1. The problem I’m having:
Hi there. I’m attempting to set up a Caddy web server to reverse proxy via HTTPS from my google domains website url to my locally hosted jellyfin server.
I have been through like 4 different tutorials and am having 0 luck and absolutely pulling my hair out. I am finding the tutorials quite difficult as a beginner because it will often tell me to do something without any context or explanation for what I need to do or where.
At first I didn’t have access so i changed permissions. Then the ports wouldn’t bind, so I had to uninstall, download the bin for google domains and put it in my /usr/bin/
I then ran through the set up for installing at as a systemctl service. Then it seemed to all be working on my end, but when I went to the website it would say connection refused, despite being able to access the jellyfin server via the direct IP address. All ports are forwarded.
I then after much googling (because the tutorial doesn’t mention it at all) discovered I needed to include an API for the google domain. So I added that to the Caddyfile, but now I am getting errors when trying to run the service.
#2:
I enter:
sudo systemctl start caddy
and I get back
○ caddy.service - Caddy
Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Wed 2023-07-12 19:48:01 AEST; 17min ago
Docs: https://caddyserver.com/docs/
Process: 8195 ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile (code=exited, status=0/SUCCESS)
Main PID: 8195 (code=exited, status=0/SUCCESS)
CPU: 69ms
Jul 12 19:48:01 calcifer caddy[8195]: {"level":"info","ts":1689155281.1891105,"logger":"tls.obtain","msg":"releasing lock","identifier":"mitchflix.mov"}
Jul 12 19:48:01 calcifer caddy[8195]: {"level":"info","ts":1689155281.189118,"logger":"tls.obtain","msg":"releasing lock","identifier":"www.mitchflix.mov"}
Jul 12 19:48:01 calcifer caddy[8195]: {"level":"error","ts":1689155281.1891944,"logger":"tls.obtain","msg":"unable to unlock","identifier":"www.mitchflix.mov","lock_key":"issue_cert_www.mitchflix.mov",">
Jul 12 19:48:01 calcifer caddy[8195]: {"level":"error","ts":1689155281.1891963,"logger":"tls.obtain","msg":"unable to unlock","identifier":"mitchflix.mov","lock_key":"issue_cert_mitchflix.mov","error":">
Jul 12 19:48:01 calcifer caddy[8195]: {"level":"error","ts":1689155281.1892118,"logger":"tls","msg":"job failed","error":"www.mitchflix.mov: obtaining certificate: context canceled"}
Jul 12 19:48:01 calcifer caddy[8195]: {"level":"error","ts":1689155281.1892147,"logger":"tls","msg":"job failed","error":"mitchflix.mov: obtaining certificate: context canceled"}
Jul 12 19:48:01 calcifer caddy[8195]: {"level":"info","ts":1689155281.1892295,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Jul 12 19:48:01 calcifer caddy[8195]: {"level":"info","ts":1689155281.1892374,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
Jul 12 19:48:01 calcifer systemd[1]: caddy.service: Deactivated successfully.
Jul 12 19:48:01 calcifer systemd[1]: Stopped Caddy.
3. Caddy version:
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
4. How I installed and ran Caddy:
First via the package manager, via the tutorial. Then I found a google link saying that won’t work at all, so I uninstalled.
I then attempted to install manually via get-apt. However it kept saying it couldn’t see the caddy package, and the online conversations on how to fix this were unhelpful. So instead I went to the main website, downloaded the linux/ubuntu binary, and just renamed it to “caddy” and put it in /usr/bin.
It is worth noting the tutorial never mentioned many of the steps required to do this without prior knowledge. I had to just assume they were referring to the downloaded binary on the site, imply that i was meant to rename it (because it downloads as something completely different than what the tutorial refers to it as) then move that to my home folder and continue following the steps in the tutorial. It also off-handedly mentions permissions, but never specifies what commands are required to do this.
When it still wouldn’t work, I then realised I needed a different binary, specifically for the google domain name servers. The tutorial didn’t mention this either. Looking at the documentation for the relevant package showed 2 commands, but no info on how to deploy them. To use them I had to find another google post sharing their Caddyfile for google domains and copy the syntax for the DNS and API key commands and how to format them.
When I input that, it broke again, saying the syntax was wrong. The error was something like:
Unkown global command "mitchflix.mov"
Which I assumed to mean my parsing/syntax was wrong in the config. I edited it to the below, and now it is at least loading the service but it doesn’t seem to be able to get the info from google.
I have tried multiple attempts at rewriting the config file but none of the attempts have worked.
a. System environment:
Ubuntu 22.04
Intel 10th Gen CPU
Erying motherboard (Intel HM570)
b. Command:
sudo systemctl start caddy
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
{
acme_dns google_domains ("API_KEY_REMOVED")
}
mitchflix.mov, www.mitchflix.mov {
reverse_proxy localhost:8096
}