I use caddy with tailscale in a LXC on proxmox.
I run tailscale with --tun=userspace-networking in a scrren session.
Homarr resides on another LXC on proxmox where i also run tailscale.
Both Machines are available in the tailscale admin panel.
In Cloudflare i registered stfborn.org
I set up CNAME hummer, pointed it to homarr.hippocampus-toad.ts.net.
dig hummer.stfborn.org returns the following:
; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> hummer.stfborn.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16477
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1`
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;hummer.stfborn.org. IN A
;; ANSWER SECTION: hummer.stfborn.org. 60 IN CNAME homarr.hippocampus-toad.ts.net.
;; AUTHORITY SECTION: ts.net. 300 IN SOA ns1.dnsimple.com. admin.dnsimple.com. 1617046202 86400 7200 604800 300
Here is my Caddyfile:
hummer.stfborn.org { tls { get_certificate tailscale } reverse_proxy 192.168.1.7:3000 }
Here is the caddy log:
root@caddy:/etc/caddy# caddy run --config /etc/caddy/Caddyfile 2024/12/16 09:05:58.467 INFO using config from file {"file": "/etc/caddy/Caddyfile"} 2024/12/16 09:05:58.470 INFO adapted config to JSON {"adapter": "caddyfile"} 2024/12/16 09:05:58.470 WARN Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies {"adapter": "caddyfile", "file": "/etc/caddy/Caddyfile", "line": 3} 2024/12/16 09:05:58.474 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]} 2024/12/16 09:05:58.475 INFO http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443} 2024/12/16 09:05:58.475 INFO http.auto_https enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"} 2024/12/16 09:05:58.475 INFO http enabling HTTP/3 listener {"addr": ":443"} 2024/12/16 09:05:58.475 INFO failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details. 2024/12/16 09:05:58.476 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]} 2024/12/16 09:05:58.476 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]} 2024/12/16 09:05:58.476 INFO http enabling automatic TLS certificate management {"domains": ["hummer.stfborn.org"]} 2024/12/16 09:05:58.476 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"} 2024/12/16 09:05:58.476 INFO serving initial configuration 2024/12/16 09:05:58.478 INFO tls storage cleaning happened too recently; skipping for now {"storage": "FileStorage:/root/.local/share/caddy", "instance": "28653582-0684-400c-84db-bfae9ae67b7e", "try_again": "2024/12/17 09:05:58.478", "try_again_in": 86399.999999282} 2024/12/16 09:05:58.478 INFO tls finished cleaning storage units 2024/12/16 09:05:58.479 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0000eb500"}
Http resolves to https so it seems that the tailscale certs are being used. But i can’t access hummer.stfborn.org in my browser. Am i missing somethin here?
I haven’t set up an API token in cloudflare, becaus i use the CNAME setting, is that correct?
Any help appreciated
stf