I can't seem to get Caddy working with my Unifi controller

Help
1

1. The problem I’m having:

I’m trying to easily access my unifi controller using a FQDN with Caddy reverse proxy. I added to my config but I just get a 404 error when I visit the domain. I don’t see anything in the Caddy logs.

2. Error messages and/or full log output:

󰀵 smoochii ~/󰈙    23:03  ❯ curl -vL https://unifi.smoochii.dev
* Host unifi.smoochii.dev:443 was resolved.
* IPv6: (none)
* IPv4: 10.10.1.102
*   Trying 10.10.1.102:443...
* Connected to unifi.smoochii.dev (10.10.1.102) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=unifi.smoochii.dev
*  start date: Sep 11 13:30:51 2025 GMT
*  expire date: Dec 10 13:30:50 2025 GMT
*  subjectAltName: host "unifi.smoochii.dev" matched cert's "unifi.smoochii.dev"
*  issuer: C=US; O=Let's Encrypt; CN=E7
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://unifi.smoochii.dev/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: unifi.smoochii.dev]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: unifi.smoochii.dev
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/2 404
< alt-svc: h3=":443"; ma=2592000
< date: Fri, 03 Oct 2025 03:03:36 GMT
< via: 1.1 Caddy
< content-length: 0
<
* Connection #0 to host unifi.smoochii.dev left intact

3. Caddy version:

smoochii@caddy:~$ caddy version
v2.10.0 h1:fonubSaQKF1YANl8TXqGcn4IbIRUDdfAkpcsfI/vX5U=

4. How I installed and ran Caddy:

I’m running caddy as an LXC in Proxmox installed via Proxmox VE Helper-Scripts

a. System environment:

smoochii@caddy:~$ uname -a
Linux caddy 6.8.12-12-pve #1 SMP PREEMPT_DYNAMIC PMX 6.8.12-12 (2025-07-14T13:20Z) x86_64 GNU/Linux

b. Command:

sudo systemctl enable caddy

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

(cloudflare) {
	tls {
		dns cloudflare <redacted>
	}
}

pve.smoochii.dev {
	reverse_proxy 10.10.1.100:8006 {
		transport http {
			tls_insecure_skip_verify
		}
	}
	import cloudflare
}

pbs.smoochii.dev {
	reverse_proxy 10.10.1.112:8007 {
		transport http {
			tls_insecure_skip_verify
		}
	}
	import cloudflare
}

vaultwarden.smoochii.dev {
	reverse_proxy 192.168.1.8:8000
	import cloudflare
}

dashboard.smoochii.dev {
	reverse_proxy 10.10.10.110:7575
	import cloudflare
}

kasm.smoochii.dev {
	reverse_proxy https://192.168.1.9 {
		transport http {
			tls_insecure_skip_verify
		}
		header_up Host {host}
		header_up X-Real-IP {remote}
		header_up X-Forwarded-For {remote}
		header_up X-Forwarded-Port {server_port}
		header_up X-Forwarded-Proto {scheme}
	}
	import cloudflare
}

ha.smoochii.dev {
	reverse_proxy 10.10.10.105
	import cloudflare
}

gitea.smoochii.dev {
	reverse_proxy 10.10.10.109:3000
	import cloudflare
}

gaming.smoochii.dev {
	reverse_proxy 10.10.10.108:8080
	import cloudflare
}

minecraft.smoochii.dev {
	reverse_proxy 10.10.1.108:25565
	import cloudflare
}

panel.smoochii.dev {
	reverse_proxy 10.10.10.107
	import cloudflare
}

portainer.smoochii.dev {
	reverse_proxy 10.10.10.113:9443 {
		transport http {
			tls_insecure_skip_verify
		}
	}
	import cloudflare
}
nas.smoochii.dev {
	reverse_proxy https://192.168.1.23 {
		transport http {
			tls_insecure_skip_verify
		}
	}
	import cloudflare
}
nextcloud.smoochii.dev {
	reverse_proxy 10.10.20.111:443 {
		transport http {
			tls_insecure_skip_verify
		}
	}
	import cloudflare
}
internal-pihole.smoochii.dev {
	redir / /admin{uri}
	reverse_proxy 10.10.1.106:8080
	import cloudflare
}
authentik.smoochii.dev {
	reverse_proxy 10.10.10.113:9000
	import cloudflare
}
unifi.smoochii.dev {
	reverse_proxy /inform https://10.10.1.1:8080
	reverse_proxy 10.10.1.1:8443 {
		transport http {
			tls
			tls_insecure_skip_verify
		}
	}
	import cloudflare
}

5. Links to relevant resources:

2

Your unifi.smoochii.dev block looks good, so the 404 Not Found error likely originates from 10.10.1.1:8443.

How do you normally reach that backend when you’re NOT behind the reverse proxy? Do you just enter https://10.10.1.1:8443, or do you use a host name like https://HOSTNAME:8443?

If a host name is involved, try adding header_up Host HOSTNAME to the reverse_proxy block and maybe tls_server_name HOSTNAME in the transport section.

It’s a bit of a guess, but I’m wondering whether the UniFi interface might expect requests to arrive under a specific host name.

1 Like
3

Hi! Thanks so much for the reply! I access it just by going to http://10.10.1.1 and getting the insecure warning.

4

Alright, but you’re telling Caddy to go to https://10.10.1.1:8443. I’m confused now :slight_smile:

5

Wow, I can’t believe it was that! I was following a bunch of tutorials but they all were running Caddy straight on the Unifi device and I have mine separate. Everything is working now, thank you!

1 Like
6

This is confusing - port 8443 on the UniFi controller is for https, not http. I have reverse_proxy https://unifi.mydomain.com.au in my Caddyfile here.

7

So the solution for me was to just have

unifi.smoochii.dev {
	reverse_proxy https://10.10.1.1 {
		transport http {
			tls
			tls_insecure_skip_verify
		}
	}
	import cloudflare
}
2 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.