New to Caddy struggling with the Caddyfile

filikun · May 4, 2019, 11:45pm

UPDATE: Look at my reply below.

Hey! I have a microserver that runs ESXi with three VM’s. One is for Caddy, one for Nextcloud and one for Home assistant. I also own a domain, let’s call it domain. Every service that is run in the VM has a static ip. I want to be able to access these services trough “domain/service_name” outside of my network using https instead of http.

For ex:

For nextcloud I would love the adress to be domain.com/nextcloud.

My current Caddyfile looks like this:

domain.com {
gzip
proxy /nextcoud http://192.168.1.3 {
without /nextcloud
transparent
websocket
}
proxy /hassio http://192.168.1.4:8123 {
without /hassio
transparent
websocket
}
}

My domain is hosted by One and I have domain (A record) point to my homes “external IP”

This setup gives me 404 not found.

Note: I hade to remove the .com on domain bacaus of the limitation for new users to post more than 4 links.

EDIT1: domaindotcom/hassio actually get’s me to a site with the blue header of hassio’s interface but nothing more is shown on the site.

filikun · May 5, 2019, 12:16am

So I found out that doing domain.com/service might be a bad idea (?) so I tried setting up two subdomains for the two services instead.

Both subdomains point the my IP

https://cloud.domain.com- {
proxy / https://192.168.1.3- {
websocket
transparent
insecure_skip_verify
}
}

https://assistant.domain.com- {
proxy / https://192.168.1.4:8123- {
websocket
transparent
insecure_skip_verify
}
}

This gives me at least 502 bad gateway.

NOTE: That the - inte url is just their to enable me to post. Just ignore them.

filikun · May 5, 2019, 12:27am

Update!:

So this worked for me except it’s not HTTPS. If I add HTTPS in the url with my domain caddy is not starting just stuck on “Started certification maintenane routine” and nothing happens.

http://cloud.domain.com {
proxy / http://192.168.1.3 {
websocket
transparent
insecure_skip_verify
}
}

http://assistant.domain.com {
proxy / http://192.168.1.4:8123 {
websocket
transparent
insecure_skip_verify
}
}

filikun · May 5, 2019, 7:57am

When I run it today it worked!

Ended up with this. Now I’m just going to figure out how to disable it running in http at all.

cloud.domain.com {
proxy / 192.168.1.3 {
websocket
transparent
insecure_skip_verify
}
}

assistant.domain.com {
proxy / 192.168.1.4:8123 {
websocket
transparent
insecure_skip_verify
}
}

Whitestrake · May 6, 2019, 11:25pm

Hi @filikun!

The Automatic HTTPS feature is going to want to bind port 80 regardless and Caddy will fail out early if it can’t. It will set up HTTP->S redirects which can be overridden but only specifically for each redirect listener. This isn’t ideal for someone who wants to serve no HTTP at all.

Right now if you want to disable HTTP entirely, your best option is to firewall port 80 and run Caddy with the -disable-http-challenge flag.

Right now Caddy (specifically, Caddy’s ACME provider, acme-go/lego) will always preference TLS-ALPN validation, so that flag doesn’t strictly modify behaviour, but it’s good to ensure that Caddy won’t ever try to use HTTP validation if you’re just firewalling port 80.

system · August 4, 2019, 11:25pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.