Any thoughts? Sorry to nag I’m just totally stuck here.
My domain points to my server IP. My config file points the domain at server.ip:8096. There’s a Jellyfin server up and running on that port. But when I go to the domain, it cannot connect to the site (the connection has timed out).
** I know the forward is working because the “connection has timed out” screen in my browser shows the IP of the VPS.
**I know know that caddy is running because I’ve run the ‘service status’ command I get:
caddy.service - Caddy
Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: en
Active: active (running) since Sat 2020-08-15 13:04:27 UTC; 3h 0min ago
Docs: https://caddyserver.com/docs/
Main PID: 1020 (caddy)
Tasks: 14 (limit: 4915)
CGroup: /system.slice/caddy.service
└─1020 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
Aug 15 13:04:27 Fermi-Plex caddy[1020]: USER=caddy
Aug 15 13:04:27 Fermi-Plex caddy[1020]: INVOCATION_ID=fb36a0068d6f4ace85b46e2f96
Aug 15 13:04:27 Fermi-Plex caddy[1020]: JOURNAL_STREAM=9:16045
Aug 15 13:04:27 Fermi-Plex caddy[1020]: {"level":"info","ts":1597496667.9760141,
Aug 15 13:04:27 Fermi-Plex caddy[1020]: {"level":"info","ts":1597496667.984018,"
Aug 15 13:04:27 Fermi-Plex caddy[1020]: 2020/08/15 13:04:27 [INFO][cache:0xc0003
Aug 15 13:04:27 Fermi-Plex caddy[1020]: {"level":"info","ts":1597496667.9897885,
Aug 15 13:04:27 Fermi-Plex caddy[1020]: {"level":"info","ts":1597496667.992747,"
Aug 15 13:04:27 Fermi-Plex caddy[1020]: {"level":"info","ts":1597496667.9958575,
Aug 15 13:04:27 Fermi-Plex caddy[1020]: {"level":"info","ts":1597496667.9958959,
** I know a Jellyfin server is working on that ip and port because if I open port 8096 and then go to the server.ip:8096, I get the login screen.
Any other troubleshooting I can do? I feel like caddy is running and the forward is working. Not sure why it’s not connecting to the server.
If you’re trying to access your internal services with the public domain and public IP address from within your network it could be that your router doesn’t support hairpin NAT or doesn’t have it enabled. Mine doesn’t support it and it’s super annoying to work around but it can be done.
Thank you both for replying. This morning, to be 100% sure, I went and:
ufw allow 80
ufw allow 443
(curious, on a side note, why its not safe to just have the Jellyfin port open - 8096 - but it’s safe to have both 443 and 80 open?)
When I open a browser and type my.google.com into the URL bar it immediately repopulates with my.vps.ip. So I know the redirect is working. But now I just get a blank screen (not a ‘connection timed out’ error). So I am thinking I did, in fact, need to open one of those ports but it hasn’t solve the problem entirely.
I doubt this is an issue but I am also running a plex server on this same box. Nothing appears to be conflicting but I wanted to make you aware. I’m going to open a ticket with my VPS provider re: hairpin NAT - I don’t know what that means but I’m sure they do.
oh! and yes, I did have two “/” - that was a typo.
Because then users won’t get all their traffic encrypted, which is Caddy’s job here. Port 80 is only open so Caddy can trigger the HTTP->HTTPS redirect, and to solve the ACME HTTP challenge, which is one of the ways that Caddy can prove to Let’s Encrypt that you own the domain.
Yep, just remove http:// from the front and you should be done.
Just as a note for next time; this is exactly why redacting parts of your config or modifying it before posting it on the forums is always a mistake. We went in circles a few times because we didn’t have evidence of the issue because you didn’t post your exact config.