Can't access from Chrome & Android

1. The problem I’m having:

Since yesterday I can’t access my reverse proxied docker apps from my android devices browsers and chrome on a macbook.
My server is in my office and if I connect to the office LAN through wireguard, I can access everything through chrome on my macbook. Connecting through wireguard on an android device browser shows “This site can’t provide a secure connection” “ERR_SSL_Protocol_ERROR”.
Using safari or firefox browser on mac from my home network works.
Using firefox on android doesn’t work.
Using apps (Immich, Audiobookshelf, Jellyfin) on android works on every network.
Using Adguard with disabled DNS blocking and brave browser on android works.

I tried forcing ZeroSSL certificates to see if it makes a difference, but it doesn’t (except that it takes forever to get them).

I don’t know what the problem could be. Caddy seems to be getting proper certificates, but somehow it doesn’t work everywhere.

2. Error messages and/or full log output:

Doesn’t show any logs when trying to connect.

3. Caddy version:

2.8.4

4. How I installed and ran Caddy:

docker compose

a. System environment:

Truenas Scale 24.04.2 (Linux)
Jailmaker Jail
Dockge

b. Command:

c. Service/unit/compose file:

services:
  caddy:
    image: caddy:latest
    container_name: caddy
    restart: unless-stopped
    environment:
      - TZ=Europe/Berlin
      - PUID=3000
      - PGID=3000
    ports:
      - 80:80
      - 443:443
      - 443:443/udp
    volumes:
      - /mnt/data/caddy/caddyfile/Caddyfile:/etc/caddy/Caddyfile
      - /mnt/data/caddy/data:/data
      - /mnt/data/caddy/config:/config
volumes:
  caddy_data: null
  caddy_config: null
networks: {}

d. My complete Caddy config:

auth.domain.com {
    reverse_proxy http://192.168.178.118:9000
}

audiobookshelf.domain.com {
	reverse_proxy http://192.168.178.118:13378
}

navidrome.domain.com {
	reverse_proxy http://192.168.178.118:4533
}

jellyfin.domain.com {
	reverse_proxy http://192.168.178.118:8096
}

immich.domain.com {
	reverse_proxy http://192.168.178.118:2283
}

deemix.domain.com {
    # always forward outpost path to actual outpost
    reverse_proxy /outpost.goauthentik.io/* http://192.168.178.118:9000

    # forward authentication to outpost
    forward_auth http://192.168.178.118:9000 {
        uri /outpost.goauthentik.io/auth/caddy

        # capitalization of the headers is important, otherwise they will be empty
        copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version

        # optional, in this config trust all private ranges, should probably be set to the outposts IP
        trusted_proxies private_ranges
    }

    # actual site configuration below, for example
    reverse_proxy http://192.168.178.118:6595
}

5. Links to relevant resources:

Hi @danonym,

I assume you’re using a modern secure Android version like 14, correct?

For Let’s Encrypt certificates please see

Hey @Bruce5051 ,

I’ve tested different Android versions (Android 9, 11, 14) and it only works when I’m using older versions of Google Chrome (tested v74 and v104). Using recent versions of Chrome shows the ERR_SSL_PROTOCOL_ERROR.

I’m unsure wether the problem is caddy, the certificates or chrome.

I think I solved it:

The A record in cloudflare had the cloudflare proxy enabled, but all CNAME records had it disabled.

Enabling cloudflare proxy on one of the subdomains made it work, but for Jellyfin this apparently isn’t allowed.

Disabling the proxy on the A record and all CNAME records, made it work.

I had the proxy activated for the A record since I set it up a few months go, so I don’t know why it stopped working just now…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.