Https on local network

g3blv · January 16, 2022, 10:05am

1. Caddy version (`caddy version`):

docker.io/caddy/caddy:latest, v2.0.0-rc.3

2. How I run Caddy:

I’m running Caddy in Podman on server. The server can accessed by server.lan

a. System environment:

podman version 3.3.1

Cockpit/Web console 251.1
Almalinux 8.5

b. Command:

sudo podman run \
--detach \
--publish 443:443 \
--volume /home/[USER]/containers/caddy/data:/data:Z \
--volume /home/[USER]/containers/caddy/Caddyfile:/etc/caddy/Caddyfile:Z \
caddy

c. Service/unit/compose file:

I’m not using this.

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddyfile or JSON config:

jellyfin.server.lan {
  tls internal
  reverse_proxy http://localhost:8096
}

caddy fmt returns fmt: reading input file: open Caddyfile: no such file or directory. I’m not sure why because the Caddyfile exists in home/[USER]/containers/caddy/Caddyfile

3. The problem I’m having:

On the same server I have Jellyfin running. I like to access Jellyfin by https://jellyfin.server.lan in a browser on my local network. I don’t want to expose it to the internet just to my local network.

Ideally I like to add additional services in the Caddyfile like https://vaultwarden.server.lan, https://homeassistant.server.lan etc.

Entering https://jellyfin.server.lan returns This site can’t be reached

4. Error messages and/or full log output:

$ curl -v https://server.lan
*   Trying 192.168.1.65:443...
* Connected to server.lan (192.168.1.65) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.



$ curl -v https://jellyfin.server.lan
* Could not resolve host: jellyfin.server.lan
* Closing connection 0
curl: (6) Could not resolve host: jellyfin.server.lan

5. What I already tried:

I’ve copied the root.crt and added it to Firefox. But I guess that won’t be an issue since it is not possible to resolve the host.

6. Links to relevant resources:

I’ve tried to follow this example Use Caddy as a reverse proxy (+ local CA!)

francislavoie · January 17, 2022, 10:31am

That’s definitely not the latest version of Caddy. The latest is v2.4.6. Please upgrade.

Our official Docker image is found here: Docker

You don’t really have to run caddy fmt – all it would change here is spaces → tabs.

If you’re running inside Docker/Podman, then localhost refers to this container. So it would only connect to services running inside the same container. If you’re running Jellyfin inside of its own container, then you should be able to use the container name as the address to that container, if Caddy and Jellyfin are in the same network.

g3blv · January 17, 2022, 5:40pm

Thanks! Got it working now.

system · February 15, 2022, 10:06am

This topic was automatically closed after 30 days. New replies are no longer allowed.