Can't get Caddy v2 to work on Home Assistant as reverse proxy

1. Caddy version (caddy version):

v2.3.0

2. How I run Caddy:

I’m running Caddy as a addon on my local Home Assistant installation. This was provided here: GitHub - einschmidt/hassio-addons: Home Assistant addons
So far I have it up and running, a certificate was created as well for my DDNS Domain (.home-webserver.de). All verified and valid.

a. System environment:

Home Assistant 2021.2.1 in which Caddy runs as an addon (which utilizes Docker where it actually runs in)

b. Command:

Can’t tell but it will use a Caddyfile so presumingly it runs at least with that flag. Since it all starts up nicely I did not dig deeper here.

c. Service/unit/compose file:

don't have one, it's a HA addon

d. My complete Caddyfile or JSON config:

Did test various combinations how things might work, however none really did.

{
  email <my email>
}

<name>.home-webserver.de {

  route /qnap/* {                                    # QNAP NAS
    uri strip_prefix /qnap
    reverse_proxy /qnap/* 10.0.0.10:8088
  }

  route /unifi/* {                                   # QNAP Unifi Controller
    uri strip_prefix /unifi
    reverse_proxy { 
      to 10.0.0.10:38193
      transport http {
                       tls_insecure_skip_verify
                     }
    }
  }

  route /homeassistant/* {                          # Home Assistant
    uri strip_prefix /homeassistant
    reverse_proxy 10.0.0.20:8123
  }

  route /grocy/* {                                  # HA Grocy
    uri strip_prefix /grocy
    reverse_proxy 10.0.0.20:8080
  } 

  route /barcodebuddy/* {                           # HA Barcode Buddy for Grocy
    uri strip_prefix /barcodebuddy
    reverse_proxy 10.0.0.20:8621
  }

}

Other config I checked based on sources online:

{
  email <my email>
}

# <name>.home-webserver.de 

# reverse_proxy /qnap/* takekinas.foeller:8088
# reverse_proxy /unifi/* takekinas.foeller:38193
# reverse_proxy /homeassistant/* homeassistant.foeller:8123
# reverse_proxy /grocy/* homeassistant.foeller:8080
# reverse_proxy /barcodebuddy/* homeassistant.foeller:8621

3. The problem I’m having:

I want to use subdirectories to reverse proxy from my external domain to various services in my local network (eg. https://.home-webserver.de/homeassistant points to my Home Assistant install (aka localhost since Caddy runs on the same machine) while https://.home-webserver.de/qnap points to my NAS which is a different device in my local network.
So far I was only able to get one service (QNAP) running from the TLD but not from any subdirectory path. Whenever I do this for any service all I am getting is a white page.
Also only qnap was able to be used as a target for my TLD. When using it with home assistant I even got a white page there no matter what I did.
I’ve spend 2 days now checking every config I found on the internet so far. I checked if route is the right thing to use, also checked with handle_path instead of it but so far I was not able to get Caddy up and running.
Since it is known for an easy configuration and also handles the certificate the same time, I really would love to use it as my reverse proxy but at the present moment I do not know how to archive what I need it running like. I checked the docs and went back and forth but 2 full days are now gone and I am not close to have it running as needed. So I’m completely lost here and perhaps somebody here can give me a jump start since I obviously cannot see (and perhaps understand) what I am doing wrong.

4. Error messages and/or full log output:

This is the complete output of the HA addon log. I removed the domain matching to the above since this I am sure it not the cause of my struggling.

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] scripts: applying... 
[fix-attrs.d] scripts: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-banner.sh: executing... 
-----------------------------------------------------------
 Add-on: Caddy 2
 Open source web and proxy server with automatic HTTPS
-----------------------------------------------------------
 Add-on version: 0.2.1
 You are running the latest version of this add-on.
 System: Home Assistant OS 5.10  (amd64 / intel-nuc)
 Home Assistant Core: 2021.2.1
 Home Assistant Supervisor: 2021.01.7
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing... 
Log level is set to INFO
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
INFO: Starting Caddy...
INFO: Use built-in Caddy
v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=
INFO: Caddyfile found at /config/Caddyfile
{"level":"info","ts":1612779194.0362265,"msg":"using provided configuration","config_file":"/config/Caddyfile","config_adapter":""}
{"level":"info","ts":1612779194.0622973,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["127.0.0.1:2019","localhost:2019","[::1]:2019"]}
{"level":"info","ts":1612779194.0641813,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1612779194.0734541,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1612779194.0652502,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002920e0"}
{"level":"info","ts":1612779194.089678,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["<name>.home-webserver.de"]}
{"level":"info","ts":1612779194.092427,"logger":"tls","msg":"cleaned up storage units"}
{"level":"info","ts":1612779194.1406207,"msg":"autosaved config","file":"/data/caddy/autosave.json"}
{"level":"info","ts":1612779194.1434288,"msg":"serving initial configuration"}

5. What I already tried:

Various attempts with different combinations of all configs I found. I searched the forums here and at home assistant for possible solutions. Most however covered Caddy v1 so I figured that out and checked how I can migrate this to v2. Did that and checked many google search results. So far I was not successful other than getting Caddy to deliver my QNAP to the TLD but not to any subdomain. Consulted a friend if he has an idea, so he installed Caddy on his HA installation but could not find the missing piece of the puzzle either. So after 2 days I choose to post this in both forums, here and in the HA one. Got not reply at the Home Assistant forum yet, so I checked other ideas this morning but still, no luck.

6. Links to relevant resources:

and many more, but as a new user I cannot post more links…

First thing I notice is that you strip the path, then match on that same path. So if the path is stripped, that path will no longer be there to match on. So you’d need to remove the matcher on reverse_proxy here.

But all these route + uri strip_prefix can be replaced by handle_path, like this:

handle_path /qnap/* {
	reverse_proxy 10.0.0.10:8088
}

You didn’t specify https:// for the proxy here, and you’re using a port that’s not 443, so Caddy won’t be trying to use TLS anyways. So if you need to use tls, do specify https:// on the upstream address. Otherwise, you can remove the transport stuff, and move your upstream address inline instead of in a block.

All that said, I generally recommend using subdomains when you have many services to serve, rather than subpaths. Read this post to understand why:

1 Like

Thanks a lot for replying @francislavoie!

Indeed I understand what you mean with the subpath, it was also something I found on my research when looking into it. However I do not think that with utilizing a DDNS Service I have much of a choice as it already is a subdomain already. Don’t know if they allow sub-sub domains which I would need in that case.

I changed the Caddyfile according to what you mentioned:

<name>.home-webserver.de {

  handle_path  /qnap/* {                                    # QNAP NAS
    reverse_proxy 10.0.0.10:8088
  }

  handle_path  /unifi/* {                                   # QNAP Unifi Controller
    reverse_proxy { 
      to https://10.0.0.10:38193
      transport http {
                       tls_insecure_skip_verify
                     }
    }
  }

  handle_path  /homeassistant/* {                          # Home Assistant
    reverse_proxy 10.0.0.20:8123
  }

  handle_path  /grocy/* {                                  # HA Grocy
    reverse_proxy 10.0.0.20:8080
  } 

  handle_path  /barcodebuddy/* {                           # HA Barcode Buddy for Grocy
    reverse_proxy 10.0.0.20:8621
  }

}

Unfortunately this did not change the result, I still am stuck with an all white page when any of these subpaths in my browser. So I don’t even get as far as it might would create an issue like described in your link from above. I also checked with the webdeveloper tools in firefox and the caddy is being reached. So it’s still something which is off because of the config I am currently using, the one I posted…

Thanks!

OK, I checked and I was able to run on sub-sub domains.
So thanks for pointing it out, I just recreated the whole Caddyfile with sub(sub) domains and it works that way. I do not really mind it (although I personally think the subpaths are more intuitive) I will stick with that solution. Thanks a lot, I really appreciate your input which helped me to at least find a solution at all. :slight_smile:

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.