I have been trying to reverse proxy the applications running at my home server.
Managed to get sickrage, plexpy working but plex is giving me a hard time.
Found lots of guides but all of them suggest using a sub domain which is not optimal in this case since i am using a purchased DV certificate from comodo thus a sub domain would render this unusable.
Is there any way i can reverse proxy plex under https://www.mydomain.com/plex?
so far i have been trying this cadyfile and alternations of it under the plex block
This isn’t quite true; you can easily configure Caddy to use your Comodo cert on www.mydomain.com, and have it fetch a LetsEncrypt certificate (also domain validated) for any subdomain you like (although I’d honestly recommend just letting Caddy do all the certificate management - LetsEncrypt certificates are free!).
To quote myself from a while back now, though, with regards to getting Plex working - long story short, you’re not going to be able to use /plex. It needs /web (and more besides).
Alright i will use go for a subdomain just for plex since it is so hard, Even though from your link i have already tried reverse engineering the config file from nginx and it didn’t work. I guess it should though.
AND my other settings working now with the certificate already
will enable automatic tls on the sub-domain and ask for the email and stuff?
I might have a problem here since my ISP is using port 80 on the router and i cant forward it so i am translating 80 to 8080 to get the http to https working.
QUESTION: what do i need to add to the above config to make the automatic tls for the sub-domain work? will it work automatic with the translation? i reckon there will be some trouble here since open port checks on my IP shows 80 as closed.
Sounds like you need to do a port forwarding to your pc from the router for port 80 to your 8080. Your ISP using port 80 on router doesn’t affect your ability to listen on the same port on another machine. The router is most likely listening on the internal interface only so external interface can still listen to port 80 and forward it to your machine.
To my knowledge, port 80 is required for TLS challenge to work. You could instead use DNS challenge (caddy supports it) if you can’t get port 80 to work.
I just thought of another thing: in case you’re in the same bot as myself for DNS challenge i.e. your dns provider isn’t a supported one, you could just setup lets encrypt certificate yourself via Dehydrated Bash Client (I’ve had very good experience with this on my gentoo machine) and treat it like another external certificate as far as caddy is concerned (leaving the cert management to dehydrated though i think you can’t automate it since inserting challenge in txt record will be manual step)
Examples of Dehydrated DNS hooks can be found here
Caddy should be able to get certificates without an email address. Alternately you can put tls firstname.lastname@example.org in your Caddyfile to specify on a per-site basis, or use the flag -email email@example.com when running Caddy. I’d also recommend using the -agree flag (see: CLI docs).
This will be problematic. Your alternatives are bridging your modem to a router that is more capable, or using DNS challenges.
The Automatic HTTPS doc has the full list of requirements. My understanding is that on its own, that snippet you’ve given won’t work because Caddy won’t bind to :80 - only :443 and :8080. Combined with the Caddyfile in your original post (which has an entry for http://mydomain.com), though, will let Caddy attempt to manage your certificates.
I’m having a bit of trouble understanding the situation with your port setup here. To be unambiguous, Caddy needs to bind to :80 and :443 on the server it’s running on in order to manage your certificates, but whatever your router is accessible on and forwarding to Caddy is where you’ll be accessing it from the internet. LetsEncrypt will expect Caddy to be available via public ports :80 and :443.
You say the ISP is using :80 - then you say you’re translating :80 to :8080. Can you clarify the translation a little? How are you translating the port if it’s reserved by the ISP? Which direction are you forwarding - router:80 to caddy:8080, or router:8080 to caddy:80? And if the port is closed externally, how is the ISP using it?
My router reserves :80, but only on the LAN interface to access the web GUI from an internal address. I can forward :80 from the WAN interface to any address and port in the LAN.
Thanks a lot for the answer mate, since port 80 creates such a big problem i managed to get plex working on root so i am all good. It is not really solution but i still mark your answer as solution since the problem is my ISP’s and not Caddy.
And a quick question that came up when I moved to setting up the next and final application, Seafile.
Is there by any chance an example of a cadyfile of a setup with seafile under a subfolder? I wanted to use seafile on root initially but that is now taken by plex
No worries. I should note that for the /seafile vhost I posted above, being unsure myself of exactly how Seafile works, I’m not sure what root should be. It’ll need to be set to something, I think. The Apache docs set the generic root to /var/www, which would imply that /seafile is looking in /var/www/seafile, but I don’t have it set up to poke around with and test.