Creating caddyfile macos arm

deletedbyadmin · April 6, 2021, 11:48pm

1. Caddy version (`caddy version`):

v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=

2. How I run Caddy:

a. System environment:

macos

b. Command:

caddy run

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

paste config here, replacing this text
use `caddy fmt` to make it readable
DO NOT REDACT anything except credentials
or helpers will be sad

3. The problem I’m having:

I don’t know where to put the caddyfile i created for macos. I can’t run the commands

I am trying create and use a caddyfile with this in it as example:

example.ddns.net:80 {
  respond ":-P" 403
}

example.ddns.net:443 {
  respond ":-P" 403
}

example.ddns.net:4361 {
  reverse_proxy 127.0.0.1:4361
}

4. Error messages and/or full log output:

2021/04/06 17:08:49.093 INFO using provided configuration {“config_file”: “/Users/example/Documents/caddy/Caddyfile.rtf”, “config_adapter”: “”}
run: adapting config using caddyfile: /Users/example/Documents/caddy/Caddyfile.rtf:2: unrecognized directive: \cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fswiss\fcharset0

5. What I already tried:

I’ve tried to do caddy run --config (drag and drop into terminal) - i get this

example@Mac-Mini ~ % caddy run --config /Users/example/Documents/caddy/Caddyfile.rtf
2021/04/06 17:08:49.093 INFO using provided configuration {“config_file”: “/Users/example/Documents/caddy/Caddyfile.rtf”, “config_adapter”: “”}
run: adapting config using caddyfile: /Users/example/Documents/caddy/Caddyfile.rtf:2: unrecognized directive: \cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fswiss\fcharset0

There is no information on the caddy site as to where it should be placed for macos or how to get caddy

6. Links to relevant resources:

I am trying to follow this guide - Simpleton guide for remote access? - Support - Jellyfin Forum
Getting Started — Caddy Documentation
Caddyfile Tutorial — Caddy Documentation

francislavoie · April 6, 2021, 7:14pm

I don’t think your Caddyfile is properly saved as a text file. It seems like it was saved as an .rtf file. Make sure to use a text editor.

deletedbyadmin · April 6, 2021, 7:23pm

what should it be saved as?

and once it is saved i am doing this correctly?
caddy run --config (drag and drop into terminal)

francislavoie · April 6, 2021, 7:50pm

It should be a regular plain text file. No file extension. Literally named Caddyfile. Don’t use Notes or whatever to edit it. Use a proper text editor program.

deletedbyadmin · April 6, 2021, 8:02pm

i used the default textedit app on my mac

deletedbyadmin · April 6, 2021, 8:18pm

It was in rich text format had to convert it to plaintext format.

deletedbyadmin · April 6, 2021, 11:48pm

and my caddyfile is this:

example.ddns.net:80 {
  respond ":-P" 403
}

example.ddns.net:443 {
  respond ":-P" 403
}

example.ddns.net:4361 {
  reverse_proxy 127.0.0.1:8096
}

Is this correct to do the following outlined by Cognicom Simpleton guide for remote access? - #2 by Cognicom - Support - Jellyfin Forum

Mohammed90 · April 6, 2021, 11:25pm

Can you explain what you’re trying to do? As in, what is your end goal? What are you trying to set up?

deletedbyadmin · April 6, 2021, 11:47pm

i am trying to do what is linked above. the simple guide for remote access.

i can’t directly link to it again so you will have to click from here Creating caddyfile macos arm - #7 by deletedbyadmin

Whitestrake · April 7, 2021, 12:14am

This is a very loaded question!

That config is functional, yes. Is it right for you? The answer is… Maybe?

If the only thing you care about is remote access, 2/3rds of the above posted/linked config is superfluous and unnecessary.

deletedbyadmin · April 7, 2021, 12:37am

so is there another way i should be deploying caddy to get and use certs to secure the remote connection through lets encrpyt?

My end result would be a secure way through caddy to access my jellyfin server remotely from the wan side.

I have the port forwarding(a made up port 4361) from my router pointing to the jellyfin server, caddy installed on the same server for reverse proxy and to then forward a request from the example.ddns.net that is forwarded in to then send that to 127.0.0.1:8096 which is the jellyfin landing page to login.

Whitestrake · April 7, 2021, 12:57am

No, the notes on deployment are more or less accurate.

Specifically, the linked/posted config - this part here:

Is 2/3rds superfluous.

Think about the why - specifically, why put your site on a higher port?

If you’re doing it for security - that is, you’re effectively trying to use the port as a kind of password, which is what I gather the writer of the linked post is trying to do - it’s not secure at all.

You’ve said you want to access your app from WAN. If that was all you cared about, you could do it with just this:

example.com {
  reverse_proxy 127.0.0.1:8096
}

But if you also need to secure your site from unwanted access, an actual secure config is going to look a bit different again. One place you can look is the basic auth directive, to require an actual username/password combination to access your site.

basicauth (Caddyfile directive) — Caddy Documentation

deletedbyadmin · April 7, 2021, 1:07am

oh gotcha i will definitely look into the basic auth you linked. I was under the impression that 80 & 443 had to be used to allow the lets encrypt do its thing by issuing the ssl cert.

So would you suggest just using the caddy reverse proxy like this

caddy reverse-proxy --from example.ddns.net --to 127.0.0.1:8096

and if so, how would i secure that connection over https with caddy?

deletedbyadmin · April 7, 2021, 1:16am

Or should i just remove everything i was trying to do and point port forward example.ddns.net 80 & 443 to 127.0.0.1:8096

That reads if im correct that it is automatically serving that page securely?

I apologize as english isn’t my first language.

francislavoie · April 7, 2021, 2:15am

Caddy will take care of handling requests on those ports appropriately before requests hit your configured routes. That handling sits transparently in front of the rest of your config. You should use ports 80/443 to serve your site, and omitting the port in your site address tells Caddy to serve the site on the default HTTPS port, i.e. 443 (and set up HTTP->HTTPS redirects on the default HTTP port, i.e. 80).

Yeah that would work, but this isn’t a great long-term solution typically, best to use a Caddyfile if you plan to leave it running long-term. To make Caddy run at startup, you might need to look into using launchd to run Caddy as a service on mac (Google is your friend here).

No, you need something to serve the site securely over HTTPS, i.e. do the encryption between the client and server; that’s what Caddy does best.

I recommend reading this article that explains the fundamentals of serving a site from your home network: