It should be a regular plain text file. No file extension. Literally named Caddyfile. Don’t use Notes or whatever to edit it. Use a proper text editor program.
so is there another way i should be deploying caddy to get and use certs to secure the remote connection through lets encrpyt?
My end result would be a secure way through caddy to access my jellyfin server remotely from the wan side.
I have the port forwarding(a made up port 4361) from my router pointing to the jellyfin server, caddy installed on the same server for reverse proxy and to then forward a request from the example.ddns.net that is forwarded in to then send that to 127.0.0.1:8096 which is the jellyfin landing page to login.
No, the notes on deployment are more or less accurate.
Specifically, the linked/posted config - this part here:
Is 2/3rds superfluous.
Think about the why - specifically, why put your site on a higher port?
If you’re doing it for security - that is, you’re effectively trying to use the port as a kind of password, which is what I gather the writer of the linked post is trying to do - it’s not secure at all.
You’ve said you want to access your app from WAN. If that was all you cared about, you could do it with just this:
example.com {
reverse_proxy 127.0.0.1:8096
}
But if you also need to secure your site from unwanted access, an actual secure config is going to look a bit different again. One place you can look is the basic auth directive, to require an actual username/password combination to access your site.
oh gotcha i will definitely look into the basic auth you linked. I was under the impression that 80 & 443 had to be used to allow the lets encrypt do its thing by issuing the ssl cert.
So would you suggest just using the caddy reverse proxy like this
Caddy will take care of handling requests on those ports appropriately before requests hit your configured routes. That handling sits transparently in front of the rest of your config. You should use ports 80/443 to serve your site, and omitting the port in your site address tells Caddy to serve the site on the default HTTPS port, i.e. 443 (and set up HTTP->HTTPS redirects on the default HTTP port, i.e. 80).
Yeah that would work, but this isn’t a great long-term solution typically, best to use a Caddyfile if you plan to leave it running long-term. To make Caddy run at startup, you might need to look into using launchd to run Caddy as a service on mac (Google is your friend here).
No, you need something to serve the site securely over HTTPS, i.e. do the encryption between the client and server; that’s what Caddy does best.
I recommend reading this article that explains the fundamentals of serving a site from your home network: