1. The problem I’m having:
I am hosting a VPS with Ubuntu 22 where I have set up Immich, Jellyfin and Audiobookshelf with Docker Compose. I was earlier using Wireguard (set up with PiVPN script) to access various services but wanted to connect without Wireguard also, so looked into reverse proxy. Caddy seemed the simplest, so followed the instructions on Caddy’s official docs for stable release (running version 2.8.4 right now). Then I updated the Caddyfile with the following information.
immich.domain.com {
reverse_proxy 10.0.0.58:1234
}
abs.domain.com {
reverse_proxy 10.0.0.58:2345
}
jellyfin.domain.com {
reverse_proxy 10.0.0.58:3456
}
This is the entire Caddy file. And now when I go to the Immich, Audiobookshelf or Jellyfin subdomains, I can access those services without problems.
Cloudflare is managing the DNS for my domain. Earlier I was using DNS proxy (orange cloud) on Cloudflare but I guess it goes against their T&C to proxy all these service’s data through them, so I just turned off DNS proxy and now I have DNS only (grey cloud). While setting up Caddy while following some YouTube tutorial and a tutorial on a website, I saw them mention Cloudflare API key. From what I understood, with this, I won’t have to manually refresh the Let’s Encrypt cert every 90 days. So I created an API key. However, those tutorials showed using the Cloudflare module and that’s where I am stuck.
tls {
dns cloudflare {my_api_token}
}
I added the code above under each subdomain entry, so it looked like this.
immich.domain.com {
reverse_proxy 10.0.0.58:1234
tls {
dns cloudflare {my_api_token}
}
}
abs.domain.com {
reverse_proxy 10.0.0.58:2345
tls {
dns cloudflare {my_api_token}
}
}
jellyfin.domain.com {
reverse_proxy 10.0.0.58:3456
tls {
dns cloudflare {CF_API_TOKEN}
}
}
However, when I try reloading the config, I get this error.
Job for caddy.service failed.
See "systemctl status caddy.service" and "journalctl -xeu caddy.service" for details.
Do I need to even include the Cloudflare token? If yes, do I need to uninstall Caddy and then install some other version of Caddy with the Cloudflare module built in? I tried following the instructions mentioned here, i.e., went to the Caddy download page, chose Linux arm64 structure and then chose Cloudflare. Then opened terminal and ran the following command.
sudo curl -o /usr/bin/caddy -L https://caddyserver.com/api/download?os=linux&arch=arm64&p=github.com%2Fcaddy-dns%2Fcloudflare&idempotency=14732388869855
However, when I run this command, terminal freezes and I see this response.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: Failed to create the file /usr/bin/caddy: Text file busy
100 5921 0 5921 0 0 6222 0 --:--:-- --:--:-- --:--:-- 6232
curl: (23) Failure writing output to destination
If I have to reinstall Caddy, could you please tell me how to remove the current installation? I’m fairly a newbie at this, so please bear with me.
Also, I opened ports 80 and 443 for Caddy. But right now it’s open to the whole world. Can I limit access to my websites to a few IP addresses and a couple of CIDRs with firewall rules?
2. Error messages and/or full log output:
3. Caddy version: v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
4. How I installed and ran Caddy:
Followed instructions on Install — Caddy Documentation for the stable release
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
a. System environment:
Ubuntu 22.04.4 LTS on Oracle Cloud with Oracle Cloud Ampere CPU (free tier), Docker Engine Community version 26.1.3, Docker Compose version 2.27.0
b. Command:
sudo nano /etc/caddy/Caddyfile to edit the Caddy file
sudo systemctl reload caddy to reload Caddy
c. Service/unit/compose file:
d. My complete Caddy config:
immich.domain.com {
reverse_proxy 10.0.0.58:1234
}
abs.domain.com {
reverse_proxy 10.0.0.58:2345
}
jellyfin.domain.com {
reverse_proxy 10.0.0.58:3456
}