1. The problem I’m having:
I’m trying to configure caddy reverse proxy for File Browser. I’m using docker-compose and Caddy. I’m able to access the application via local IP and port but Caddy continuously times out when trying to acquire a certificate. Judging by the (albeit vague) documentation I need to add a header to the Caddyfile for this application. It provides the following template as an example:
filebrowser config set --auth.method=proxy --auth.header=X-My-Header
X-My-Header
is supposed to be where a proxy header specifying the user is pasted. I’m not sure what this even means.
I assume it should be inserted in the Caddyfile where the commented line is located. I have a similar setup for nextcloud but that solution is not working in this instance.
filebrowser.{$MY_DOMAIN} {
reverse_proxy filebrowser:8024
# filebrowser config set --auth.method=proxy --auth.header=Remote-User
}
After reviewing the Caddy documentation I think I’m out of my depth on this one. I host a number of applications with this Caddy configuration and with the exception of the Nextcloud instance mentioned earlier, none of them require a proxy header.
2. Error messages and/or full log output:
{"level":"error","ts":1683260464.1862993,"logger":"http.acme_client","msg":"validating authorization","identifier":"filebrowser.my_domain.com","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"149.28.47.236: Invalid response from http://filebrowser.my_domain.com/.well-known/acme-challenge/qt1ioqsE2P3oTdPMkqbXaxBmD8vj1yrZBqsodKt8fi0: 404","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/18888959/8584815724","attempt":2,"max_attempts":3}
{"level":"error","ts":1683260464.1863458,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"filebrowser.my_domain.com","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - 149.28.47.236: Invalid response from http://filebrowser.my_domain.com/.well-known/acme-challenge/qt1ioqsE2P3oTdPMkqbXaxBmD8vj1yrZBqsodKt8fi0: 404"}
{"level":"error","ts":1683260464.186458,"logger":"tls.obtain","msg":"will retry","error":"[filebrowser.my_domain.com] Obtain: [filebrowser.my_domain.com] solving challenge: filebrowser.my_domain.com: [filebrowser.my_domain.com] authorization failed: HTTP 403 urn:ietf:params:acme:error:unauthorized - 149.28.47.236: Invalid response from http://filebrowser.my_domain.com/.well-known/acme-challenge/qt1ioqsE2P3oTdPMkqbXaxBmD8vj1yrZBqsodKt8fi0: 404 (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":22.885142679,"max_duration":2592000}
3. Caddy version:
v2.6.4
4. How I installed and ran Caddy:
I am using the official caddy docker image
a. System environment:
Synology NAS 918+
b. Command:
docker-compose up -d caddy filebrowser
docker logs caddy
c. Service/unit/compose file:
---
version: "3.7"
services:
caddy:
image: caddy
container_name: caddy
hostname: caddy
restart: unless-stopped
ports:
- "780:80"
- "7443:443"
- "32400:32400"
environment:
- MY_DOMAIN
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./caddy/data:/data
- ./caddy/config:/config
filebrowser:
image: filebrowser/filebrowser
container_name: filebrowser
user: 1026:100
ports:
- 8024:8024
volumes:
- /volume1/data/docker/filebrowser/config/filebrowser.db:/database.db
- /volume1/data/docker/filebrowser/config/.filebrowser.json:/.filebrowser.json
- /volume1/data:/srv
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
default:
external:
name: $DOCKER_MY_NETWORK
d. My complete Caddy config:
filebrowser.{$MY_DOMAIN} {
reverse_proxy filebrowser:8024
header Strict-Transport-Security max-age=31536000;
# filebrowser config set --auth.method=proxy --auth.header=Remote-User
}
5. Links to relevant resources:
I used this video to get it installed
AfterwardsI ended up having to add a .json file to get it to work. It has this configuration…
{
"port": 8024,
"address": "",
"database": "/database.db",
"scope": "/srv",
"allowCommands": true,
"allowEdit": true,
"allowNew": true,
"commands": []
}