Can't access reverse proxy remotely

1. Caddy version:

2.6.4

2. How I installed, and run Caddy:

Linux package

a. System environment:

Ubuntu server 22.10

b. Command:

n/a

c. Service/unit/compose file:

n/a

d. My complete Caddy config:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.

{
	# General Options
	# debug
	http_port    81
}

# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.

czonin.com {
	
	# Set this path to your site's directory.
	root * /usr/share/caddy

	# Enable the static file server.
	file_server

	# Another common task is to set up a reverse proxy:
	# reverse_proxy 192.168.86.214:9443

	handle_path /portainer* {
		reverse_proxy 192.168.86.214:9443
	}

	handle_path /jellyfin* {
		reverse_proxy 192.168.86.214:8096
	}

	# Or serve a PHP site through php-fpm:
	# php_fastcgi localhost:9000
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

3. The problem I’m having:

I get a 404 on my phone when trying to access czonin.com/jellyfin even when it’s on my local WiFi.

4. Error messages and/or full log output:

https://pastebin.com/W7VtnWsi

5. What I already tried:

  • I can access czonin.com/jellyfin on my main PC (separate machine from where caddy and docker are installed)
  • I can’t access it on my main PC when incognito
  • I can reach the default Caddy landing page through my domain on my phone on both my local WiFi and mobile data
  • I can access Jellyfin on my phone through it’s ip:port

6. Links to relevant resources:

n/a

Hey Corey, there might be a mistake – most of the help template is empty. So it’s had to tell what is going on.

Like, what does this mean specifically?

Sorry, but we’ll need more specific details in order to help you.

We also don’t allow redacting domain names here because they are public information and necessary to help troubleshoot (for example, so we can perform a DNS lookup to see if it’s resolving correctly).

1 Like

Apologies, I didn’t mean to make that live yet. I’ve just updated the original post with more information, as well as removing my redacted domain.

Thanks for the quick reply! Let me know if there’s any other information I can provide.

1 Like

So I found that if I just set up reverse_proxy 192.168.86.214:8096 in my Caddyfile then I can access jellyfin on my phone without an issue. But it doesn’t work if I try:

	handle_path /jellyfin* {
		reverse_proxy 192.168.86.214:8096

Any idea why that would be?

Judging from your config, you want to serve portainer and jellyfin under the same site, with different starting subpath. Depending on application, it’s not trivial to support such usage. Often it requires backend service to support this usage.

You can’t nest sites within sites. See the Caddyfile structure:

Some more progress. I ended up making CNAME records for my domain for each service in my Caddyfile (ie. sonarr.czonin.com pointing at czonin.com) and now those are accessible on my main PC. I’m still getting a 404 on my phone when trying to access any of them though.

Edit 2: More progress. It looks like it just needed time, everything works through subdomains now. I was also able to get dynamic DNS set up for my Google domain using DDClient. The last thing I need to figure out is portainer gives me the error Client sent an HTTP request to an HTTPS server. when trying to access it through the subdomain.

1 Like

You’re close then. Sounds like something is using HTTP when it should be using HTTPS. Either the portainer client needs to use HTTPS, or that reverse proxy needs to use HTTPS to the backend.

Sorry, was away for the weekend. I was able to get it all working. I had some issues on the Portainer side with accessing it through http, but I got that sorted out. Everything is working through subdomains now, and I was able to get Authentik set up for things I wanted to expose that didn’t have authentication. Thanks for all the help @francislavoie @matt !

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.