Cloudflare Tunnels with Caddy issues

TheLightningPhoenix · October 30, 2024, 12:40am

1. The problem I’m having:

I am not able to get caddy to work behind cloudflare tunnels.
So I’m a noob when it comes to https and web networking, but I was able to get my server stuff working in Traefik and Nginx Proxy Manager, but I wanted to swap over to caddy since that is what I used to use before swapping over to cloudflare tunnels.

I have been able to get http services working if I use the http port in the tunnels page, but https pages give me too many redirects

So the issues I end up having when trying to set up caddy are either connection refused(cloudflare tunnels set to caddy https port) or too many redirects (set to http port)

2. Error messages and/or full log output:

Nothing all that useful in this case

caddy-1  | {"level":"info","ts":1730244336.834269,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
caddy-1  | {"level":"info","ts":1730244336.8351707,"msg":"adapted config to JSON","adapter":"caddyfile"}
caddy-1  | {"level":"warn","ts":1730244336.8351827,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":5}
caddy-1  | {"level":"info","ts":1730244336.8358514,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
caddy-1  | {"level":"info","ts":1730244336.8359325,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy-1  | {"level":"warn","ts":1730244336.8359425,"logger":"http.auto_https","msg":"skipping automated certificate management for server because it is disabled","server_name":"srv0"}
caddy-1  | {"level":"info","ts":1730244336.8359501,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy-1  | {"level":"warn","ts":1730244336.835962,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
caddy-1  | {"level":"debug","ts":1730244336.835982,"logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{}]}},"http":{"servers":{"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"authentik-server:9443"}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{"disable_certificates":true}},"srv1":{"listen":[":80"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"foundry:30000"}]}]}]}],"terminal":true},{}],"automatic_https":{"disable":true,"disable_certificates":true}}}}}
caddy-1  | {"level":"info","ts":1730244336.836084,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00049f400"}
caddy-1  | {"level":"info","ts":1730244336.8363876,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
caddy-1  | {"level":"debug","ts":1730244336.836598,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
caddy-1  | {"level":"info","ts":1730244336.8366156,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
caddy-1  | {"level":"debug","ts":1730244336.8366563,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
caddy-1  | {"level":"info","ts":1730244336.8366668,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
caddy-1  | {"level":"info","ts":1730244336.836876,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
caddy-1  | {"level":"info","ts":1730244336.8368857,"msg":"serving initial configuration"}
caddy-1  | {"level":"info","ts":1730244336.8404381,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"0e0460bd-f0f9-4ab8-917f-fc8fdcdcac2d","try_again":1730330736.840436,"try_again_in":86399.99999962}
caddy-1  | {"level":"info","ts":1730244336.8405728,"logger":"tls","msg":"finished cleaning storage units"}

3. Caddy version:

v2.8.4 h1

4. How I installed and ran Caddy:

a. System environment:

Fedora 39 64bit using Docker

b. Command:

docker compose up -d

c. Service/unit/compose file:

services:
  caddy:
    image: iarekylew00t/caddy-cloudflare:latest
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    ports:
      - 7180:80
      - 7143:443
    volumes:
      - /media/DockerStorage/caddy/Caddyfile:/etc/caddy/Caddyfile
      - /media/DockerStorage/caddy/site:/srv
      - /media/DockerStorage/caddy/data:/data
      - /media/DockerStorage/caddy/config:/config
    networks:
      - reverse_proxy
networks:
  zoraxy_reverse_proxy:
    external: true
  reverse_proxy:
    external: true

d. My complete Caddy config:

{
        auto_https disable_certs
}
http://foundry.shivum.xyz
{
        reverse_proxy foundry:30000
}

authentik.shivum.xyz
{
        reverse_proxy authentik-server:9443
}

5. Links to relevant resources:

francislavoie · November 7, 2024, 10:43am

You have Caddy listening on port 7143 on the host, not on port 443. How are you configuring the Cloudflare tunnel? Are you sure you used the correct port?

How are you running the tunnel? Is it running in a separate container, or directly on the host?

TheLightningPhoenix · November 7, 2024, 5:05pm

The picture is kinda small but that shows how the cloud flare tunnel is set up. But the tunnel is running in a container in the same docker network (but that shouldn’t matter since it connects using the LAN IP)

system · December 7, 2024, 5:05pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.