Proxy URL not loading site?

robertgranholm · April 5, 2019, 9:27pm

So I had things moving along, but can’t seem to get a tool called Tautulli working, I get a 502 bad gateway, do you have any experience with it? Here’s my current settings…

Sonarr however is working great from it’s HTTPS url

Whitestrake · April 6, 2019, 3:08am

OK, so, you’re binding to 192.168.178.4 in the Tautulli interface, but you’re proxying to 192.168.178.5. Wrong host maybe?

robertgranholm · April 6, 2019, 11:16am

Gosh, the simple things, kudos…another service working. This stuff is cooool.

robertgranholm · April 6, 2019, 11:17am

I’m going to try and get caddy to launch on macOS startup this weekend.

Whitestrake · April 6, 2019, 11:25am

Check this out if you haven’t already:

[Guide] Local web development setup on a Mac (Caddy v1)

Configure Caddy

Unfortunately, Caddy’s brew formula doesn’t define a .plist file, which is needed to run it as a macOS service. Fortunately, the Caddy repo has one for us to use: https://github.com/mholt/caddy/blob/master/dist/init/mac-launchd/com.caddyserver.web.plist . Download it to your /Library/LaunchDaemons folder:

sudo curl -o /Library/LaunchDaemons/com.caddyserver.web.plist https://raw.githubusercontent.com/mholt/caddy/master/dist/init/mac-launchd/com.caddyserver.web.plist

This .plist makes some assumptions about where it’s going to store your Caddyfile, ACME assets, and temp folder, so we’ll have to make sure they’re all ready to go:

sudo mkdir -p /etc/caddy /etc/ssl/caddy /var/log/caddy /usr/local/bin /var/tmp
sudo touch /etc/caddy/Caddyfile
sudo chown _www:_www -R /etc/caddy /etc/ssl/caddy /var/log/caddy
sudo chmod 0750 /etc/ssl/caddy

[snip]

And now lets run Caddy (and have it start up at boot):

sudo launchctl load -w /Library/LaunchDaemons/com.caddyserver.web.plist

And we’re done here, too. You can find logs for troubleshooting purposes in /var/log/caddy .

robertgranholm · April 8, 2019, 1:12pm

Thanks, I’ll give this a try!

robertgranholm · April 8, 2019, 9:10pm

Hmm getting a no such file after running the chown command…odd cause the folders do exists…

mediacenterserver:~ mediacenter$ sudo chown _www:_www -R /etc/caddy /etc/ssl/caddy /var/log/caddy

chown: -R: No such file or directory

mediacenterserver:~ mediacenter$

robertgranholm · April 8, 2019, 9:13pm

and then understandably this error…

mediacenterserver:~ mediacenter$ sudo launchctl load -w /Library/LaunchDaemons/com.caddyserver.web.plist

/Library/LaunchDaemons/com.caddyserver.web.plist: Path had bad ownership/permissions

Can you explain to me a bit more what that chown command is doing?

Whitestrake · April 8, 2019, 11:29pm

chown -R changes the ownership of the folders and anything within, in this case to the _www user and _www group.

It’s not strictly necessary to run Caddy. The .plist actually specifies Caddy run as root, so it shouldn’t care who owns those files. There was also an error in it… The -R should come before the user:group parameter. I just edited the guide to reflect that.

As for the /Library/LaunchDaemons/com.caddyserver.web.plist: Path had bad ownership/permissions error… Can you check the ownership and permissions? (ls -l /Library/LaunchDaemons/com.caddyserver.web.plist)

It should be root:wheel with 644 permissions (-rw-r--r--).

robertgranholm · April 9, 2019, 3:10pm

I re-ran the command with -R in front, and that was accepted.

The permisions are not root:wheel but staff 1143

~ mediacenter$ ls -l /Library/LaunchDaemons/com.caddyserver.web.plist
-rw-r–r–@ 1 mediacenter staff 1143 Apr 8 17:19 /Library/LaunchDaemons/com.caddyserver.web.plist

robertgranholm · April 9, 2019, 3:28pm

So I pushed through a ran a chown command to change permission and then for lack of knowledge a chmod command for the 644 which i wasn’t really sure made a difference but the lauchctl command ran successfully

robertgranholm · April 9, 2019, 3:45pm

Rebooted and success! Nice! Next weeks project will be getting homebridge working and it all worked over with SSL

Whitestrake · April 9, 2019, 11:26pm

I wonder if you used sudo curl or instead just curl by itself when downloading the .plist file?

644 is -rw-r–r--, so nothing would be different.

Here’s a great, concise explanation of how it works: chmod Man Page with examples and calculator - Linux - SS64.com

Basically, by setting the owner to root and setting it to be writable by the owner, but not writable by group or world, you’ve made it so only root can edit the .plist. This is required for security reasons before macOS will let you load it, else someone might modify the .plist file maliciously during startup to have macOS run bad code with root privileges.

robertgranholm · April 9, 2019, 11:57pm

Thanks once again for the great info and explanation, you’ve done me a service good sir, i imagine, or madame, who knows…no matter

robertgranholm · April 23, 2019, 2:13am

Sorry to come back to this. It appears when I run this from the launch daemon i get this error.

2019/04/22 22:07:37 registration error: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:rateLimited :: Error creating new account :: too many registrations for this IP: see Rate Limits - Let's Encrypt, url:

But it doesn’t happen if I run it from terminal. Where should I look to troubleshoot this?

Whitestrake · April 23, 2019, 3:36am

Looks like Caddy under launchctl is trying to make a new account and being told that LetsEncrypt rate limited your IP address from creating any more accounts because you’ve registered too many already.

Pretty heavily implies that it’s not saving the ACME account data properly. Check /etc/ssl/caddy for the acme folder?

robertgranholm · April 23, 2019, 1:04pm

This was the fix, thanks for pointing me in the right direction…I ended up noticing the permissions got reset…I was doing some other work the other day and had to login as single user mode and repair permissions, I bet that did it.

Re-ran the other chown command as well with _www

Thanks again!

system · July 22, 2019, 1:04pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.