1. Caddy version (caddy version
):
docker.io/caddy/caddy:latest, v2.0.0-rc.3
2. How I run Caddy:
I’m running Caddy in Podman on server. The server can accessed by server.lan
a. System environment:
podman version 3.3.1
Cockpit/Web console 251.1
Almalinux 8.5
b. Command:
sudo podman run \
--detach \
--publish 443:443 \
--volume /home/[USER]/containers/caddy/data:/data:Z \
--volume /home/[USER]/containers/caddy/Caddyfile:/etc/caddy/Caddyfile:Z \
caddy
c. Service/unit/compose file:
I’m not using this.
Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.
d. My complete Caddyfile or JSON config:
jellyfin.server.lan {
tls internal
reverse_proxy http://localhost:8096
}
caddy fmt
returns fmt: reading input file: open Caddyfile: no such file or directory
. I’m not sure why because the Caddyfile exists in home/[USER]/containers/caddy/Caddyfile
3. The problem I’m having:
On the same server I have Jellyfin running. I like to access Jellyfin by https://jellyfin.server.lan
in a browser on my local network. I don’t want to expose it to the internet just to my local network.
Ideally I like to add additional services in the Caddyfile like https://vaultwarden.server.lan
, https://homeassistant.server.lan
etc.
Entering https://jellyfin.server.lan
returns This site can’t be reached
4. Error messages and/or full log output:
$ curl -v https://server.lan
* Trying 192.168.1.65:443...
* Connected to server.lan (192.168.1.65) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
$ curl -v https://jellyfin.server.lan
* Could not resolve host: jellyfin.server.lan
* Closing connection 0
curl: (6) Could not resolve host: jellyfin.server.lan
5. What I already tried:
I’ve copied the root.crt
and added it to Firefox. But I guess that won’t be an issue since it is not possible to resolve the host.
6. Links to relevant resources:
I’ve tried to follow this example Use Caddy as a reverse proxy (+ local CA!)