1. The problem I’m having:
I have managed to set up Caddy (with security plugins) to reverse proxy my Mainsail 3D printing server to a domain name, however I am unable to get the webcam streaming to forward correctly.
My Mainsail instance uses a Go2RTC stream from Frigate on a different IP address. This stream displays fine when accessing my Mainsail instance locally, over http, via the IP address, but shows ‘Disconnected’ when accessed via the domain name.
2. Error messages and/or full log output:
[Error] WebSocket connection to 'wss://192.168.1.28:5000/live/webrtc/api/ws?src=3D_Printer&media=video' failed: An SSL error has occurred and a secure connection to the server cannot be made.
3. Caddy version:
v2.8.0
4. How I installed and ran Caddy:
a. System environment:
delver/caddy-security docker image
docker-compose installation on debian 12 container in proxmox
b. Command:
docker compose up -d
c. Service/unit/compose file:
services:
caddy:
image: delver/caddy-security:latest
container_name: caddy
restart: unless-stopped
cap_add:
- NET_ADMIN
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- ./caddy/Caddyfile:/etc/caddy/Caddyfile
- ./caddy/srv:/srv
- ./caddy/data:/data
- ./caddy/config:/config
ddclient:
image: lscr.io/linuxserver/ddclient:latest
container_name: ddclient
environment:
- PUID=0
- PGID=0
- TZ=Europe/London
volumes:
- ./ddclient/config:/config
restart: unless-stopped
d. My complete Caddy config:
{
order authenticate before respond
order authorize before reverse_proxy
security {
local identity store localdb {
realm local
path /data/caddy/auth/local/users.json
}
authentication portal myportal {
enable identity store localdb
cookie domain mysite.com
cookie lifetime 864000
crypto default token lifetime 864000
ui {
links {
"Frigate" https://frigate.mysite.com
"Mainsail" https://mainsail.mysite.com
"Redlib" https://redlib.mysite.com
}
}
transform user {
match email my@email.com
action add role authp/user
ui link "Settings" "/auth/profile/" icon "las la-cog"
}
}
authorization policy admin_policy {
set auth url https://auth.mysite.com
allow roles authp/user
}
}
}
auth.mysite.com {
authenticate with myportal
}
home.mysite.com: {
reverse_proxy 192.168.1.200:8123
}
diskstation.mysite.com: {
reverse_proxy 192.168.1.23:5000
}
mainsail.mysite.com {
authorize with admin_policy
reverse_proxy 192.168.1.32
handle /printer* {
reverse_proxy 192.168.1.32:7125
}
handle /api* {
reverse_proxy 192.168.1.32:7125
}
handle /access* {
reverse_proxy 192.168.1.32:7125
}
handle /websocket* {
reverse_proxy 192.168.1.32:7125
}
handle /machine* {
reverse_proxy 192.168.1.32:7125
}
handle /server* {
reverse_proxy 192.168.1.32:7125
}
}
frigate.mysite.com {
authorize with admin_policy
reverse_proxy 192.168.1.28:5000
}
redlib.mysite.com {
authorize with admin_policy
reverse_proxy 192.168.1.45:8080
}
scrypted.mysite.com {
reverse_proxy 192.168.1.35:11080
}