Multiple websites Caddy

Help
1

1. Output of caddy version:

2. How I run Caddy:

docker compose

a. System environment:

Client: Docker Engine - Community
Version: 20.10.5
API version: 1.41
Go version: go1.13.15
Git commit: 55c4c88
Built: Tue Mar 2 20:18:46 2021
OS/Arch: linux/arm
Context: default
Experimental: true

Server: Docker Engine - Community
Engine:
Version: 20.10.5
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: 363e9a8
Built: Tue Mar 2 20:16:18 2021
OS/Arch: linux/arm
Experimental: false
containerd:
Version: 1.4.4
GitCommit: 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
runc:
Version: 1.0.0-rc93
GitCommit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec
docker-init:
Version: 0.19.0
GitCommit: de40ad

b. Command:

docker-compose up

c. Service/unit/compose file:

version: '3'

services:
  bitwarden:
    image: vaultwarden/server:latest
    container_name: bitwarden
    restart: always
    environment:
      - WEBSOCKET_ENABLED=true  # Enable WebSocket notifications.
      - SIGNUPS_ALLOWED=false
      - ADMIN_TOKEN=
    volumes:
      - ./bw-data:/data


  # jellyfin:
  #   image: jellyfin/jellyfin:latest
  #   container_name: jellyfin
  #   restart: always
  #   logging:
  #      driver: none
  #   volumes:
  #      - ./jellyfin-config:/config
  #      - ./jellyfin-cache:/cache
  #      - /mnt:/media
  #   ports:
  #      - 5001:5001
  #      - 8096:8096

  radarr:
    image: lscr.io/linuxserver/radarr
    container_name: radarr
    links:
      - qbittorrent
      - jackett
    environment:
      - PUID=0
      - PGID=0
      - TZ=Asia/Kolkata
    volumes:
      - ./radarr-config:/config
      - /mnt/Movies:/movies
    ports:
      - 7878:7878

  bazarr:
    image: lscr.io/linuxserver/bazarr
    container_name: bazarr
    links:
      - radarr
      - qbittorrent
      - sonarr
      - jackett
    environment:
      - PUID=0
      - PGID=0
      - TZ=Asia/Kolkata
    volumes:
      - ./bazarr-config:/config
      - /mnt/Movies:/movies
      - /mnt/Tv Searies:/tv
    ports:
      - 6767:6767

  sonarr:
    image: lscr.io/linuxserver/sonarr
    container_name: sonarr
    links:
      - qbittorrent
      - jackett
    environment:
      - PUID=0
      - PGID=0
      - TZ=Asia/Kolkata
    volumes:
      - ./sonarr-config:/config
      - /mnt/Tv Searies:/tv
    ports:
      - 8989:8989




  caddy:
    build:
        context: ./caddy-build
        dockerfile: caddy.Dockerfile
    container_name: caddy
    restart: always
    ports:
      - 80:80  # Needed for the ACME HTTP-01 challenge.
      - 443:443
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - ./caddy-config:/config
      - ./caddy-data:/data
      - ./caddy-certs:/certs
    environment:
      - EMAIL=<gmail>      # The email address to use for ACME registration.
      - LOG_FILE=/data/access.log
      - ACME_AGREE=true
      - CLOUDFLARE_EMAIL=<gmail>

  filebrowser:
    image: filebrowser/filebrowser
    container_name: filebrowser
    volumes:
      - ./filebrowser.db:/database.db
      - ./.filebrowser.json:/.filebrowser.json
      - /:/srv
    ports:
      - 7000:7000



  synctube:
    image: ghcr.io/daggy1234/synctube
    container_name: synctube
    volumes:
      - ./synctube-user:/user
    ports:
      - "4200:4200"

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent
    container_name: qbittorret
    environment:
      - PUID=0
      - PGID=0
      - TZ=Asia/Kolkata
      - WEBUI_PORT=8080
    volumes:
      - ./qbit-config:/config
      - /mnt/Downloads:/downloads
      - /mnt/Movies:/movies
      - /mnt/Tv Searies:/tv


    ports:
      - 6881:6881
      - 6881:6881/udp
      - 8080:8080

  jackett:
    image: lscr.io/linuxserver/jackett
    container_name: jackett
    environment:
      - PUID=0
      - PGID=0
      - TZ=Asia/Kolkata
      - AUTO_UPDATE=true
    volumes:
      - ./jackett-config:/config
      - /mnt/Downloads:/downloads
    ports:
      - 9117:9117

  plex:
    image: lscr.io/linuxserver/plex
    container_name: plex
    network_mode: host
    environment:
      - PUID=0
      - PGID=0
      - VERSION=docker
      - PLEX_CLAIM=claim-zS_jBeyCHziNhAWvA7LF
    volumes:
      - /mnt/Movies:/movies
      - /mnt/Tv Searies:/tv
      - /mnt/plex-config:/config
      - /mnt/plex-transcode:/transcode

  tautulli:
    image: ghcr.io/tautulli/tautulli
    container_name: tautulli
    links:
      - plex
    volumes:
      - /mnt/tautulli-config:/config
    environment:
      - PUID=0
      - PGID=0
      - TZ=Asia/Kolkata
    ports:
      - 8181:8181

  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=0
      - PGID=0
      - TZ=Asia/Kolkata
      - SERVERURL=
      - SERVERPORT=51820 #optional
      - PEERS=2 #optional
      - PEERDNS=auto #optional
      - INTERNAL_SUBNET=10.13.13.0 #optional
      - ALLOWEDIPS=0.0.0.0/0 #optional
      - LOG_CONFS=true #optional
    volumes:
      - /lib/modules:/lib/modules
      - ./wireguard-config:/config
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

d. My complete Caddy config:

bitward.daggy.tech:443 {
  encode gzip
  reverse_proxy /notifications/hub bitwarden:3012
  reverse_proxy bitwarden:80 {
       header_up X-Real-IP {remote_host}
  }
  tls /certs/daggy.tech.pem /certs/daggy.tech.key
}

imoog.daggy.tech {
  reverse_proxy 192.168.1.69:6969
  tls /certs/daggy.tech.pem /certs/daggy.tech.key
}

qbit.daggy.tech {
  reverse_proxy 192.168.1.69:8080
  tls /certs/daggy.tech.pem /certs/daggy.tech.key
}

sonarr.daggy.tech {
  reverse_proxy sonarr:8989
  tls /certs/daggy.tech.pem /certs/daggy.tech.key
}

radarr.daggy.tech {
  reverse_proxy radarr:7878
  tls /certs/daggy.tech.pem /certs/daggy.tech.key
}

subs.daggy.tech {
  reverse_proxy bazarr:6767
  tls /certs/daggy.tech.pem /certs/daggy.tech.key
}

plex.daggy.tech {
  reverse_proxy plex:32400
  tls /certs/daggy.tech.pem /certs/daggy.tech.key
}

plexstat.daggy.tech {
  reverse_proxy tautulli:8181
  tls /certs/daggy.tech.pem /certs/daggy.tech.key
}

3. The problem I’m having:

4. Error messages and/or full log output:

no errors explicitly in logs

I get this error Firefox no longer trusts my internal certificate authority used for internal sites on our domain. | Firefox Support Forum | Mozilla Support

5. What I already tried:

  • I have tried not specifying my Cloudflare TLS certs and it doesn’t work at all

6. Links to relevant resources:

ip address is my server

image
image952×312 55.2 KB

Do let me know what I can do!

2

I don’t understand the question. Please elaborate with more detail.

3

You should let Caddy handle obtaining, maintaining, and renewing certificate for you .
Where and how you obtain /certs/daggy.tech.pem cert and /certs/daggy.tech.key key ?
is the cert and key for daggy.tech , or *.daggy.tech ( meaning, is it a wildcard certificate ? )

192,168.1.69:6969 , 192.168.1.69:8080, radarr:7878, bazarr:6767, plex:32400, and tautulli:8181 , all are accessible through http:// ( not https ) , and correct ip can be resolve through hostname ( meaning if ping tautulli from Caddy host computer, it will get correct IP address). Because single name hostname is not usual.

4

This topic was automatically closed after 30 days. New replies are no longer allowed.