1. The problem I’m having:
I was having a working caddy reserve proxy server few days ago, No updates no changes.
this was my setup
Cloudflare DNS as *.blazingbane.com → pulicIP , which has port forwarding for 80 and 443.
- I have tried fresh install of caddy Does’t seem to work
- only http proxy is working, HTTPS is not working
2. Error messages and/or full log output:
Error without debug mode
PS C:\Users\Streaming\Documents\caddy> caddy start
2024/11/23 02:56:17.186 INFO using adjacent Caddyfile
2024/11/23 02:56:17.187 INFO adapted config to JSON {"adapter": "caddyfile"}
2024/11/23 02:56:17.197 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/11/23 02:56:17.197 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc000648580"}
2024/11/23 02:56:17.197 INFO http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2024/11/23 02:56:17.197 INFO http.auto_https enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2024/11/23 02:56:17.197 WARN http.auto_https server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server {"server_name": "srv1", "http_port": 80}
2024/11/23 02:56:17.199 INFO http enabling HTTP/3 listener {"addr": ":443"}
2024/11/23 02:56:17.199 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/11/23 02:56:17.199 INFO http.log server running {"name": "srv1", "protocols": ["h1", "h2", "h3"]}
2024/11/23 02:56:17.199 INFO http enabling automatic TLS certificate management {"domains": ["movies.blazingbane.com", "files.blazingbane.com", "immich.blazingbane.com", "server.blazingbane.com"]}
2024/11/23 02:56:17.214 INFO tls storage cleaning happened too recently; skipping for now {"storage": "FileStorage:C:\\Users\\Streaming\\AppData\\Roaming\\Caddy", "instance": "842c23ed-9e05-4683-9c20-ca381031e91d", "try_again": "2024/11/24 02:56:17.214", "try_again_in": 86400}
2024/11/23 02:56:17.214 INFO tls finished cleaning storage units
2024/11/23 02:56:17.227 INFO tls.obtain acquiring lock {"identifier": "files.blazingbane.com"}
2024/11/23 02:56:17.233 INFO tls.obtain lock acquired {"identifier": "files.blazingbane.com"}
2024/11/23 02:56:17.233 INFO tls.obtain obtaining certificate {"identifier": "files.blazingbane.com"}
2024/11/23 02:56:17.244 INFO http waiting on internal rate limiter {"identifiers": ["files.blazingbane.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2024/11/23 02:56:17.244 INFO http done waiting on internal rate limiter {"identifiers": ["files.blazingbane.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2024/11/23 02:56:17.244 INFO http using ACME account {"account_id": "https://acme-v02.api.letsencrypt.org/acme/acct/2072581187", "account_contact": []}
2024/11/23 02:56:17.265 INFO autosaved config (load with --resume flag) {"file": "C:\\Users\\Streaming\\AppData\\Roaming\\Caddy\\autosave.json"}
2024/11/23 02:56:17.265 INFO serving initial configuration
Successfully started Caddy (pid=12992) - Caddy is running in the background
PS C:\Users\Streaming\Documents\caddy> 2024/11/23 02:56:17.773 INFO http.acme_client trying to solve challenge {"identifier": "files.blazingbane.com", "challenge_type": "tls-alpn-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2024/11/23 02:56:28.009 ERROR http.acme_client challenge failed {"identifier": "files.blazingbane.com", "challenge_type": "tls-alpn-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "*.*.*.*: Timeout during connect (likely firewall problem)", "instance": "", "subproblems": []}}
2024/11/23 02:56:28.009 ERROR http.acme_client validating authorization {"identifier": "files.blazingbane.com", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "*.*.*.*: Timeout during connect (likely firewall problem)", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/2072581187/325864897057", "attempt": 1, "max_attempts": 3}
2024/11/23 02:56:29.287 INFO http.acme_client trying to solve challenge {"identifier": "files.blazingbane.com", "challenge_type": "http-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2024/11/23 02:56:29.487 INFO http served key authentication {"identifier": "files.blazingbane.com", "challenge": "http-01", "remote": "23.178.112.219:44187", "distributed": false}
2024/11/23 02:56:29.780 INFO http served key authentication {"identifier": "files.blazingbane.com", "challenge": "http-01", "remote": "35.89.167.64:24694", "distributed": false}
2024/11/23 02:56:29.900 INFO http served key authentication {"identifier": "files.blazingbane.com", "challenge": "http-01", "remote": "13.60.91.25:31496", "distributed": false}
2024/11/23 02:56:30.129 INFO http served key authentication {"identifier": "files.blazingbane.com", "challenge": "http-01", "remote": "13.250.100.175:59614", "distributed": false}
2024/11/23 02:56:30.650 INFO http.acme_client authorization finalized {"identifier": "files.blazingbane.com", "authz_status": "valid"}
2024/11/23 02:56:30.650 INFO http.acme_client validations succeeded; finalizing order {"order": "https://acme-v02.api.letsencrypt.org/acme/order/2072581187/325864936307"}
2024/11/23 02:56:34.039 INFO http.acme_client got renewal info {"names": ["files.blazingbane.com"], "window_start": "2025/01/21 02:17:29.000", "window_end": "2025/01/23 02:17:29.000", "selected_time": "2025/01/22 11:02:41.000", "recheck_after": "2024/11/23 08:56:34.039", "explanation_url": ""}
2024/11/23 02:56:34.187 INFO http.acme_client got renewal info {"names": ["files.blazingbane.com"], "window_start": "2025/01/21 02:17:29.000", "window_end": "2025/01/23 02:17:29.000", "selected_time": "2025/01/21 06:06:13.000", "recheck_after": "2024/11/23 08:56:34.187", "explanation_url": ""}
2024/11/23 02:56:34.187 INFO http.acme_client successfully downloaded available certificate chains {"count": 2, "first_url": "https://acme-v02.api.letsencrypt.org/acme/cert/044d68bd0f2c06720894c6cdbcb55f90146c"}
2024/11/23 02:56:34.189 INFO tls.obtain certificate obtained successfully {"identifier": "files.blazingbane.com", "issuer": "acme-v02.api.letsencrypt.org-directory"}
2024/11/23 02:56:34.190 INFO tls.obtain releasing lock {"identifier": "files.blazingbane.com"}
PS C:\Users\Streaming\Documents\caddy> caddy start
2024/11/23 03:12:33.528 INFO using adjacent Caddyfile
2024/11/23 03:12:33.530 INFO adapted config to JSON {"adapter": "caddyfile"}
2024/11/23 03:12:33.539 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/11/23 03:12:33.540 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc000606d00"}
2024/11/23 03:12:33.540 INFO http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2024/11/23 03:12:33.540 INFO http.auto_https enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2024/11/23 03:12:33.540 WARN http.auto_https server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server {"server_name": "srv1", "http_port": 80}
2024/11/23 03:12:33.540 DEBUG http.auto_https adjusted config {"tls": {"automation":{"policies":[{}]}}, "http": {"servers":{"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"127.0.0.1:2283"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"10.0.0.236:6767"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"127.0.0.1:8096"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"127.0.0.1:9393"}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}},"srv1":{"listen":[":80"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"127.0.0.1:2283"}]}]}]}],"terminal":true},{},{}],"automatic_https":{"disable":true}}}}}
2024/11/23 03:12:33.541 INFO http enabling HTTP/3 listener {"addr": ":443"}
2024/11/23 03:12:33.541 DEBUG http starting server loop {"address": "[::]:443", "tls": true, "http3": true}
2024/11/23 03:12:33.541 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/11/23 03:12:33.542 DEBUG http starting server loop {"address": "[::]:80", "tls": false, "http3": false}
2024/11/23 03:12:33.542 INFO http.log server running {"name": "srv1", "protocols": ["h1", "h2", "h3"]}
2024/11/23 03:12:33.542 INFO http enabling automatic TLS certificate management {"domains": ["immich.blazingbane.com", "server.blazingbane.com", "movies.blazingbane.com", "files.blazingbane.com"]}
2024/11/23 03:12:33.542 DEBUG tls.cache added certificate to cache {"subjects": ["immich.blazingbane.com"], "expiration": "2025/02/21 01:53:11.000", "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "5c4b8a0c362d4d18aa3c2f8b0f947b9b4d0c6b6903a8fc43cd26e3f9aa1c62b3", "cache_size": 1, "cache_capacity": 10000}
2024/11/23 03:12:33.543 DEBUG events event {"name": "cached_managed_cert", "id": "9501a50b-9b29-43a7-9b0a-9dbcb4350322", "origin": "tls", "data": {"sans":["immich.blazingbane.com"]}}
2024/11/23 03:12:33.544 DEBUG tls.cache added certificate to cache {"subjects": ["server.blazingbane.com"], "expiration": "2025/02/21 01:53:21.000", "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "a3da28cb490e1e861f23aec59942a99f0e82c4bb5d95cf950befd0b540bd8b74", "cache_size": 2, "cache_capacity": 10000}
2024/11/23 03:12:33.544 DEBUG events event {"name": "cached_managed_cert", "id": "551c19d6-19ae-45e8-bc27-849b62a0a94d", "origin": "tls", "data": {"sans":["server.blazingbane.com"]}}
2024/11/23 03:12:33.544 DEBUG tls.cache added certificate to cache {"subjects": ["movies.blazingbane.com"], "expiration": "2025/02/21 01:53:21.000", "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "dcd256858a14c95e36811c17d3e673317f9b722737c1f942e047f477a03089f7", "cache_size": 3, "cache_capacity": 10000}
2024/11/23 03:12:33.544 DEBUG events event {"name": "cached_managed_cert", "id": "1b145c5f-8be9-4269-b4e4-17c148a09311", "origin": "tls", "data": {"sans":["movies.blazingbane.com"]}}
2024/11/23 03:12:33.545 DEBUG tls.cache added certificate to cache {"subjects": ["files.blazingbane.com"], "expiration": "2025/02/21 01:57:59.000", "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "33a975800807c452fc9aeb4b407e2dbd3d3d5a39245c735528deba05b8d6620f", "cache_size": 4, "cache_capacity": 10000}
2024/11/23 03:12:33.545 DEBUG events event {"name": "cached_managed_cert", "id": "708c3092-ce7a-45b1-81cc-84e69250b5eb", "origin": "tls", "data": {"sans":["files.blazingbane.com"]}}
2024/11/23 03:12:33.545 INFO autosaved config (load with --resume flag) {"file": "C:\\Users\\Streaming\\AppData\\Roaming\\Caddy\\autosave.json"}
2024/11/23 03:12:33.545 INFO serving initial configuration
Successfully started Caddy (pid=6708) - Caddy is running in the background
2024/11/23 03:12:33.547 INFO tls storage cleaning happened too recently; skipping for now {"storage": "FileStorage:C:\\Users\\Streaming\\AppData\\Roaming\\Caddy", "instance": "842c23ed-9e05-4683-9c20-ca381031e91d", "try_again": "2024/11/24 03:12:33.547", "try_again_in": 86400}
2024/11/23 03:12:33.547 INFO tls finished cleaning storage units
PS C:\Users\Streaming\Documents\caddy> 2024/11/23 03:13:01.545 DEBUG http.handlers.reverse_proxy selected upstream {"dial": "127.0.0.1:2283", "total_upstreams": 1}
2024/11/23 03:13:01.549 DEBUG http.handlers.reverse_proxy upstream roundtrip {"upstream": "127.0.0.1:2283", "duration": 0.0030658, "request": {"remote_ip": "*.*.*.*", "remote_port": "54534", "client_ip": "*.*.*.*", "proto": "HTTP/1.1", "method": "GET", "host": "immich.blazingbane.com", "uri": "/", "headers": {"Accept": ["*/*"], "Accept-Language": ["en-US,en;q=0.5"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"], "X-Forwarded-For": ["*.*.*.*"], "Priority": ["u=4"], "Pragma": ["no-cache"], "Cache-Control": ["no-cache"], "X-Forwarded-Proto": ["http"], "X-Forwarded-Host": ["immich.blazingbane.com"], "Accept-Encoding": ["gzip, deflate"]}}, "headers": {"Connection": ["keep-alive"], "Keep-Alive": ["timeout=5"], "X-Powered-By": ["Express"], "Content-Type": ["text/html; charset=utf-8"], "Cache-Control": ["no-store"], "Content-Length": ["6033"], "Etag": ["\"1791-mYZsXQnlnZvRokIH6Nbx+zvQQPc\""], "Date": ["Sat, 23 Nov 2024 03:13:01 GMT"]}, "status": 200}
2024/11/23 03:13:01.573 DEBUG http.handlers.reverse_proxy selected upstream {"dial": "127.0.0.1:2283", "total_upstreams": 1}
2024/11/23 03:13:01.576 DEBUG http.handlers.reverse_proxy upstream roundtrip {"upstream": "127.0.0.1:2283", "duration": 0.0032053, "request": {"remote_ip": "*.*.*.*", "remote_port": "54523", "client_ip": "*.*.*.*", "proto": "HTTP/1.1", "method": "GET", "host": "immich.blazingbane.com", "uri": "/", "headers": {"X-Forwarded-Host": ["immich.blazingbane.com"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], "X-Forwarded-For": ["*.*.*.*"], "X-Forwarded-Proto": ["http"], "Accept-Encoding": ["gzip, deflate"], "Sec-Gpc": ["1"], "Upgrade-Insecure-Requests": ["1"], "Priority": ["u=0, i"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"], "Accept-Language": ["en-US,en;q=0.5"]}}, "headers": {"Keep-Alive": ["timeout=5"], "X-Powered-By": ["Express"], "Content-Type": ["text/html; charset=utf-8"], "Cache-Control": ["no-store"], "Content-Length": ["6033"], "Etag": ["\"1791-mYZsXQnlnZvRokIH6Nbx+zvQQPc\""], "Date": ["Sat, 23 Nov 2024 03:13:01 GMT"], "Connection": ["keep-alive"]}, "status": 200}
2024/11/23 03:13:01.686 DEBUG http.handlers.reverse_proxy selected upstream {"dial": "127.0.0.1:2283", "total_upstreams": 1}
2024/11/23 03:13:01.707 DEBUG http.handlers.reverse_proxy upstream roundtrip {"upstream": "127.0.0.1:2283", "duration": 0.0212143, "request": {"remote_ip": "*.*.*.*", "remote_port": "54523", "client_ip": "*.*.*.*", "proto": "HTTP/1.1", "method": "GET", "host": "immich.blazingbane.com", "uri": "/custom.css", "headers": {"X-Forwarded-Host": ["immich.blazingbane.com"], "X-Forwarded-For": ["*.*.*.*"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"], "Accept": ["text/css,*/*;q=0.1"], "Accept-Encoding": ["gzip, deflate"], "Sec-Gpc": ["1"], "Accept-Language": ["en-US,en;q=0.5"], "X-Forwarded-Proto": ["http"], "Priority": ["u=2"], "Referer": ["http://immich.blazingbane.com/"], "If-None-Match": ["\"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk\""]}}, "headers": {"Date": ["Sat, 23 Nov 2024 03:13:01 GMT"], "Connection": ["keep-alive"], "Keep-Alive": ["timeout=5"], "X-Powered-By": ["Express"], "X-Immich-Cid": ["dd1nilae"], "Etag": ["\"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk\""]}, "status": 304}
2024/11/23 03:13:01.865 DEBUG http.handlers.reverse_proxy selected upstream {"dial": "127.0.0.1:2283", "total_upstreams": 1}
2024/11/23 03:13:01.873 DEBUG http.handlers.reverse_proxy selected upstream {"dial": "127.0.0.1:2283", "total_upstreams": 1}
2024/11/23 03:13:01.876 DEBUG http.handlers.reverse_proxy upstream roundtrip {"upstream": "127.0.0.1:2283", "duration": 0.0110407, "request": {"remote_ip": "*.*.*.*", "remote_port": "54523", "client_ip": "*.*.*.*", "proto": "HTTP/1.1", "method": "GET", "host": "immich.blazingbane.com", "uri": "/api/server/features", "headers": {"X-Forwarded-Host": ["immich.blazingbane.com"], "Priority": ["u=4"], "X-Forwarded-For": ["*.*.*.*"], "Sec-Gpc": ["1"], "Referer": ["http://immich.blazingbane.com/"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"], "If-None-Match": ["\"104-b8bikIJ9H8jpKuznfMRBL41PGlg\""], "X-Forwarded-Proto": ["http"], "Accept": ["application/json"], "Accept-Language": ["en-US,en;q=0.5"], "Accept-Encoding": ["gzip, deflate"]}}, "headers": {"X-Powered-By": ["Express"], "X-Immich-Cid": ["uuzq1ueg"], "Etag": ["\"104-b8bikIJ9H8jpKuznfMRBL41PGlg\""], "Date": ["Sat, 23 Nov 2024 03:13:01 GMT"], "Connection": ["keep-alive"], "Keep-Alive": ["timeout=5"]}, "status": 304}
2024/11/23 03:13:01.890 DEBUG http.handlers.reverse_proxy upstream roundtrip {"upstream": "127.0.0.1:2283", "duration": 0.0169631, "request": {"remote_ip": "*.*.*.*", "remote_port": "54536", "client_ip": "*.*.*.*", "proto": "HTTP/1.1", "method": "GET", "host": "immich.blazingbane.com", "uri": "/api/server/config", "headers": {"Referer": ["http://immich.blazingbane.com/"], "Sec-Gpc": ["1"], "If-None-Match": ["\"9a-4FfCLxBDS3uHTh1nsn4AepoN3vY\""], "Accept-Language": ["en-US,en;q=0.5"], "X-Forwarded-For": ["*.*.*.*"], "X-Forwarded-Host": ["immich.blazingbane.com"], "Priority": ["u=4"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"], "Accept-Encoding": ["gzip, deflate"], "Accept": ["application/json"], "X-Forwarded-Proto": ["http"]}}, "headers": {"Date": ["Sat, 23 Nov 2024 03:13:01 GMT"], "Connection": ["keep-alive"], "Keep-Alive": ["timeout=5"], "X-Powered-By": ["Express"], "X-Immich-Cid": ["fzt00zlf"], "Etag": ["\"9a-4FfCLxBDS3uHTh1nsn4AepoN3vY\""]}, "status": 304}
3. Caddy version:
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
4. How I installed and ran Caddy:
using chocolatey
a. System environment:
Windows 11, 64bit
b. Command:
caddy start
d. My complete Caddy config:
immich.blazingbane.com {
reverse_proxy 127.0.0.1:2283
}
files.blazingbane.com {
reverse_proxy 127.0.0.1:9393
}
server.blazingbane.com {
reverse_proxy 10.0.0.236:6767
}
movies.blazingbane.com {
reverse_proxy 127.0.0.1:8096
}