Help with Caddy reverse proxy to Cloudflare dns for media server access

1. The problem I’m having:

Hello! Im a newbie when it comes to Linux & Caddy and have been playing around with both for the last couple weeks. However, for the past couple days I have been unsuccessful in trying to setup outside access to my media server using Caddy as a reverse proxy that points to cloudflare. The media server is being hosted on Linux Mint Cinnamon 21.2, and I have the stable version of Caddy (not docker) installed by using the following commands:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf '' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf '' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

Previously, I did have it setup and working with a duckdns domain, however I wanted to enhance security a bit by purchasing my own domain and then using cloudflare for some added security.

After some research into this, I found that by default Caddy doesn’t support this natively and the program + cloudflare module could be downloaded via Download Caddy. So I downloaded Caddy-dns/cloudflare (Linux amd64). But the problem now is that I have no idea what to do with this downloaded file. I thought it was an installer of some sort? When I click on it, I’m being asked what to open it with. Nothing seems to open it? When I edit the permissions to allow it to execute as a program, it doesn’t do anything. Am I supposed to place this somewhere? I tried seeking the documentation but couldn’t find anything too specific to this situation… I feel goofy about this because I feel like it’s something super simple I’m missing, but have spent hours on this.

Appreciate and advice!

2. Error messages and/or full log output:

Please use the preview pane to ensure it looks nice.

3. Caddy version:

4. How I installed and ran Caddy:

a. System environment:

b. Command:

Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

Please use the preview pane to ensure it looks nice.

5. Links to relevant resources:

If you’re using a custom build on a debian-based system, you should follow these steps to set up a diversion:

The file you downloaded is a binary executable, it’s the actual Caddy program.

The program you have from installing the package is at /usr/bin/caddy (/usr/bin is where most programs are installed, it’s one of the paths in your PATH environment variable which determines where shells will look for commands to run).

The instructions at the link above set up a diversion to allow both your custom binary and the one from the deb package to coexist without causing problems when you try to upgrade the package.

Keep in mind that you’ll be responsible for upgrading Caddy yourself when new versions are released, but you can use sudo caddy upgrade to make it easy.

Hey, thanks for the reply!

Sorry for the vague information and perhaps poor terminology, this is all quite new to me. So I followed the instructions within the link and all seemed to go okay.

Would I then just drop my downloaded binary into the caddy.custom folder and verify that caddy is using that folder using the “update-alternatives --config caddy” command? (Which it appears to be).

If so, would my caddy.config file be placed in the caddy.custom folder as well? Or would I continue to leave it in the caddy folder?

Thank you!

That’s not a folder (aka directory in the Linux world, folder is a Windows term), it’s the filename of the binary.

Your Caddyfile should be at /etc/caddy/Caddyfile. See Keep Caddy Running — Caddy Documentation

Thanks once more! I think I’m understanding. But now when I go to start Caddy, I seem to be getting an error message.

PC@Server:/etc/caddy$ caddy start
2023/10/03 03:04:24.834 INFO using adjacent Caddyfile
2023/10/03 03:04:24.836 INFO admin admin endpoint started {“address”: “localhost:2019”, “enforce_origin”: false, “origins”: [“//localhost:2019”, “//[::1]:2019”, “//”]}
2023/10/03 03:04:24.837 INFO http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {“server_name”: “srv0”, “https_port”: 443}
2023/10/03 03:04:24.837 INFO http.auto_https enabling automatic HTTP->HTTPS redirects {“server_name”: “srv0”}
2023/10/03 03:04:24.837 INFO tls.cache.maintenance started background certificate maintenance {“cache”: “0xc000092a00”}
2023/10/03 03:04:24.838 INFO tls cleaning storage unit {“description”: “FileStorage:/home/myserver/.local/share/caddy”}
2023/10/03 03:04:24.838 INFO tls.cache.maintenance stopped background certificate maintenance {“cache”: “0xc000092a00”}
Error: loading initial config: loading new config: http app module: start: listening on :443: listen tcp :443: bind: permission denied
Error: caddy process exited with error: exit status 1

That’s when trying to start the service with the following config:

mypurchaseddomain dot org {
tls {
dns cloudflare abcdefghijklmnop12345

From the error output that I’m seeing, It doesn’t even seem to be using my caddyfile located at /etc/caddy/? Not too sure where I’m going wrong :frowning:

Edit: A systemctl status caddy has given me some insight into this issue.

Oct 02 22:53:53 myserver systemd[1]: Starting Caddy…
Oct 02 22:53:53 myserver systemd[1638]: caddy.service: Failed to locate executable /usr/bin/caddy: Permission denied
Oct 02 22:53:53 myserver systemd[1638]: caddy.service: Failed at step EXEC spawning /usr/bin/caddy: Permission denied
Oct 02 22:53:53 myserver systemd[1]: caddy.service: Main process exited, code=exited, status=203/EXEC
Oct 02 22:53:53 myserver systemd[1]: caddy.service: Failed with result ‘exit-code’.
Oct 02 22:53:53 myserver systemd[1]: Failed to start Caddy.
Oct 02 23:04:19 myserver systemd[1]: caddy.service: Unit cannot be reloaded because it is inactive.

Working on restoring the executable to see what happens next… I’m a hot mess! lol.

Please show your terminal logs from when you ran the diversion steps.

You may need to run sudo chmod +x <path to the binary> for wherever your custom binary is now stored, to make sure it has the executable permission.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.