New user with a rather simple question (i guess)

Hello everyone

I’m sorry if i don’t follow the template but i’m not at home, i hope i can still get some advice.

I’m running a Jellyfin Media Server and a Syncthing Server at home (same device). Ubuntu 20.04 Desktop.

Thx to Caddy and a domain from ddnss.de it was easy to use the caddyfile and set up a reverse proxy with https for my jellyfin. Its something like this:

jelly.ddnss.de {
reverse proxy localhost:8096 {

To do the same for Syncthing it would look like this:

jelly.ddnss.de {
reverse proxy localhost:8096 {

syncthing.ddnss.de {
reverse proxy localhost:8384 {

The problem is my router menu has only 1 entry for domains… So i was told i’d have to use CNAME, so that the syncthing domains points to the other domain.

Is this correct?
And i don’t have to use port numbers when i enter the domains in the browser address bar?

And to finish:

I opened ports 80 and 443 in my router menu… Is this the correct (secure) way, or is it better to open them on the server with ufw?

Thanx a lot guys. Appreciate your work

G’day @MMeirolas1, welcome to the Caddy community.

(Sub)domains will serve their function (resolving to an IP address) regardless of what you set in your router.

Domains are resolved as part of the Domain Name System (DNS), and all you need to do is ensure that your nameserver has records for jelly.ddnss.de and syncthing.ddnss.de (or any other site you want to serve) that point to your external IP.

CNAME is neat because if they both change, you just update the first one and the other “follows” it (because a CNAME is a reference to another record, not an actual IP address record).

You can just as easily set two A records, one for each subdomain, though.

Your browser will assume ports 80 and 443 for HTTP and HTTPS traffic, respectively. As long as Caddy is listening on these ports, you will not need to specify the port in a modern browser.

Both of these are considered firewalls and either will stop traffic. Both must be open for traffic to reach Caddy.

Hey Whitestrake, thank you very for answering so patiently even tho i’m really worthless what networking is concerned

From your first 2 replies, i understood that i “can” use CNAME, but i can also just add records into the nameserver.

I only remember reading about “nameserver” a few months back when i changed my dns servers or Ubuntu…

Would you mind guiding me how to do that on Ubuntu Desktop?
Or is it just a matter of creating the subdomains on ddnss.de webpage, and then the Caddyfile does the rest?
If you have a good “dummy guide” i can read it up as well

Btw: i have my DNS server on my router set to Cloudflare. Is this enough?

Thanx again for all the effort

DNS is remote from your computer, so there is nothing to set on your desktop.

Add your subdomains to ddnss.de such that terminal command dig subdomain.ddnss.de returns your external IP address.

This will ensure people browsing to that subdomain are connecting to you. Once the connections come in, as long as ports are forwarded and firewalls permissive as required, Caddy handles the rest.

Ok. I’ll try it out later and let you know

I edited my previous post with a question regarding Cloudflare DNS. Would you mind replying to that, please?

Thx again

Hello there,

i wanted to give an update on my issue.

So i followed recommendations and edited the Caddyfile to somethibg like this:

b.jelly.ddnss.de {
reverse proxy localhost:8096 {

b.syncthing.ddnss.de {
reverse proxy localhost:8384 {

Acessing Jellyfin works, Syncthing tries to open but i get this message “Host check error”.

After research i found out this:

https://docs.syncthing.net/users/faq.html#why-do-i-get-host-check-error-in-the-gui-api

But this is essentially lile chinese to a german person

Could someone please guide me how to fix this?

Thx a lot

I think you’ll need to set the Host header as described there:

b.syncthing.ddnss.de {
	reverse_proxy localhost:8384 {
		header_up Host localhost
	}
}

Hey francislavoie, thx for the reply.

Will try that and let you know.

Great support around here

so i edited the Caddyfile. now when i enter the subdomain i get a blank page…

i must add that i can’t create domains in this format “x.y.ddnss.de”. it has to be “x.ddnss.de”

What’s your full config now, and what’s in your Caddy logs?

The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace the line below with your
# domain name.

jellymmeirolas.ddnss.de {
        reverse_proxy localhost:8096
}

syncmmeirolas.ddnss.de {
        reverse_proxy localhost:8384 {
                header_up Host localhost
        }
}

# Set this path to your site's directory.
root * /usr/share/caddy

# Enable the static file server.
file_server

would love to paste the log but it’s nowhere to be found, at least not in /var/log

sorry, don’t know how to format this correctly

Btw, i now get an error message while checking sudo systemctl status caddy:

Sep 26 23:1sudo[21068]: pam_unix(sudo:auth): auth could not identify password for [caddy]
sudo[21068]:    caddy : user NOT in sudoers ; TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/tee /usr/local/share/ca-certificates/Caddy_Local_Authority_-_2020_ECC_Root_49760717898714860451747963137657363705.crt

To use code formatting, write ``` (three backticks) on the line immediately before and after your config.

Are you running Caddy as a systemd service? You can see your logs with journalctl --no-pager -u caddy | less, and type Shift+G to jump to the bottom.

Sep 26 23:12:46 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601154766.322179,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
Sep 26 23:12:46 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601154766.322633,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Sep 26 23:12:46 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601154766.3228133,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["syncmmeirolas.ddnss.de","root","jellymmeirolas.ddnss.de"]}
Sep 26 23:12:46 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601154766.3228612,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002b8a10"}
Sep 26 23:12:46 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"warn","ts":1601154766.3236694,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [root]: no OCSP server specified in certificate"}
Sep 26 23:12:46 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"warn","ts":1601154766.323681,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
Sep 26 23:12:46 mmserverdellt40-PowerEdge-T40 caddy[660]: 2020/09/26 23:12:46 Warning: "certutil" is not available, install "certutil" with "apt install libnss3-tools" or "yum install nss-tools" and try again
Sep 26 23:12:46 mmserverdellt40-PowerEdge-T40 caddy[660]: 2020/09/26 23:12:46 define JAVA_HOME environment variable to use the Java trust
Sep 26 23:12:46 mmserverdellt40-PowerEdge-T40 sudo[21068]: pam_unix(sudo:auth): Couldn't open /etc/securetty: Ficheiro ou pasta inexistente
Sep 26 23:12:46 mmserverdellt40-PowerEdge-T40 sudo[21068]: pam_unix(sudo:auth): conversation failed
Sep 26 23:12:46 mmserverdellt40-PowerEdge-T40 sudo[21068]: pam_unix(sudo:auth): auth could not identify password for [caddy]
Sep 26 23:12:46 mmserverdellt40-PowerEdge-T40 sudo[21068]:    caddy : user NOT in sudoers ; TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/tee /usr/local/share/ca-certificates/Caddy_Local_Authority_-_2020_ECC_Root_49760717898714860451747963137657363705.crt
Sep 26 23:12:46 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"error","ts":1601154766.3267176,"logger":"pki.ca.local","msg":"failed to install root certificate","error":"failed to execute sudo: exit status 1","certificate_file":"storage:pki/authorities/local/root.crt"}
Sep 26 23:12:46 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"warn","ts":1601154766.3269916,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [root]: no OCSP server specified in certificate"}
Sep 26 23:12:46 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"warn","ts":1601154766.3271854,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [*]: no OCSP server specified in certificate"}
Sep 26 23:12:47 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601154767.3276124,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc00016ecb0"}
Sep 26 23:12:47 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601154767.3279643,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Sep 26 23:12:47 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601154767.3279927,"logger":"admin.api","msg":"load complete"}
Sep 26 23:12:47 mmserverdellt40-PowerEdge-T40 systemd[1]: Reloaded Caddy.
Sep 26 23:12:47 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601154767.8231137,"logger":"admin","msg":"stopped previous server"}
(END)

it seems to have something to do with the certificates, right?

Ah, the problem is that you have some dangling config in there that shouldn’t be there. Remove or comment out the root and file_server lines that are in there (and please update your comment to use code formatting for your config, it’s very hard to read otherwise)

Thx for the reply francislavoie.

“Code formatting” how? I did three backticks-config-three backticks. Is this not correct?

Where should i remove “root” and “file_server”?
If i remove them won’t i lose access to syncthing and jellyfin (root) and my samba share (file_server)?

Cheers

Code formatting is with ``` as I described earlier. The backticks need to be on their own lines, with nothing before or after on that line.

root and file_server lines are from the default Caddyfile config and they don’t belong there. They’re meant to serve the Caddyfile welcome page when you first install Caddy. They’re meant to be removed afterwards. Your jellyfin and syncthing are reverse proxies, and have their own site blocks.

What’s actually happening is Caddy is parsing the config and thinking root is a site to serve, but that doesn’t make any sense. Read about the Caddyfile config structure here:

i can’t believe that i didn’t see that before

i think we are getting closer to the solution…

“SSL_ERROR_INTERNAL_ERROR_ALERT” - getting this on firefox.

Sep 27 03:47:44 mmserverdellt40-PowerEdge-T40 caddy[45423]: {"level":"info","ts":1601171264.0565593,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Sep 27 03:47:44 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601171264.0577543,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:47188","headers":{"Accept-Encoding":["gzip"],"Content-Length":["503"],"Content-Type":["application/json"],"Origin":["localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Sep 27 03:47:44 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601171264.0580404,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
Sep 27 03:47:44 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601171264.0582094,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0001fcc40"}
Sep 27 03:47:44 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601171264.0582519,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Sep 27 03:47:44 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601171264.0582614,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Sep 27 03:47:44 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601171264.058403,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["jellymmeirolas.ddnss.de","syncmmeirolas.ddnss.de"]}
Sep 27 03:47:45 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601171265.059374,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc0001fc690"}
Sep 27 03:47:45 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601171265.0597072,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Sep 27 03:47:45 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601171265.0597348,"logger":"admin.api","msg":"load complete"}
Sep 27 03:47:45 mmserverdellt40-PowerEdge-T40 systemd[1]: Reloaded Caddy.
Sep 27 03:47:45 mmserverdellt40-PowerEdge-T40 caddy[660]: {"level":"info","ts":1601171265.5583563,"logger":"admin","msg":"stopped previous server"}
(END)

thx for all the effort so far, can’t thank you enough

It worked!!!

once i disabled “use TLS” in the Syncthing advanced option menu i could log in and it shows “verified by let’s encrypt” !!

thank you thank you Sir! can’t thank you enough

is there any way to donate?

please feel free to close this topic

take care and keep up the great work

The best way is to sponsor @matt here:

thx. will look into it

take care