Help! Caddy not working with Jellyfin Reverse Proxy

thetechfantic · January 6, 2021, 1:22pm

1. Caddy version (`caddy version 2.3`):

2. How I run Caddy:

I run Caddy as a reverse proxy as a windows service via NSSM. The location is C:/Caddy and uses a Caddyfile

a. System environment:

I use windows 10 home natively running Caddy

b. Command:

Caddy run

or NSSM

NSSM start Caddy

c. Service/unit/compose file:

d. My complete Caddyfile or JSON config:

techflix.duckdns.org {
	encode gzip
		log {
			output file C:\caddy\logs\emby_access.log {
				roll true				# Rotate logs, enabled by default
				roll_size_mb 5			# Set max size 5 MB
				roll_gzip true			# Whether to compress rolled files
				roll_local_time true	# Use localhost time
				roll_keep 2				# Keep at most 2 log files
				roll_keep_days 7		# Keep log files for 7 days 
			}
		}
    reverse_proxy localhost:8096 
}

3. The problem I’m having:

The site is inaccessible on host device and on other devices shows as 403: Forbidden. Even though I specified it to store logs, there were no logs present
In windows services Caddy shows up as paused, attempts to resume go unanswered

4. Error messages and/or full log output:

2021/01/06 13:01:53.708 ←[34mINFO←[0m   using adjacent Caddyfile
2021/01/06 13:01:53.727 ←[34mINFO←[0m   admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["[::1]:2019", "127.0.0.1:2019", "localhost:2019"]}
2021/01/06 13:01:53.731 ←[34mINFO←[0m   tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00030b9d0"}
2021/01/06 13:01:53.731 ←[34mINFO←[0m   http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2021/01/06 13:01:53.731 ←[34mINFO←[0m   http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2021/01/06 13:01:53.734 ←[34mINFO←[0m   tls     cleaned up storage units
run: loading initial config: loading new config: http app module: start: tcp: listening on :80: listen tcp :80: bind: An attempt was made to access a socket in a way forbidden by its access permissions.

5. What I already tried:

Resuming service
Port forwarding is all good
Firewall exempt looks good
Cleared app data
cache

6. Links to relevant resources:

The guide I used: https://www.reddit.com/r/jellyfin/comments/hotycl/windows_and_caddy_v2_reverse_proxy_guide/

francislavoie · January 6, 2021, 3:55pm

This is probably because your home router doesn’t support hairpin NAT. Basically it doesn’t know how to deal with requests to its own WAN IP.

The typical solution is to either also run a DNS server in your home network to make your domain resolve to your LAN IP instead (requires a bit of effort).

Another way is to just serve a second site in Caddy that doesn’t use a domain with the WAN IP. You could get yourself another duckdns domain that you manually set to your LAN IP (no auto updating) and use that, but over http only because you won’t be able to get a let’s encrypt cert for a domain that doesn’t resolve to a public IP.

thetechfantic:

run: loading initial config: loading new config: http app module: start: tcp: listening on :80: listen tcp :80: bind: An attempt was made to access a socket in a way forbidden by its access permissions.

This is a startup error, so I figure Caddy wasn’t able to start again. There could be all kinds of reasons for this. Does the user you run the service as have the permissions to open network ports? Do you have another service running using port 80? You’ll need to dig in deeper to find out the cause.

system · February 5, 2021, 1:22pm

This topic was automatically closed after 30 days. New replies are no longer allowed.