1. The problem I’m having:
For almost a month I’m trying to debug my Caddyfile configs and try to make reverse proxy work. Due to my constant failures I’ve realized I will try the getting started guide and make everything much more simple. I currently use a very simple Caddyfile to simulate the most basic funcionality of reverse proxying an app/service. It did work with a port passing, but my goal was to do so with a domain, which never worked for me. Only the default “Caddy is working” web and the static Web file. But never once i’ve managed making reverse proxy working with a domain.
Test with curl:
❯ curl -vL qbittorrent.toubul.eu:8080
* Host qbittorrent.toubul.eu:8080 was resolved.
* IPv6: (none)
* IPv4: 10.0.0.5
* Trying 10.0.0.5:8080...
* Connected to qbittorrent.toubul.eu (10.0.0.5) port 8080
* using HTTP/1.x
> GET / HTTP/1.1
> Host: qbittorrent.toubul.eu:8080
> User-Agent: curl/8.12.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://qbittorrent.toubul.eu/
< Server: Caddy
< Date: Thu, 03 Apr 2025 18:50:54 GMT
< Content-Length: 0
<
* shutting down connection #0
* Clear auth, redirects to port from 8080 to 443
* Issue another request to this URL: 'https://qbittorrent.toubul.eu/'
* Host qbittorrent.toubul.eu:443 was resolved.
* IPv6: (none)
* IPv4: 10.0.0.5
* Trying 10.0.0.5:443...
* connect to 10.0.0.5 port 443 from 172.16.0.2 port 47574 failed: Connection refused
* Failed to connect to qbittorrent.toubul.eu port 443 after 259 ms: Could not connect to server
* closing connection #1
curl: (7) Failed to connect to qbittorrent.toubul.eu port 443 after 259 ms: Could not connect to server
2. Error messages and/or full log output:
{"level":"info","ts":1743706232.2686718,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/stop","remote_ip":"127.0.0.1","remote_port":"39386","headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
{"level":"warn","ts":1743706232.268712,"logger":"admin.api","msg":"exiting; byeee!! 👋"}
{"level":"info","ts":1743706232.2687309,"logger":"http","msg":"servers shutting down with eternal grace period"}
{"level":"info","ts":1743706232.2691922,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
{"level":"info","ts":1743706232.2693276,"logger":"admin.api","msg":"shutdown complete","exit_code":0}
{"level":"info","ts":1743706233.320389,"msg":"using config from file","file":"/config/Caddyfile"}
{"level":"info","ts":1743706233.3221493,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"info","ts":1743706233.3350906,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1743706233.3353515,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0006aba80"}
{"level":"info","ts":1743706233.3356676,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":8443}
{"level":"info","ts":1743706233.3356788,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"debug","ts":1743706233.3356974,"logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{"subjects":["*.toubul.eu"]},{}]}},"http":{"http_port":8080,"https_port":8443,"servers":{"remaining_auto_https_redirects":{"listen":[":8080"],"routes":[{},{}]},"srv0":{"listen":[":8443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"group":"group2","handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"vars","root":"/app/www"},{"handler":"file_server","hide":["/config/Caddyfile"]}]}]}],"match":[{"host":["caddy.toubul.eu"]}]},{"group":"group2","handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","transport":{"protocol":"http","tls":{"insecure_skip_verify":true}},"upstreams":[{"dial":"qbittorrent:8080"}]}]}]}],"match":[{"host":["qbittorrent.toubul.eu"]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
{"level":"debug","ts":1743706233.3360527,"logger":"http","msg":"starting server loop","address":"[::]:8443","tls":true,"http3":false}
{"level":"info","ts":1743706233.3360803,"logger":"http","msg":"enabling HTTP/3 listener","addr":":8443"}
{"level":"info","ts":1743706233.336217,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"debug","ts":1743706233.3362548,"logger":"http","msg":"starting server loop","address":"[::]:8080","tls":false,"http3":false}
{"level":"warn","ts":1743706233.336261,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":8080"}
{"level":"warn","ts":1743706233.3362648,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":8080"}
{"level":"info","ts":1743706233.3362682,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1743706233.3362718,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["*.toubul.eu"]}
{"level":"debug","ts":1743706233.3381793,"logger":"tls.cache","msg":"added certificate to cache","subjects":["*.toubul.eu"],"expiration":1751415644,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"e75730dcfba33f995cc8e0813ca1c2dcc72bebf0926973f8479ea4ff1ec08319","cache_size":1,"cache_capacity":10000}
{"level":"debug","ts":1743706233.3381982,"logger":"events","msg":"event","name":"cached_managed_cert","id":"4ef7acf6-a54e-4933-81e8-3af765a42931","origin":"tls","data":{"sans":["*.toubul.eu"]}}
{"level":"info","ts":1743706233.3386621,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1743706233.3386683,"msg":"serving initial configuration"}
{"level":"info","ts":1743706233.3455331,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/config/caddy","instance":"223acb42-54f5-436b-a6c2-d48aabb8a338","try_again":1743792633.345531,"try_again_in":86399.999999529}
{"level":"info","ts":1743706233.3459973,"logger":"tls","msg":"finished cleaning storage units"}
3. Caddy version: 2.9.1
4. How I installed and ran Caddy:
Hotio Docker image on an Unraid Server app install.
a. System environment:
Docker, Unraid 7.0.1
b. Command:
/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker create --name='caddy' --net='proxy' --pids-limit 2048 -e TZ="Asia/Jerusalem" -e HOST_OS="Unraid" -e HOST_HOSTNAME="Sunny" -e HOST_CONTAINERNAME="caddy" -e 'CUSTOM_BUILD'='' -e 'CLOUDFLARE_EMAIL'='${CF_EMAIL}' -e 'CLOUDFLARE_API_TOKEN'='${CF_API_TOKEN}' -e 'PRIVOXY_ENABLED'='false' -e 'UNBOUND_ENABLED'='false' -e 'VPN_ENABLED'='false' -e 'VPN_CONF'='wg0' -e 'VPN_PROVIDER'='generic' -e 'VPN_LAN_NETWORK'='' -e 'VPN_EXPOSE_PORTS_ON_LAN'='' -e 'VPN_AUTO_PORT_FORWARD'='true' -e 'VPN_AUTO_PORT_FORWARD_TO_PORTS'='' -e 'VPN_FIREWALL_TYPE'='auto' -e 'VPN_PIA_USER'='' -e 'VPN_PIA_PASS'='' -e 'VPN_PIA_PREFERRED_REGION'='' -e 'VPN_PIA_DIP_TOKEN'='no' -e 'VPN_PIA_PORT_FORWARD_PERSIST'='false' -e 'PUID'='99' -e 'PGID'='100' -e 'UMASK'='002' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.webui='http://[IP]:[PORT:8080]' -l net.unraid.docker.icon='https://hotio.dev/webhook-avatars/caddy.png' -p '8080:8080/tcp' -p '8443:8443/tcp' -v '/mnt/user/appdata/caddy':'/config':'rw' --env-file /mnt/user/appdata/caddy/.env --hostname=caddy.internal --cap-add=NET_ADMIN --sysctl="net.ipv4.conf.all.src_valid_mark=1" --sysctl="net.ipv6.conf.all.disable_ipv6=1" 'ghcr.io/hotio/caddy:release'
d. My complete Caddy config:
{
email {env.CF_EMAIL}
http_port 8080
https_port 8443
debug
}
(block_world) {
@block not remote_ip private_ranges
abort @block
}
(log_settings) {
log {
output file /config/access.log
level DEBUG
}
}
*.toubul.eu {
tls {
dns cloudflare {env.CF_API_TOKEN}
propagation_delay 1m
resolvers 1.1.1.1 1.0.0.1
}
@caddy host caddy.toubul.eu
handle @caddy {
## import log_settings
root * /app/www
file_server
## import block_world
}
@qbittorrent host qbittorrent.toubul.eu
handle @qbittorrent {
reverse_proxy https://qbittorrent:8080 {
transport http {
tls
tls_insecure_skip_verify
}
}
}
}