Having trouble with caddy reverse proxy with Cloudflare

Winter_Sky · February 29, 2024, 3:40pm

1. The problem I’m having:

Hi guys, extreme noob here. I’ve always messed with Linux and Media servers locally but never remotely. The best I did was open up the port on my router and enter the IP on my phone. Now I want to do things properly with HTTPS and Reverse Proxy.

I bought a domain for cheap and I’m tryin got point my Jellyfin to this(Jellyfin created with the help of DockSTARTer) my whole setup is in containers. I followed this youtube video

I do exactly what is done in this video but it doesn’t work! I’ve spent much of the day on this issue.

2. Error messages and/or full log output:

Feb 29 21:01:14 archlinux systemd[1]: Starting Caddy web server...
Feb 29 21:01:14 archlinux caddy[128092]: {"level":"info","ts":1709220674.3407578,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Feb 29 21:01:14 archlinux caddy[128092]: {"level":"warn","ts":1709220674.3408637,"msg":"No files matching import glob pattern","pattern":"/etc/caddy/conf.d/*"}
Feb 29 21:01:14 archlinux caddy[128092]: {"level":"info","ts":1709220674.3427844,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000397700"}
Feb 29 21:01:14 archlinux caddy[128092]: {"level":"info","ts":1709220674.342832,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Feb 29 21:01:14 archlinux caddy[128092]: {"level":"info","ts":1709220674.3428516,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Feb 29 21:01:14 archlinux caddy[128092]: {"level":"info","ts":1709220674.3430142,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc000397700"}
Feb 29 21:01:14 archlinux caddy[128092]: Valid configuration
Feb 29 21:01:14 archlinux caddy[128101]: caddy.HomeDir=/var/lib/caddy
Feb 29 21:01:14 archlinux caddy[128101]: caddy.AppDataDir=/var/lib/caddy
Feb 29 21:01:14 archlinux caddy[128101]: caddy.AppConfigDir=/etc/caddy
Feb 29 21:01:14 archlinux caddy[128101]: caddy.ConfigAutosavePath=/etc/caddy/autosave.json
Feb 29 21:01:14 archlinux caddy[128101]: caddy.Version=v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
Feb 29 21:01:14 archlinux caddy[128101]: runtime.GOOS=linux
Feb 29 21:01:14 archlinux caddy[128101]: runtime.GOARCH=amd64
Feb 29 21:01:14 archlinux caddy[128101]: runtime.Compiler=gc
Feb 29 21:01:14 archlinux caddy[128101]: runtime.NumCPU=4
Feb 29 21:01:14 archlinux caddy[128101]: runtime.GOMAXPROCS=4
Feb 29 21:01:14 archlinux caddy[128101]: runtime.Version=go1.21.4
Feb 29 21:01:14 archlinux caddy[128101]: os.Getwd=/
Feb 29 21:01:14 archlinux caddy[128101]: LANG=en_US.UTF-8
Feb 29 21:01:14 archlinux caddy[128101]: PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
Feb 29 21:01:14 archlinux caddy[128101]: NOTIFY_SOCKET=/run/systemd/notify
Feb 29 21:01:14 archlinux caddy[128101]: USER=caddy
Feb 29 21:01:14 archlinux caddy[128101]: LOGNAME=caddy
Feb 29 21:01:14 archlinux caddy[128101]: HOME=/var/lib/caddy
Feb 29 21:01:14 archlinux caddy[128101]: INVOCATION_ID=f2d94842d98b467ab937a934bb9f0f39
Feb 29 21:01:14 archlinux caddy[128101]: JOURNAL_STREAM=8:341471
Feb 29 21:01:14 archlinux caddy[128101]: SYSTEMD_EXEC_PID=128101
Feb 29 21:01:14 archlinux caddy[128101]: MEMORY_PRESSURE_WATCH=/sys/fs/cgroup/system.slice/caddy.service/memory.pressure
Feb 29 21:01:14 archlinux caddy[128101]: MEMORY_PRESSURE_WRITE=c29tZSAyMDAwMDAgMjAwMDAwMAA=
Feb 29 21:01:14 archlinux caddy[128101]: XDG_DATA_HOME=/var/lib
Feb 29 21:01:14 archlinux caddy[128101]: XDG_CONFIG_HOME=/etc
Feb 29 21:01:14 archlinux caddy[128101]: {"level":"info","ts":1709220674.4350495,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Feb 29 21:01:14 archlinux caddy[128101]: {"level":"warn","ts":1709220674.4352012,"msg":"No files matching import glob pattern","pattern":"/etc/caddy/conf.d/*"}
Feb 29 21:01:14 archlinux caddy[128101]: {"level":"info","ts":1709220674.437057,"logger":"admin","msg":"admin endpoint started","address":"unix//run/caddy/admin.socket","enforce_origin":false,"origins":["//127.0.0.1","//::1",""]}
Feb 29 21:01:14 archlinux caddy[128101]: {"level":"info","ts":1709220674.437331,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000379d80"}
Feb 29 21:01:14 archlinux caddy[128101]: {"level":"info","ts":1709220674.4373686,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Feb 29 21:01:14 archlinux caddy[128101]: {"level":"info","ts":1709220674.4373856,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Feb 29 21:01:14 archlinux caddy[128101]: {"level":"info","ts":1709220674.4376888,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Feb 29 21:01:14 archlinux caddy[128101]: {"level":"info","ts":1709220674.4377422,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Feb 29 21:01:14 archlinux caddy[128101]: {"level":"info","ts":1709220674.437837,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
Feb 29 21:01:14 archlinux caddy[128101]: {"level":"info","ts":1709220674.437968,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Feb 29 21:01:14 archlinux caddy[128101]: {"level":"info","ts":1709220674.438052,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["www.horizonjelly.cloud"]}
Feb 29 21:01:14 archlinux caddy[128101]: {"level":"error","ts":1709220674.4386406,"msg":"unable to autosave config","file":"/etc/caddy/autosave.json","error":"open /etc/caddy/autosave.json: read-only file system"}
Feb 29 21:01:14 archlinux caddy[128101]: {"level":"info","ts":1709220674.4387152,"msg":"serving initial configuration"}
Feb 29 21:01:14 archlinux systemd[1]: Started Caddy web server.
Feb 29 21:01:14 archlinux caddy[128101]: {"level":"warn","ts":1709220674.4435766,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy","instance":"7b369897-75ae-4bfd-9084-b5b1952f77b5","try_again":1709307074.4435737,"try_again_in":86399.999999453}
Feb 29 21:01:14 archlinux caddy[128101]: {"level":"info","ts":1709220674.443689,"logger":"tls","msg":"finished cleaning storage units"}

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

a. System environment:

OS: Arch Linux
Kernel: x86_64 Linux 6.7.6-arch1-1
Installed via

pacman -S caddy

b. Command:

caddy run --config /etc/caddy/Caddyfile

c. My complete Caddy config:

www.domain.mine{
        reverse_proxy 192.168.0.104:8096
        tls {
                dns cloudflare APITOKEN
        }
}

Thank you for being patient.

francislavoie · February 29, 2024, 5:28pm

What do you mean by “doesn’t work”? That doesn’t mean anything.

We need to know what the specific symptoms are. What error are you seeing?

There’s no errors in your logs (aside from failing to write the autosave.json which is harmless on its own). You didn’t show how you set up your container, so we don’t know “how you’re running Caddy”.

Winter_Sky · March 1, 2024, 9:23am

Sorry for being vague about the issue.

My problem is that I can’t get Jellyfin to show up when I open my domain. I followed the video linked above and did the same exact steps and I still seem to be missing something. The domain just returns “Connection Timed out webpage” error.

As mentioned in 4a, I’ve installed Caddy with pacman. Caddy is on the system directly, while Jellyfin is on a docker. Regardless I mentioned the local IP and port for Jellyfin that I use at home in the Caddyfile.

Winter_Sky · March 1, 2024, 4:40pm

I just learned that this has been working all this time but it sometimes it takes a while for your home network to pickup a brand new reverse proxy.

I opened it on my mobile phone network and it worked, but apparently takes a while for it to showup on home network(Where I was testing it on).

francislavoie · March 1, 2024, 4:42pm

If it’s working on your cell but not in your LAN, then the problem is that your router doesn’t support NAT hairpinning (i.e. it doesn’t know how to route packets destined to your WAN IP when coming from inside your network).

The typical solution is to run a DNS server in your LAN to override your domain name to resolve to your server’s LAN IP instead of your WAN IP.

system · March 31, 2024, 4:42pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.