Cannot connect to application using duckdns

CorbittMan · March 10, 2025, 3:13am

1. The problem I’m having:

I have been trying to connect to a local application called foundry, I’m using duckdns.org as the ddns.
I have registered a subdomain with my public ip address, installed caddy and the program, run the program indicating that a reverse proxy is being used and used the following caddyfile:
consolacao.duckdns.org {
reverse_proxy :30000
}
The version I have has the duckdns plugin installed.

2. Error messages and/or full log output:

Mar 10 02:50:59 ana-ubuntu systemd[1]: Reloading caddy.service - Caddy...
Mar 10 02:50:59 ana-ubuntu caddy[2089580]: {"level":"info","ts":1741575059.4857552,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Mar 10 02:50:59 ana-ubuntu caddy[2089580]: {"level":"info","ts":1741575059.4869509,"msg":"adapted config to JSON","adapter":"caddyfile"}
Mar 10 02:50:59 ana-ubuntu caddy[2076296]: {"level":"info","ts":1741575059.4874046,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"34876","headers":{"Accept-Encoding":["gzip"],"Cache-Control":["must-revalidate"],"Content-Length":["251"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Mar 10 02:50:59 ana-ubuntu caddy[2076296]: {"level":"info","ts":1741575059.4879153,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Mar 10 02:50:59 ana-ubuntu caddy[2076296]: {"level":"info","ts":1741575059.4880126,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Mar 10 02:50:59 ana-ubuntu caddy[2076296]: {"level":"info","ts":1741575059.4880257,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Mar 10 02:50:59 ana-ubuntu caddy[2076296]: {"level":"info","ts":1741575059.4882114,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Mar 10 02:50:59 ana-ubuntu caddy[2076296]: {"level":"info","ts":1741575059.4882238,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Mar 10 02:50:59 ana-ubuntu caddy[2076296]: {"level":"warn","ts":1741575059.4882584,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":80"}
Mar 10 02:50:59 ana-ubuntu caddy[2076296]: {"level":"warn","ts":1741575059.4882638,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"}
Mar 10 02:50:59 ana-ubuntu caddy[2076296]: {"level":"info","ts":1741575059.4882674,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Mar 10 02:50:59 ana-ubuntu caddy[2076296]: {"level":"info","ts":1741575059.4882715,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["consolacao.duckdns.org"]}
Mar 10 02:50:59 ana-ubuntu caddy[2076296]: {"level":"info","ts":1741575059.4882815,"logger":"http","msg":"servers shutting down with eternal grace period"}
Mar 10 02:50:59 ana-ubuntu caddy[2076296]: {"level":"info","ts":1741575059.488418,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Mar 10 02:50:59 ana-ubuntu caddy[2076296]: {"level":"info","ts":1741575059.4884686,"logger":"admin.api","msg":"load complete"}
Mar 10 02:50:59 ana-ubuntu caddy[2076296]: {"level":"info","ts":1741575059.4895508,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}

3. Caddy version:

v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=

a. System environment:

Ubuntu 24.04 LTS amd64

b. Command:

sudo systemctl status caddy

It indicates it is active and gives me the provided log

d. My complete Caddy config:

consolacao.duckdns.org {
        # Set this path to your site's directory.
        reverse_proxy :30000
}

5. Links to relevant resources:

timelordx · March 10, 2025, 3:37am

Can you please clarify “Cannot connect to application using duckdns”?

I can’t see any problems with your Caddy setup:

the certificate is correct
80/tcp (http) redirects to 443/tcp (https)
https://consolacao.duckdns.org/ redirects to https://consolacao.duckdns.org/setup, which eventually redirects to https://consolacao.duckdns.org/auth with a Foundry Virtual Tabletop page asking for admin credentials.

timelordx · March 10, 2025, 3:50am

One thing I’ve noticed is that the AUTH page shows the following error:

The requested data path parent directory “C:/Users/CorbittMan/Desktop/TTRPG/DnD” does not exist.

It looks like there’s a misconfiguration in your Foundry Virtual Tabletop setup.

CorbittMan · March 10, 2025, 12:04pm

It doesn’t on my end, I’ve been trying for a few hours but locally I cannot access the url, I’ve tried it on my phone and it worked, it seems the issue is only locally, my machine cannot resolve it with my browsers (librewolf and chromium)
It seems the issue is only on my end with local access, any idea why that would be?
I’ve even tried accessing in anon mode just so I don’t have cached data interfering and no dice.
I’ve also used an online proxy to connect and it worked, sorry to have made a post that apparently has no real issue, just can’t locally connect for some reason.

TheRettom · March 11, 2025, 1:43am

Basically, when you’re accessing a service hosted on your LAN that is actually pointing to a public IP, it doesn’t know what to do. The glories of NAT loopback.

You need to have a local DNS point to the host machine. For example, in your router you could add DNS host mapping, pointing consolacao.duckdns.org to the local IP of the machine running Caddy.

Alternatively, you could edit your /etc/hosts file with the same IP and hostname.

timelordx · March 11, 2025, 3:18am

@TheRettom has already given you a great answer.

Since you didn’t provide much detail about how your home network connects to the internet - specifically whether your Ubuntu server is also your router or if you have a separate SOHO router - I’ll assume the latter.

The feature you’re looking for is called NAT Loopback, also known as Hairpin NAT or NAT Reflection. This allows devices inside your local network to access a service using the public IP (or a domain name resolving to it). Without NAT loopback, most routers won’t allow traffic to go out to the public IP and come back in, causing the request to fail.

Check if your router supports this feature. In the meantime, I found this Reddit post that provides a nice summary of the issue you’re facing.