Hi all… looking for any assistance to get a working (but secure) Caddyfile set up for unifi-video (Ubiquiti). I have a config that works to access the unifi-video interface, but may have security issies and also does allow for live streams.
1. Caddy version: 2.1.1
2. How I run Caddy:
I run Caddy on an Ubuntu 20.04 (Mate with server extras). Caddy runs on startup with systemd (and works fine for my simple Plex and Home Assistant reverse proxies). Caddy is used to reverse proxy various subdomains to servers running on the Ubuntu box.
a. System environment:
Ubuntu Mate 20.04.1
HP Elitedesk 800 G3
Caddy installed using the apt.fury.io method noted on cadyserver.com/docs/download docs
autorun on boot with systemd
b. Command:
None (systemd)
c. Service/unit/compose file:
systemd (autocreated)
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile:
hass.mydomain.mytld.au {
reverse_proxy 192.168.20.4:8123
}
#Plex Server
plex.mydomain.mytld.au {
reverse_proxy 192.168.20.17:32400
}
#Unifi Video
cam.mydomain.mytld.au {
reverse_proxy 192.168.20.2:7443 {
transport http {
tls
tls_insecure_skip_verify
}
}
}
#Calibre book server
books.mydomain.mytld.au {
reverse_proxy 192.168.20.2:8180
}
3. The problem I’m having:
The Caddyfile above works file to access all of my sites (including unifi-video), but live streaming of my camera feeds within unifi-video fails. Live streaming woks fine when accessing unifi-video directly by the IP address. Also, noting the use of tls_insecure_skip_verify—this seems like a bad idea to me (i.e. insecure) and information on the directives states “Do not use in production”, but access to to unifi-video fails without it (HTTP ERROR 502). Is this a bad idea? If so, what are the alternatives?
4. Error messages and/or full log output:
“Unable to load CameraNameHere livestream” (for all of my cameras)
5. What I already tried:
From similar issues that user of Caddy1, nginx and Apache have noted, this seems to be something to do with unifi-video using port 7446 for the video stream. So I trying the following adding variants to my Caddyfile (not all at the same time 
):
cam.mydomain.mytld.au:7446 {
reverse_proxy 192.168.20.2:744 {
transport http {
tls
tls_insecure_skip_verify
}
}
}
and
cam.mydomain.mytld.au:7446 {
reverse_proxy 192.168.20.2:7446
}
This only had the effect of disconnecting my cameras from the unifi-video controller (even when accessed via IP address). However, I didn’t forward port 7446 on my router.
6. Links to relevant resources:
Info on port 7446 use by unifi-video (nginx reverse proxy): https://community.ui.com/questions/UniFi-Video-and-Nginx-Reverse-Proxy/f417fe57-4cfa-4ef8-acb9-19005ec6178b
Similar (for apache): https://community.ui.com/questions/UniFi-Video-and-Apache-Reverse-Proxy/b37c80c5-7bdf-47e3-8357-9ef13fb0cf72
More of the same: https://community.ui.com/questions/UniFi-Video-after-reverse-proxy/69abbca0-4833-4ac4-af6c-7b2b244ec034