Reverse proxy on LAN

omar_al-hamad · May 22, 2021, 11:42am

1. Caddy version (`2.4.0`):

2. How I run Caddy:

It sits in a folder on my servers desktop and it is ran with: ‘.\caddy.exe run --watch’

a. System environment:

Windows 10 pro

b. Command:

 '.\caddy.exe run --watch'

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddyfile or JSON config:

{
        email omar93@hotmail.se
        http_port 80
        https_port 443
        admin localhost:2019
}

gemberss.duckdns.org {
        tls {
                trusted_ca_cert_file ./gemberss.duckdns.org/cert1.pem
        }
        reverse_proxy localhost:3233
}

omarius.duckdns.org {
        reverse_proxy localhost:3233
}

plex.almanzel.eu {
        reverse_proxy localhost:32400
}

webportal.almanzel.eu {
        reverse_proxy localhost:3233
}

omar.almanzel.eu {
        reverse_proxy 192.168.10.224:5000
}

code.almanzel.eu {
        reverse_proxy localhost:8443
}

3. The problem I’m having:

I am hosting a couple of services on my server, instead of port forwarding I am a reverse proxy so I used caddy because of automated TLS, to the domain name, I have purchased a domain name let’s almanzel.eu, but I can not route that to my routers IP address, so I use DUCKDNS and let’s call it router.duckdns.org.

From the omar.eu domains I create subdomain and I change the DNS settings of example: code.omar.eu to have it’s CNAME point to router.duckdns.org, router.duckdns.org points to my router because my router supports it.

The problem is when I use any of the subdomains on omar.eu like code.omar.eu it works on my LAN only, I get the padlock in the browser but as soon as I am outside the network it does not, I suspect I am missing something, maybe the DUCKDNS does not have a certificate? I tried using CRTBOT to make certificates for the DUCKDNS domains, but that didn’t change anything

4. Error messages and/or full log output:

5. What I already tried:

Adding certificates from CERTBOT to DUCKDNS domains

6. Links to relevant resources:

basil · May 22, 2021, 2:27pm

Hi Omar,

From a cursory glance, your external DNS resolver, duckdns, doesn’t appear to be configured properly. Set up an A record to point your domain almanzel.eu to your public IP address and set up CNAME records for code, omar, etc. Next. make sure you forward your WAN HTTPS port to your Caddy instance.

You’ll find this wiki article useful Using Caddy as a reverse proxy in a home network.

omar_al-hamad · May 23, 2021, 10:41am

duckdns points to my routers ip adress, there are no settings i can change there,
how ever the almanzel.eu can only point to an ipadress and i assume u want me to change it to my routersIP but that changes over time, and the cname records where do I need to point them at? The code, Omar etc, they are currently pointed at duckdns, and by Wan ports u mean porr 80, 443? They are both forwarded to the reverse proxy machine atm

francislavoie · May 24, 2021, 3:47pm

Remove these lines, it’s redundant because they’re the default.

DNS providers don’t “have certificates” for your site, that’s your (or your server’s, i.e. Caddy) responsibility.

What’s in your logs? Caddy emits plenty of logs to stdout/stderr while running, which should tell you what’s going on.

system · June 21, 2021, 11:42am

This topic was automatically closed after 30 days. New replies are no longer allowed.