Lost on first time setup on OPNsense (DNS, revers proxy, & Docker)

1. The problem I’m having:

a. After a couple of weeks browsing the Docs, wiki, and a few videos I still feel I cant grasp the Caddyfile structure and propertly layout my config so I could setup reverse proxy for my docker services.

b. I tried the hello world example and got connection has timed out.

c. I think if I could see an example of a Caddyfile with a couple of services that could help things click.

2. Logs

"Caddyfile" 3 lines, 40 characters
root@OPNsense:/usr/local/etc/caddy # caddy run
2023/04/10 01:46:59.582 INFO    using adjacent Caddyfile
2023/04/10 01:46:59.584 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2023/04/10 01:46:59.585 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00028df80"}
2023/04/10 01:46:59.585 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2023/04/10 01:46:59.586 INFO    tls     cleaning storage unit   {"description": "FileStorage:/root/.local/share/caddy"}
2023/04/10 01:46:59.586 INFO    tls     finished cleaning storage units
2023/04/10 01:46:59.627 INFO    pki.ca.local    root certificate is already trusted by system   {"path": "storage:pki/authorities/local/root.crt"}
2023/04/10 01:46:59.627 INFO    http    enabling HTTP/3 listener        {"addr": ":2080"}
2023/04/10 01:46:59.627 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2023/04/10 01:46:59.627 INFO    tls.cache.maintenance   stopped background certificate maintenance      {"cache": "0xc00028df80"}
Error: loading initial config: loading new config: http app module: start: listening on :80: listen tcp :80: bind: address already in use

3. Caddy version:

v2.6.4

4. How I installed and ran Caddy:

I installed Caddy with a community plugin from OPNsense Repo – Routerperformance

a. System environment:

OPNsense running freebsd-version 13.1-RELEASE-p7, Docker on separate server

b. Command:

Caddy start

d. My complete Caddy config:

localhost:2080

respond "Hello, world!"

5. Links to relevant resources:

Optional, but can help get us on the same page quickly.

If you installed Caddy with an unofficial installation method, there’s not much we can do to help.

I don’t know anything about OPNsense so you’ll need to fill in the gaps for us there.

This implies that you already have another server running on port 80, so Caddy couldn’t start.

Do you already have Caddy running as a service (systemd? I don’t know what OPNsense uses). If you do, then you shouldn’t use the command caddy run directly, since the service is managing the process.

If you have a different webserver running on port 80, you’ll need to turn it off or reconfigure it to not use that port, so that Caddy can use it. Port 80 is the default HTTP port, it’s needed so Caddy can properly solve the ACME HTTP challenge to get a publicly trusted TLS cert for your site.

Make sure to read this page in the docs, it explains the structure of the Caddyfile:

1 Like

I think so. Im not sure if FreeBSDs services work the same.

lighttpd uses port 80 (Im not really sure what for from my quick search) and when I tried to change it to 82 it knocked out my internet. If Caddy cant use any other port I guess I’ll need to figure out dns challenge.

I’ll try to compare that to other examples

Using port 80 for the ACME HTTP challenge is a requirement of the ACME protocol.

I don’t understand why changing the port of another webserver would knock out your internet. But you’ll need to get help elsewhere to explain that.

Technically they can disable the HTTP challenge to use the ALPN challenge, which won’t require port 80.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.