Jellyfin Reverse Proxy - timeout during connect (likely firewall problems)

1. Caddy version (caddy version):

2.3

2. How I run Caddy:

Windows 10, cmd, run caddy from C:\Caddy

a. System environment:

Windows 10

b. Command:

caddy run

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

Caddyfile as below, based on this guide - https://forum.jellyfin.org/t/simpleton-guide-for-remote-access/2707/2



chryma.ddns.net:80 {
  respond ":-P" 403
}

chryma.ddns.net:443 {
  respond ":-P" 403
}

chryma.ddns.net:1337 {
  reverse_proxy 127.0.0.1:8096
}

3. The problem I’m having:

I’m doing caddy run and it just keeps failing verification.

4. Error messages and/or full log output:

C:\Caddy>caddy run
2021/03/04 20:19:28.582 ←[34mINFO←[0m   using adjacent Caddyfile
2021/03/04 20:19:28.587 ←[34mINFO←[0m   admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/03/04 20:19:28.587 ←[34mINFO←[0m   tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00032e380"}
2021/03/04 20:19:28.588 ←[34mINFO←[0m   http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2021/03/04 20:19:28.588 ←[34mINFO←[0m   http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv1", "https_port": 443}
2021/03/04 20:19:28.588 ←[34mINFO←[0m   http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv1"}
2021/03/04 20:19:28.588 ←[34mINFO←[0m   http    server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server {"server_name": "srv2", "http_port": 80}
2021/03/04 20:19:28.588 ←[33mWARN←[0m   http    user server is listening on same interface as automatic HTTP->HTTPS redirects; user-configured routes might override these redirects    {"server_name": "srv2", "interface": "tcp/:80"}
2021/03/04 20:19:28.588 ←[34mINFO←[0m   http    enabling automatic TLS certificate management   {"domains": ["chryma.ddns.net"]}
2021/03/04 20:19:28.589 ←[34mINFO←[0m   tls     cleaned up storage units
2021/03/04 20:19:28.590 ←[34mINFO←[0m   autosaved config        {"file": "C:\\Users\\USER\\AppData\\Roaming\\Caddy\\autosave.json"}
2021/03/04 20:19:28.590 ←[34mINFO←[0m   serving initial configuration
2021/03/04 20:19:28.596 ←[34mINFO←[0m   tls.obtain      acquiring lock  {"identifier": "chryma.ddns.net"}
2021/03/04 20:19:28.602 ←[34mINFO←[0m   tls.obtain      lock acquired   {"identifier": "chryma.ddns.net"}
2021/03/04 20:19:28.610 ←[34mINFO←[0m   tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["chryma.ddns.net"]}
2021/03/04 20:19:28.610 ←[34mINFO←[0m   tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["chryma.ddns.net"]}
2021/03/04 20:19:30.074 ←[34mINFO←[0m   tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["chryma.ddns.net"]}
2021/03/04 20:19:30.074 ←[34mINFO←[0m   tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["chryma.ddns.net"]}
2021/03/04 20:19:31.991 ←[34mINFO←[0m   tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "chryma.ddns.net", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2021/03/04 20:24:32.980 ←[31mERROR←[0m  tls.obtain      will retry      {"error": "[chryma.ddns.net] Obtain: [chryma.ddns.net] solving challenges: [chryma.ddns.net] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/dUToEX3accvF1Fl2A2KuRA) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 304.3774345, "max_duration": 2592000}
2021/03/04 20:25:34.469 ←[34mINFO←[0m   tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "chryma.ddns.net", "challenge_type": "http-01", "ca": "https://acme-staging-v02.api.letsencrypt.org/directory"}
2021/03/04 20:25:45.205 ←[31mERROR←[0m  tls.issuance.acme.acme_client   challenge failed        {"identifier": "chryma.ddns.net", "challenge_type": "http-01", "status_code": 400, "problem_type": "urn:ietf:params:acme:error:connection", "error": "Fetching http://chryma.ddns.net/.well-known/acme-challenge/D8Anxv3jGmukjdAQk8Am4GNprR1tR3m8Fs1uOwLBG_U: Timeout during connect (likely firewall problem)"}
2021/03/04 20:25:45.205 ←[31mERROR←[0m  tls.issuance.acme.acme_client   validating authorization        {"identifier": "chryma.ddns.net", "error": "authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Fetching http://chryma.ddns.net/.well-known/acme-challenge/D8Anxv3jGmukjdAQk8Am4GNprR1tR3m8Fs1uOwLBG_U: Timeout during connect (likely firewall problem)", "order": "https://acme-staging-v02.api.letsencrypt.org/acme/order/18397780/1748364", "attempt": 1, "max_attempts": 3}
2021/03/04 20:25:46.640 ←[34mINFO←[0m   tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "chryma.ddns.net", "challenge_type": "tls-alpn-01", "ca": "https://acme-staging-v02.api.letsencrypt.org/directory"}
2021/03/04 20:25:56.913 ←[31mERROR←[0m  tls.issuance.acme.acme_client   challenge failed        {"identifier": "chryma.ddns.net", "challenge_type": "tls-alpn-01", "status_code": 400, "problem_type": "urn:ietf:params:acme:error:connection", "error": "Timeout during connect (likely firewall problem)"}
2021/03/04 20:25:56.913 ←[31mERROR←[0m  tls.issuance.acme.acme_client   validating authorization        {"identifier": "chryma.ddns.net", "error": "authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Timeout during connect (likely firewall problem)", "order": "https://acme-staging-v02.api.letsencrypt.org/acme/order/18397780/1748505", "attempt": 2, "max_attempts": 3}
2021/03/04 20:26:00.585 ←[34mINFO←[0m   tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "chryma.ddns.net", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}

5. What I already tried:

I’ve looked all over the forums etc, forwarded the ports on my router as per the above guide, opened 80 and 443 on my windows firewall and also disabled the windows firewall altogether, still getting the same issues.

6. Links to relevant resources:

Welcome Chase,

Something must still be wrong with the network configuration (or the DNS configuration). If you can run curl -v http://chryma.ddns.net from a public or external network somewhere, that might be telling. Double-check that DNS is configured to your home IP properly, that your ports are forwarded properly, the firewall is properly configured, etc etc.

1 Like

The issue was my ISP was blocking these ports, everything is working now, thanks for the help!

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.