":"https://caddyserver.com/docs/automatic-https#on-demand-tls"}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"info","ts":1670058581.9906244,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"info","ts":1670058581.9910107,"logger":"tls","msg":"finished cleaning storage units"}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"debug","ts":1670058581.9910572,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"info","ts":1670058581.9910705,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"info","ts":1670058581.991088,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"debug","ts":1670058581.9912093,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"info","ts":1670058581.9912205,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"info","ts":1670058581.991224,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["jumpy.custom_domain.tld","pfsense.custom_domain.tld","truenas.custom_domain.tld","pihole.custom_domain.tld","dashy.custom_domain.tld"]}
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"info","ts":1670058581.9914203,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Dec 03 17:09:41 connecttest systemd[1]: Started Caddy.
Dec 03 17:09:41 connecttest caddy[19042]: {"level":"info","ts":1670058581.9931724,"msg":"serving initial configuration"}

5. What I already tried:

I troubleshoot for few hours and didn’t get this work. Every config is looking fine and there is no specific log tell that I’m connected to the domain url. This troubleshooting is making me trouble…

I still didn’t touch the section of request certificate using ACME or cloudflare DNS provider.

Not related…
I tried Nginx Proxy Manager to generate certificate and create a proxy host with Cloudflare A record, I also cannot access proxy host. Does my networking get restricted?

6. Links to relevant resources:

I’m following this guide but I’m using virtual machine. The guide is simple to read and step by step but I cannot achieve until reverse proxy…
Did everything before “Advanced Caddy Options”, and working fine
Advanced Caddy Options :: Guru Computing Blog

emilylange · December 3, 2022, 10:45am

The log option in the global options are for Caddy runtime logs, not access logs of your vhosts/server blocks.
For those, you need to use the log directive within the vhost/server block you want to log.

E.g.

https://truenas.custom_domain.tld {
	import localSubnets
	import localTLS
	log
	reverse_proxy http://192.168.1.10
}

Also, can you please share the output of curl -vL truenas.custom_domain.tld (or some other subdomain you are having issues with)?

J_K · December 3, 2022, 3:44pm

I added the log directive parameter, where can I see the log? I execute this command to run instead of systemd (suppose same outcome)

/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

Below is the log of curl -vL truenas.custom_domain.tld. They seem like not going through reverse proxy but only translating the general DNS to IP.

Just FYI, based on curl command, I observe truenas, pfsense, proxmox (truenas has nginx running, pfsense has nothing running, proxmox default listening https + 8006 only)

NETWORKING AND REVERSE PROXY IS SO HARD FOR ME D:

From caddy server to [truenas] (http://truenas.custom_domain.tld/)
From other virtual machine to truenas http://truenas.custom_domain.tld/

*   Trying 192.168.1.10:80...
* Connected to truenas.custom_domain.tld (192.168.1.10) port 80 (#0)
> GET / HTTP/1.1
> Host: truenas.custom_domain.tld
> User-Agent: curl/7.74.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Moved Temporarily
< Server: nginx
< Date: Sat, 03 Dec 2022 15:25:14 GMT
< Content-Type: text/html
< Content-Length: 138
< Connection: keep-alive
< Location: http://truenas.custom_domain.tld/ui/
< Strict-Transport-Security: max-age=0; includeSubDomains; preload
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
< Referrer-Policy: strict-origin
< X-Frame-Options: SAMEORIGIN
<
* Ignoring the response-body
* Connection #0 to host truenas.custom_domain.tld left intact
* Issue another request to this URL: 'http://truenas.custom_domain.tld/ui/'
* Found bundle for host truenas.custom_domain.tld: 0x559f353a99d0 [serially]
* Can not multiplex, even if we wanted to!
* Re-using existing connection! (#0) with host truenas.custom_domain.tld
* Connected to truenas.custom_domain.tld (192.168.1.10) port 80 (#0)
> GET /ui/ HTTP/1.1
> Host: truenas.custom_domain.tld
> User-Agent: curl/7.74.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx
< Date: Sat, 03 Dec 2022 15:25:14 GMT
< Content-Type: text/html
< Content-Length: 6883
< Last-Modified: Mon, 08 Aug 2022 17:27:36 GMT
< Connection: keep-alive
< Etag: TrueNAS-SCALE-22.02.3
< Cache-Control: must-revalidate
< Strict-Transport-Security: max-age=0; includeSubDomains; preload
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
< Referrer-Policy: strict-origin
< X-Frame-Options: SAMEORIGIN
< Accept-Ranges: bytes
<
<!DOCTYPE html><html lang="en"><head>
  <meta charset="utf-8">
  <meta http-equiv="Pragma" content="no-cache">
  <meta http-equiv="Expires" content="-1">
  <meta http-equiv="CACHE-CONTROL" content="NO-CACHE">
  <script nomodule src="assets/scripts/ie-support/ie-polyfills.min.js"></script>
  <title id="main-page-title"></title>
  <base href="/ui/">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="apple-touch-icon" sizes="120x120" href="assets/favicons/apple-touch-icon.png">
  <link rel="icon" type="image/png" sizes="32x32" href="assets/favicons/favicon-32x32.png">
  <link rel="icon" type="image/png" sizes="16x16" href="assets/favicons/favicon-16x16.png">
  <link rel="manifest" href="assets/favicons/site.webmanifest">
  <link rel="mask-icon" href="assets/favicons/safari-pinned-tab.svg" color="#000000">
  <link rel="shortcut icon" href="assets/favicons/favicon.ico">
  <meta name="msapplication-TileColor" content="#2d89ef">
  <meta name="msapplication-config" content="assets/favicons/browserconfig.xml">
  <meta name="theme-color" content="#ffffff">
  <link href="assets/iconfont/material-icons.css" rel="stylesheet" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="assets/iconfont/material-icons.css"></noscript>
  <link href="assets/iconfont/mdi/css/materialdesignicons.min.css" rel="stylesheet" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="assets/iconfont/mdi/css/materialdesignicons.min.css"></noscript>
  <link href="assets/iconfont/primeicons/primeicons.css" rel="stylesheet" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="assets/iconfont/primeicons/primeicons.css"></noscript>
<style>@font-face{font-display:swap;font-family:Roboto;font-style:italic;font-weight:100;src:local("Roboto Thin Italic"),local("Roboto-ThinItalic"),url(Roboto-ThinItalic.53496aed2032f7a0bcbd.ttf) format("truetype")}@font-face{font-display:swap;font-family:Roboto;font-style:italic;font-weight:300;src:local("Roboto Light Italic"),local("Roboto-LightItalic"),url(Roboto-LightItalic.e53d1fb66605bf6cbc4b.ttf) format("truetype")}@font-face{font-display:swap;font-family:Roboto;font-style:italic;font-weight:400;src:local("Roboto Italic"),local("Roboto-Italic"),url(Roboto-Italic.7b9923bbf8996da54770.ttf) format("truetype")}@font-face{font-display:swap;font-family:Roboto;font-style:italic;font-weight:500;src:local("Roboto Medium Italic"),local("Roboto-MediumItalic"),url(Roboto-MediumItalic.ed9fbccb5bb0c1acf86c.ttf) format("truetype")}@font-face{font-display:swap;font-family:Roboto;font-style:italic;font-weight:700;src:local("Roboto Bold Italic"),local("Roboto-BoldItalic"),url(Roboto-BoldItalic.d17b86957cee6a280e7a.ttf) format("truetype")}@font-face{font-display:swap;font-family:Roboto;font-style:italic;font-weight:900;src:local("Roboto Black Italic"),local("Roboto-BlackItalic"),url(Roboto-BlackItalic.7336356dcbed62c84515.ttf) format("truetype")}@font-face{font-display:swap;font-family:Roboto;font-style:normal;font-weight:100;src:local("Roboto Thin"),local("Roboto-Thin"),url(Roboto-Thin.a76225673323123d2989.ttf) format("truetype")}@font-face{font-display:swap;font-family:Roboto;font-style:normal;font-weight:300;src:local("Roboto Light"),local("Roboto-Light"),url(Roboto-Light.73fd17b88d34c2b2f437.ttf) format("truetype")}@font-face{font-display:swap;font-family:Roboto;font-style:normal;font-weight:400;src:local("Roboto"),local("Roboto-Regular"),url(Roboto-Regular.1ba679c05036b34bf359.ttf) format("truetype")}@font-face{font-display:swap;font-family:Roboto;font-style:normal;font-weight:500;src:local("Roboto Medium"),local("Roboto-Medium"),url(Roboto-Medium.32be89b11725274cd3e8.ttf) format("truetype")}@font-face{font-display:swap;font-family:Roboto;font-style:normal;font-weight:700;src:local("Roboto Bold"),local("Roboto-Bold"),url(Roboto-Bold.6dafca5a4f1e31f2bdf1.ttf) format("truetype")}@font-face{font-display:swap;font-family:Roboto;font-style:normal;font-weight:900;src:local("Roboto Black"),local("Roboto-Black"),url(Roboto-Black.8afe3ed70f5ef2813ba8.ttf) format("truetype")}@-webkit-keyframes cdk-text-field-autofill-start{}@-webkit-keyframes cdk-text-field-autofill-end{}html{font-size:16px}body,html{height:100%;min-height:100%;position:relative;-webkit-tap-highlight-color:transparent;-webkit-text-size-adjust:100%;-moz-text-size-adjust:100%;text-size-adjust:100%;-webkit-touch-callout:none;width:100%}body:not(.safari-platform){-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}body{color:rgba(0,0,0,.87);font-family:Roboto,Helvetica Neue,sans-serif;font-size:.875rem;height:100%;line-height:1.5;margin:0;padding:0;position:relative;width:100%}div{box-sizing:border-box}body{background:var(--bg1)}@font-face{font-family:IBM Plex Sans;src:url(IBMPlexSans-Regular.0519459d8ed646e0f90d.ttf) format("truetype")}html{font-size:87.5%}:root{--fn-dropshadow:0 1px 2px transparent;--contrast-normal:var(--bg2);--light-theme-lines:var(--contrast-darkest);--dark-theme-lines:var(--contrast-lighter);--lines:var(--dark-theme-lines);--sidenav-width:240px;--btn-default-bg:var(--alt-bg2);--hover-bg:var(--lines)!important;--font-family-body:"IBM Plex Sans"}body{font-family:IBM Plex Sans,sans-serif;font-family:var(--font-family-body),sans-serif;font-weight:400;line-height:1.65}</style><link rel="stylesheet" href="styles.30e0eaace16347472bf1.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.30e0eaace16347472bf1.css"></noscript></head>
<body class="ix-blue">
  <app-root>
    <div class="app-loadr" style="background-color:var(--bg2);height:100vh; --bg1:#171E26;--bg2:#232d35;--fg1:#aaaaaa;--fg2:#cccccc;">
      <div style="position:relative;z-index:2;width:180px;height:180px;top:calc(50% - 90px);left:calc(50% - 90px);">
        <div style="text-align:center; position:relative; top:calc(50% - 75px);">
          <mat-icon svgicon="truenas_core_logomark" id="brandLogo" alt="" style="width: 100%; height:100%"></mat-icon>
        <!-- Put a loader in here at some point -->
      </div>
    </div>
    <script src="assets/scripts/product.js">
    </script>
    <script>
      if (product.trim() === 'TrueNAS') {
        document.getElementById('brandLogo').src = 'assets/images/TrueNAS_Logomark_White.svg';
      }
    </script>

<script src="runtime-es2015.6984309977a740e8d413.js" type="module"></script><script src="runtime-es5.6984309977a740e8d413.js" nomodule defer></script><script src="polyfills-es5.79dd455292550bfc27db.js" nomodule defer></script><script src="polyfills-es2015.8cb64c24c071eafaf53f.js" type="module"></script><script src="scripts.f1955eed7d9c9bef18be.js" defer></script><script src="main-es2015.e2178dd8259df19503a8.js" type="module"></script><script src="main-es5.e2178dd8259df19503a8.js" nomodule defer></script>

* Connection #0 to host truenas.custom_domain.tld left intact

From caddy server to pfsense http://pfsense.custom_domain.tld/
From virtual machine to pfsense domain

*   Trying 192.168.1.1:80...
* Connected to pfsense.custom_domain.tld (192.168.1.1) port 80 (#0)
> GET / HTTP/1.1
> Host: pfsense.custom_domain.tld
> User-Agent: curl/7.74.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx
< Date: Sat, 03 Dec 2022 15:31:44 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Frame-Options: SAMEORIGIN
< Last-Modified: Sat, 03 Dec 2022 15:31:44 GMT
< Set-Cookie: PHPSESSID=1a0c221f1fdc80d325fff2150c3dc6ce; path=/; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< X-Frame-Options: SAMEORIGIN
<
<!DOCTYPE html>
<html lang="en">
        <head>
                <meta name="viewport" content="width=device-width, initial-scale=1">
            <link rel="stylesheet" href="/vendor/bootstrap/css/bootstrap.min.css" type="text/css">
            <link rel="stylesheet" href="/css/login.css?v=1643658823" type="text/css">
                <title>pfSense - Login</title>
                <script type="text/javascript">
                        //<![CDATA{
                        var events = events || [];
                        //]]>
                </script>
        <script type="text/javascript">if (top != self) {top.location.href = self.location.href;}</script><script type="text/javascript">var csrfMagicToken = "sid:c0cbd312352e6d8bbbea232530e7dc4294c5cf8a,1670081504;ip:333a88e5f85ac4572c649f2b24f8595d84278a2b,1670081504";var csrfMagicName = "__csrf_magic";</script><script src="/csrf/csrf-magic.js" type="text/javascript"></script></head>

        <body id="login" >
                <div id="total">
                        <header>
                                <div id="headerrow">
                                        <div class="row">
                                                <!-- Header left logo box -->
                                                <div class="col-sm-4">
                                                        <div id="logodiv" style="text-align:center" class="nowarning">
                                                                <svg id="logo" role="img" aria-labelledby="pfsense-logo" x="0px" y="0px" viewBox="0 0 282.8 84.2">
        <title id="pfsense-logo-svg">pfSense Logo</title>
        <path class="logo-st0" d="M27.8,57.7c2.9,0,5.4-0.9,7.5-2.6c2.1-1.7,3.6-4,4.4-6.8c0.8-2.8,0.6-5.1-0.5-6.8c-1.1-1.7-3.2-2.6-6.1-2.6 c-2.9,0-5.4,0.9-7.5,2.6c-2.1,1.7-3.5,4-4.3,6.8c-0.8,2.8-0.7,5.1,0.5,6.8C22.8,56.9,24.8,57.7,27.8,57.7"/>
        <path class="logo-st0" d="M115.1,46.6c-1.5-0.8-3-1.4-4.7-1.8c-1.7-0.4-3.2-0.7-4.7-1.1c-1.5-0.3-2.7-0.7-3.6-1.1c-0.9-0.4-1.4-1.1-1.4-2 c0-1.1,0.5-1.9,1.4-2.4c0.9-0.5,1.9-0.7,2.8-0.7c2.8,0,5,1,6.7,3.1l7-7c-1.7-1.8-3.9-3.1-6.4-3.8c-2.5-0.7-5-1.1-7.4-1.1 c-1.9,0-3.9,0.2-5.7,0.7c-1.9,0.5-3.6,1.2-5,2.3c-1.5,1-2.6,2.3-3.5,3.9c-0.9,1.6-1.3,3.5-1.3,5.7c0,2.3,0.5,4.2,1.4,5.6 c0.9,1.4,2.1,2.5,3.6,3.3c1.5,0.8,3,1.3,4.7,1.7c1.7,0.4,3.2,0.7,4.7,1.1c1.5,0.3,2.7,0.7,3.6,1.2c0.9,0.5,1.4,1.2,1.4,2.2 c0,1-0.5,1.7-1.6,2.1c-1.1,0.4-2.3,0.6-3.6,0.6c-1.7,0-3.3-0.3-4.6-1c-1.3-0.7-2.5-1.7-3.6-3l-7,7.7c1.8,1.9,4.1,3.2,6.7,3.9 c2.7,0.7,5.3,1.1,7.9,1.1c2,0,4-0.2,6.1-0.6c2-0.4,3.9-1,5.5-2c1.6-0.9,3-2.2,4-3.8c1-1.6,1.6-3.5,1.6-5.9c0-2.3-0.5-4.2-1.4-5.6 C117.7,48.6,116.5,47.4,115.1,46.6"/>
        <path class="logo-st0" d="M156.3,34.1c-1.5-1.7-3.3-3-5.5-3.9c-2.2-0.9-4.6-1.4-7.2-1.4c-2.9,0-5.6,0.5-8.1,1.4c-2.5,0.9-4.7,2.2-6.6,3.9 c-1.9,1.7-3.3,3.8-4.4,6.2c-1.1,2.4-1.6,5.1-1.6,8c0,3,0.5,5.6,1.6,8c1.1,2.4,2.5,4.5,4.4,6.2c1.9,1.7,4.1,3,6.6,3.9 c2.5,0.9,5.2,1.4,8.1,1.4c3,0,5.9-0.6,8.7-1.9c2.8-1.3,5.1-3.1,7-5.4l-8-5.9c-1,1.3-2.1,2.4-3.4,3.3c-1.3,0.8-2.9,1.3-4.8,1.3 c-2.2,0-4.1-0.7-5.7-2c-1.5-1.3-2.5-3.1-3-5.2H161v-3.6c0-3-0.4-5.6-1.2-8C159,37.9,157.8,35.8,156.3,34.1 M134.3,44.1 c0.1-0.9,0.3-1.8,0.7-2.6c0.4-0.8,0.9-1.6,1.6-2.2c0.7-0.6,1.5-1.2,2.5-1.6c1-0.4,2.1-0.6,3.4-0.6c2.1,0,3.8,0.7,5.1,2.1 c1.3,1.4,2,3,1.9,5H134.3z"/>
        <path class="logo-st0" d="M198.3,33.8c-1-1.6-2.4-2.8-4.2-3.7c-1.8-0.9-4.1-1.3-7-1.3c-1.4,0-2.7,0.2-3.8,0.5c-1.2,0.4-2.2,0.8-3.1,1.4 c-0.9,0.6-1.7,1.2-2.4,1.9c-0.7,0.7-1.2,1.4-1.5,2.1H176v-5.1h-11v37.2h11.5V48.4c0-1.2,0.1-2.4,0.2-3.5c0.2-1.1,0.5-2.1,1-3 c0.5-0.9,1.2-1.6,2.1-2.1c0.9-0.5,2.1-0.8,3.6-0.8c1.5,0,2.6,0.3,3.4,0.9c0.8,0.6,1.4,1.4,1.8,2.4c0.4,1,0.6,2,0.7,3.2 c0.1,1.1,0.1,2.3,0.1,3.3v18.2h11.5V46.4c0-2.5-0.2-4.8-0.5-7C199.9,37.3,199.3,35.4,198.3,33.8"/>
        <path class="logo-st0" d="M231.5,46.6c-1.5-0.8-3-1.4-4.7-1.8c-1.7-0.4-3.2-0.7-4.7-1.1c-1.5-0.3-2.7-0.7-3.6-1.1c-0.9-0.4-1.4-1.1-1.4-2 c0-1.1,0.5-1.9,1.4-2.4c0.9-0.5,1.9-0.7,2.8-0.7c2.8,0,5,1,6.7,3.1l7-7c-1.7-1.8-3.9-3.1-6.4-3.8c-2.5-0.7-5-1.1-7.4-1.1 c-1.9,0-3.9,0.2-5.7,0.7c-1.9,0.5-3.6,1.2-5,2.3c-1.5,1-2.6,2.3-3.5,3.9c-0.9,1.6-1.3,3.5-1.3,5.7c0,2.3,0.5,4.2,1.4,5.6 c0.9,1.4,2.1,2.5,3.6,3.3c1.5,0.8,3,1.3,4.7,1.7c1.7,0.4,3.2,0.7,4.7,1.1c1.5,0.3,2.7,0.7,3.6,1.2c0.9,0.5,1.4,1.2,1.4,2.2 c0,1-0.5,1.7-1.6,2.1c-1.1,0.4-2.3,0.6-3.6,0.6c-1.7,0-3.3-0.3-4.6-1c-1.3-0.7-2.5-1.7-3.6-3l-7,7.7c1.8,1.9,4.1,3.2,6.7,3.9 c2.7,0.7,5.3,1.1,7.9,1.1c2,0,4-0.2,6.1-0.6c2-0.4,3.9-1,5.5-2c1.6-0.9,3-2.2,4-3.8c1-1.6,1.6-3.5,1.6-5.9c0-2.3-0.5-4.2-1.4-5.6 C234.1,48.6,232.9,47.4,231.5,46.6"/>
        <path class="logo-st0" d="M277.4,51.9v-4.2c-0.1-2.7-0.5-5.2-1.2-7.4c-0.8-2.4-2-4.5-3.5-6.2c-1.5-1.7-3.3-3-5.5-3.9 c-2.2-0.9-4.6-1.4-7.2-1.4c-2.9,0-5.6,0.5-8.1,1.4c-2.5,0.9-4.7,2.2-6.6,3.9c-1.9,1.7-3.3,3.8-4.4,6.2c-1.1,2.4-1.6,5.1-1.6,8 c0,3,0.5,5.6,1.6,8c1.1,2.4,2.5,4.5,4.4,6.2c1.9,1.7,4.1,3,6.6,3.9c2.5,0.9,5.2,1.4,8.1,1.4c3,0,5.9-0.6,8.7-1.9 c2.8-1.3,5.1-3.1,7-5.4l-8-5.9c-1,1.3-2.1,2.4-3.4,3.3c-1.3,0.8-2.9,1.3-4.8,1.3c-2.2,0-4.1-0.7-5.7-2c-1.5-1.3-2.5-3.1-3-5.2H277.4 z M250.7,44.1c0.1-0.9,0.3-1.8,0.7-2.6c0.4-0.8,0.9-1.6,1.6-2.2c0.7-0.6,1.5-1.2,2.5-1.6c1-0.4,2.1-0.6,3.4-0.6 c2.1,0,3.8,0.7,5.1,2.1c1.3,1.4,2,3,1.9,5H250.7z"/>
        <path class="logo-st1" d="M52.6,38.9l2.6-9.2h4.6l1.8-6.6c0.6-2,1.3-4,2.2-5.8c0.8-1.8,2-3.4,3.4-4.8c1.4-1.4,3.2-2.5,5.3-3.3 c2.1-0.8,4.8-1.2,7.9-1.2c0.8,0,1.5,0,2.3,0.1c-0.7-2.9-3.3-5-6.3-5.1H11.9c-3.6,0-6.5,3-6.5,6.6V67l10.5-37.3h10.6l-1.4,4.9h0.2 c0.6-0.7,1.4-1.3,2.4-2c1-0.7,2-1.3,3.1-1.9c1.1-0.6,2.3-1,3.6-1.4c1.3-0.4,2.6-0.5,3.9-0.5c2.8,0,5.1,0.5,7.1,1.4 c2,0.9,3.5,2.3,4.7,4c1,1.5,1.6,3.3,1.9,5.4l0.8-0.6H52.6z"/>
        <path class="logo-st2" d="M82.1,17.9c-0.5-0.1-1.1-0.2-1.8-0.2c-1.8,0-3.3,0.4-4.5,1.2c-1.1,0.8-2.1,2.4-2.8,4.9l-1.7,5.9h6.5l1.6,5.1 l-4.2,4.1h-6.5l-7.9,28H49.4l7.9-28h-4.4L52,39.5c0,0.2,0.1,0.5,0.1,0.7c0.2,2.3-0.1,4.9-0.9,7.7c-0.7,2.6-1.8,5.1-3.3,7.5 c-1.5,2.4-3.2,4.5-5.1,6.3c-2,1.8-4.2,3.3-6.6,4.4c-2.4,1.1-4.9,1.6-7.6,1.6c-2.4,0-4.5-0.4-6.4-1.1c-1.9-0.7-3.2-2-4-3.8h-0.2 l-5,17.7h63.3c3.6,0,6.6-2.9,6.6-6.6V18.2C82.6,18.1,82.3,18,82.1,17.9"/>
        <path class="logo-st0" d="M277.6,68.5h0.8c0.4,0,0.6-0.1,0.7-0.2c0.1-0.1,0.2-0.2,0.2-0.4c0-0.1,0-0.2-0.1-0.3c-0.1-0.1-0.1-0.2-0.3-0.2 c-0.1,0-0.3-0.1-0.6-0.1h-0.7V68.5z M277,70.6v-3.8h1.3c0.5,0,0.8,0,1,0.1c0.2,0.1,0.4,0.2,0.5,0.4c0.1,0.2,0.2,0.4,0.2,0.6 c0,0.3-0.1,0.5-0.3,0.7c-0.2,0.2-0.5,0.3-0.8,0.3c0.1,0.1,0.2,0.1,0.3,0.2c0.2,0.2,0.3,0.4,0.6,0.8l0.5,0.7h-0.8l-0.3-0.6 c-0.3-0.5-0.5-0.8-0.6-0.9c-0.1-0.1-0.3-0.1-0.5-0.1h-0.4v1.6H277z M278.6,65.7c-0.5,0-1,0.1-1.5,0.4c-0.5,0.3-0.8,0.6-1.1,1.1 c-0.3,0.5-0.4,1-0.4,1.5c0,0.5,0.1,1,0.4,1.5c0.3,0.5,0.6,0.8,1.1,1.1c0.5,0.3,1,0.4,1.5,0.4c0.5,0,1-0.1,1.5-0.4 c0.5-0.3,0.8-0.6,1.1-1.1c0.3-0.5,0.4-1,0.4-1.5c0-0.5-0.1-1-0.4-1.5c-0.3-0.5-0.6-0.8-1.1-1.1C279.6,65.8,279.1,65.7,278.6,65.7z M278.6,65.1c0.6,0,1.2,0.2,1.8,0.5c0.6,0.3,1,0.7,1.3,1.3c0.3,0.6,0.5,1.2,0.5,1.8c0,0.6-0.2,1.2-0.5,1.8c-0.3,0.6-0.8,1-1.3,1.3 c-0.6,0.3-1.2,0.5-1.8,0.5c-0.6,0-1.2-0.2-1.8-0.5c-0.6-0.3-1-0.8-1.3-1.3c-0.3-0.6-0.5-1.2-0.5-1.8c0-0.6,0.2-1.2,0.5-1.8 c0.3-0.6,0.8-1,1.3-1.3C277.4,65.2,278,65.1,278.6,65.1z"/>
</svg>
                                                        </div>
                                                </div>

                                                <!-- Header center message box -->
                                                <div class="col-sm-4 nowarning msgbox text-center text-danger">
                                                </div>

                                                <!-- Header right message box (hostname or msg)-->
                                                <div class="col-sm-4 nowarning msgbox text-center">
                                                        <span id="hostspan">
                                                                <a><h4>Login to pfSense</h4></a>
                                                        </span>
                                                </div>
                                        </div>
                    </div>
                </header>

                <div style="background: #1e3f75;" class="pagebody">
                        <div class="col-sm-4"></div>

                        <div class="col-sm-4 offset-md-4 logoCol">
                                        <div class="loginCont center-block">
                                <form method="post"  class="login"><input type='hidden' name='__csrf_magic' value="sid:c0cbd312352e6d8bbbea232530e7dc4294c5cf8a,1670081504;ip:333a88e5f85ac4572c649f2b24f8595d84278a2b,1670081504" />
                                        <p class="form-title">Sign In</p>
                                        <input name="usernamefld" id="usernamefld" type="text" placeholder="Username" autocorrect="off" autocapitalize="none"/>
                                        <input name="passwordfld" id="passwordfld" type="password" placeholder="Password" />
                                        <input type="submit" name="login" value="Sign In" class="btn btn-success btn-sm" />
                                </form>
                                        </div>
                    </div>

                        <div class="col-sm-4"></div>
                </div>

                <footer id="3">
                    <div id="footertext">
                                        <p class="text-muted">
                                                <a target="_blank" href="https://pfsense.org">pfSense</a> is developed and maintained by <a target="_blank" href="https://netgate.com">Netgate. </a> &copy; ESF 2004 - 2022<a target="_blank" href="https://pfsense.org/license"> View license.</a>                            </p>
                    </div>
                </footer>
            </div>

                <script type="text/javascript">
                //<![CDATA[
                        /* Prevent duplicate submission  */
                        events.push(function() {
                                var submitted = false;

                                $(form).submit(function(e){
                                        if (submitted) {
                                                e.preventDefault();
                                        } else {
                                                submitted = true;
                                                // Form is submitted because default action is not prevented
                                        }
                                });
                        });
                //]]>
                </script>

            <script src="/vendor/jquery/jquery-3.5.1.min.js?v=1643658823"></script>
                <script src="/vendor/bootstrap/js/bootstrap.min.js?v=1643658823"></script>
                <script src="/js/pfSense.js?v=1643658823"></script>

                <script type="text/javascript">
                //!<[CDATA[
                events.push(function() {
                        document.cookie=
                                "cookie_test=1" +
                                "";

                        if (document.cookie.indexOf("cookie_test") == -1) {
                                alert("The browser must support cookies to login.");
                        }

                        // Delete it
                        document.cookie = "cookie_test=1; expires=Thu, 01-Jan-1970 00:00:01 GMT";
                });
                //]]>
                </script>

        <script type="text/javascript">CsrfMagic.end();</script></body>
</html>

* Connection #0 to host pfsense.custom_domain.tld left intact

other virtual machine to proxmox domain

*   Trying 192.168.1.5:80...
* connect to 192.168.1.5 port 80 failed: Connection refused
* Failed to connect to jumpy.custom_domain.tld port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to jumpy.custom_domain.tld port 80: Connection refused

caddy server to proxmox domain

*   Trying 192.168.1.5:80...
* connect to 192.168.1.5 port 80 failed: Connection refused
* Failed to connect to jumpy.custom_domain.tld port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to jumpy.custom_domain.tld port 80: Connection refused

francislavoie · December 3, 2022, 4:28pm

It seems like it’s not reaching Caddy at all. Are you sure your DNS is correct?

J_K · December 3, 2022, 4:50pm

I added DNS to internal DNS (pihole) and global DNS (cloudflare), DNS is correct, no luck…
I have no clue why caddy server’s reverse proxy is not working… I tried another reverse proxy like nginx proxy manager as LXC container, it is not working as well. I tested many possibility…

they never hit caddy once even I execute the url from caddy… My homelab network environment is not complex:

ISP – a modem – hypervisor (proxmox) virtualized router – another hypervisor virtualzed caddy – other virtual machine

system · January 2, 2023, 9:33am

This topic was automatically closed after 30 days. New replies are no longer allowed.