Can't access reverse proxy remotely

1. Caddy version:

2.6.4

2. How I installed, and run Caddy:

Linux package

a. System environment:

Ubuntu server 22.10

b. Command:

n/a

c. Service/unit/compose file:

n/a

d. My complete Caddy config:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.

{
	# General Options
	# debug
	http_port    81
}

# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.

czonin.com {
	
	# Set this path to your site's directory.
	root * /usr/share/caddy

	# Enable the static file server.
	file_server

	# Another common task is to set up a reverse proxy:
	# reverse_proxy 192.168.86.214:9443

	handle_path /portainer* {
		reverse_proxy 192.168.86.214:9443
	}

	handle_path /jellyfin* {
		reverse_proxy 192.168.86.214:8096
	}

	# Or serve a PHP site through php-fpm:
	# php_fastcgi localhost:9000
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

3. The problem I’m having:

I get a 404 on my phone when trying to access czonin.com/jellyfin even when it’s on my local WiFi.

4. Error messages and/or full log output:

https://pastebin.com/W7VtnWsi

5. What I already tried:

  • I can access czonin.com/jellyfin on my main PC (separate machine from where caddy and docker are installed)
  • I can’t access it on my main PC when incognito
  • I can reach the default Caddy landing page through my domain on my phone on both my local WiFi and mobile data
  • I can access Jellyfin on my phone through it’s ip:port

6. Links to relevant resources:

n/a

Hey Corey, there might be a mistake – most of the help template is empty. So it’s had to tell what is going on.

Like, what does this mean specifically?

Sorry, but we’ll need more specific details in order to help you.

We also don’t allow redacting domain names here because they are public information and necessary to help troubleshoot (for example, so we can perform a DNS lookup to see if it’s resolving correctly).

1 Like

Apologies, I didn’t mean to make that live yet. I’ve just updated the original post with more information, as well as removing my redacted domain.

Thanks for the quick reply! Let me know if there’s any other information I can provide.

1 Like

So I found that if I just set up reverse_proxy 192.168.86.214:8096 in my Caddyfile then I can access jellyfin on my phone without an issue. But it doesn’t work if I try:

	handle_path /jellyfin* {
		reverse_proxy 192.168.86.214:8096

Any idea why that would be?

Judging from your config, you want to serve portainer and jellyfin under the same site, with different starting subpath. Depending on application, it’s not trivial to support such usage. Often it requires backend service to support this usage.

Ty for that, learned something new. I had tried using a subdomain yesterday to achieve what I was looking to do, but kept getting an error. Here’s my updated Caddyfile:

{
	# General Options
	# debug
	http_port    81
}

# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.

czonin.com {
	
	# Set this path to your site's directory.
	# root * /usr/share/caddy

	# Enable the static file server.
	# file_server

	# Another common task is to set up a reverse proxy:
	# reverse_proxy 192.168.86.214:9443

	jellyfin.czonin.com {
    	reverse_proxy 192.168.86.214:8096
	}

	portainer.czonin.com {
		reverse_proxy 192.168.86.214:9443
	}

	# Or serve a PHP site through php-fpm:
	# php_fastcgi localhost:9000
}

When I try to reload Caddy I get this error unrecognized directive: jellyfin.czonin.com

You can’t nest sites within sites. See the Caddyfile structure:

Got it, that makes sense. I’m now using this:

jellyfin.czonin.com {
  reverse_proxy 192.168.86.214:8096
}

portainer.czonin.com {
  reverse_proxy 192.168.86.214:9443
}

radarr.czonin.com {
  reverse_proxy 192.168.86.214:7878
}

sonarr.czonin.com {
  reverse_proxy 192.168.86.214:8500
}

jellyfin.czonin.com is accessible on my main PC, but not on my phone. None of the other subdomains are working. I read in another thread that I probably need to set up either A or CNAME records for each subdomain. Does that sound right? For example, would I make a CNAME record for using jellyfin.czonin.com and point it at my public IP similar to the original A record I made for the domain?

Sorry for all of the questions, been reading up on all of this a good amount but a lot of the concepts are still fairly confusing.

Also for reference, I’m seeing this in the logs after reloading Caddy with the Caddyfile above.

Feb 23 08:44:05 czonin-ubuntu-server caddy[3764295]: {"level":"info","ts":1677159845.6859457,"logger":"http.acme_client","msg":"trying to solve challenge","ide>
Feb 23 08:44:05 czonin-ubuntu-server caddy[3764295]: {"level":"error","ts":1677159845.9777794,"logger":"http.acme_client","msg":"challenge failed","identifier">
Feb 23 08:44:05 czonin-ubuntu-server caddy[3764295]: {"level":"error","ts":1677159845.9778073,"logger":"http.acme_client","msg":"validating authorization","ide>
Feb 23 08:44:05 czonin-ubuntu-server caddy[3764295]: {"level":"error","ts":1677159845.9777806,"logger":"http.acme_client","msg":"challenge failed","identifier">

Some more progress. I ended up making CNAME records for my domain for each service in my Caddyfile (ie. sonarr.czonin.com pointing at czonin.com) and now those are accessible on my main PC. I’m still getting a 404 on my phone when trying to access any of them though.

Edit 2: More progress. It looks like it just needed time, everything works through subdomains now. I was also able to get dynamic DNS set up for my Google domain using DDClient. The last thing I need to figure out is portainer gives me the error Client sent an HTTP request to an HTTPS server. when trying to access it through the subdomain.

1 Like

You’re close then. Sounds like something is using HTTP when it should be using HTTPS. Either the portainer client needs to use HTTPS, or that reverse proxy needs to use HTTPS to the backend.

Sorry, was away for the weekend. I was able to get it all working. I had some issues on the Portainer side with accessing it through http, but I got that sorted out. Everything is working through subdomains now, and I was able to get Authentik set up for things I wanted to expose that didn’t have authentication. Thanks for all the help @francislavoie @matt !

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.