Cloudflared caddy gunicorn website form outside of lan

1. The problem I’m having:

I’m trying to get acces to my website from outside my LAN. I’m running ubuntu in a VM on Unraid, in which I use caddy and gunicorn to run my (flask) website. When I use my LAN IP ( I can visit my website and everything works fine. To acces some dockers on unraid I use cloudflare tunnels, and I really like working with that so I tried to use the same for this website. On the dockers I used to just create a subdomain that points to the IP adress of the docker and turn off TLS verify and it works flawlessly. Doing the same for my website does not work. I used the IP adress i get when running ifconfig, for the cloudflare tunnel.

Mostly my problem is that I don’t fully understand how cloudflare tunnels work, or how to set up caddy to work on a specific domain instead of the IP that I get from ifconfig.

2. Error messages and/or full log output:

I don’t know how to get log output, caddy runs fine if I use my LAN IP.

3. Caddy version:


4. How I installed and ran Caddy:

sudo apt update
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf ' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf ' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
sudo apt install python3-pip python3-dev build-essential libssl-dev libffi-dev python3-setuptools
sudo apt install python3-venv

a. System environment:

Ubuntu 22.04.3 LTS
as a VM in unraid

b. Command:

sudo caddy start
gunicorn run:app

c. Service/unit/compose file:

I don’t know what this is.

d. My complete Caddy config: {
    reverse_proxy localhost:8000

5. Links to relevant resources:

Assuming Caddy got a certificate for, it needs SNI so it knows which certificate to respond with. Caddy closes incoming connections to HTTPS listeners that have bad SNI.

In your Cloudflare dashboard that means expanding Additional application settings, TLS, and filling in Origin Server Name. (I use https://caddy to connect to my Caddy server because it’s in a Compose network right alongside cloudflared, but instead of the caddy hostname, you can use the IP address you already have.)

It should look like this on the overview for that public hostname on the tunnel.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.