1. The problem I’m having:
I setup caddy as reverse proxy and DDNS client with the goal to get valid certs for my internal network.
This works for most of my device, it only fails for a Repeater:
https://fritz-repater-boden.home.mietzen.xyz
In the browser I only get a blank page, with curl
I get a 200 response.
Before caddy I used NGINX, there I worked with the following “default” settings. I guess I’m missing some setting/headers?
server {
listen 80;
listen [::]:80;
server_name fritzbox-unten.admin.lan;
# Enforce HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name fritzbox-unten.admin.lan;
include /etc/nginx/ssl.conf;
client_max_body_size 0;
location / {
proxy_pass https://192.168.30.2;
include /etc/nginx/proxy.conf;
}
ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/key.pem;
}
server {
listen 80;
listen [::]:80;
server_name fritzbox-oben.admin.lan;
# Enforce HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name fritzbox-oben.admin.lan;
include /etc/nginx/ssl.conf;
client_max_body_size 0;
location / {
proxy_pass https://192.168.30.3;
include /etc/nginx/proxy.conf;
}
ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/key.pem;
}
server {
listen 80;
listen [::]:80;
server_name fritz-repater-boden.admin.lan;
# Enforce HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name fritz-repater-boden.admin.lan;
include /etc/nginx/ssl.conf;
client_max_body_size 0;
location / {
proxy_pass https://192.168.30.4;
include /etc/nginx/proxy.conf;
}
ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/key.pem;
}
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
client_body_buffer_size 128k;
client_max_body_size 0;
large_client_header_buffers 4 16k;
send_timeout 5m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
variables_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
# Enabling request time and GEO codes
log_format custom '$remote_addr - $remote_user [$time_local]'
'"$request" $status $body_bytes_sent'
'"$http_referer" $host "$http_user_agent"'
'"$request_time" "$upstream_connect_time"'
'"$geoip_city" "$geoip_city_country_code"';
access_log /var/log/nginx/access-geoip.log custom;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# WebSocket proxying
##
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
##
# Virtual Host Configs
##
include /etc/nginx/sites-enabled/*;
include /etc/nginx/conf.d/*.conf;
}
ssl.conf
:
# DH Key Exchange
ssl_dhparam /etc/nginx/dhparam.pem;
# TLS Protocol Support
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
# Cipher Strength
ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
ssl_ecdh_curve secp384r1;
# SSL Session Caching
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
proxy.conf
:
# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Proxy Connection Settings
proxy_buffers 32 4k;
proxy_connect_timeout 240;
proxy_headers_hash_bucket_size 128;
proxy_headers_hash_max_size 1024;
proxy_http_version 1.1;
proxy_read_timeout 240;
proxy_redirect http:// $scheme://;
proxy_send_timeout 240;
# Proxy Cache and Cookie Settings
proxy_cache_bypass $cookie_session;
#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps
proxy_no_cache $cookie_session;
# Proxy Header Settings
proxy_set_header Connection $connection_upgrade;
#proxy_set_header Early-Data $ssl_early_data;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Real-IP $remote_addr;
2. Error messages and/or full log output:
Request via caddy2:
$ curl -v https://fritz-repater-boden.home.mietzen.xyz
* processing: https://fritz-repater-boden.home.mietzen.xyz
* Trying 192.168.30.1:443...
* Connected to fritz-repater-boden.home.mietzen.xyz (192.168.30.1) port 443
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: CN=*.home.mietzen.xyz
* start date: Aug 28 17:20:19 2023 GMT
* expire date: Nov 26 17:20:18 2023 GMT
* subjectAltName: host "fritz-repater-boden.home.mietzen.xyz" matched cert's "*.home.mietzen.xyz"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: fritz-repater-boden.home.mietzen.xyz]
* h2 [:path: /]
* h2 [user-agent: curl/8.2.1]
* h2 [accept: */*]
* Using Stream ID: 1
> GET / HTTP/2
> Host: fritz-repater-boden.home.mietzen.xyz
> User-Agent: curl/8.2.1
> Accept: */*
>
< HTTP/2 200
< alt-svc: h3=":443"; ma=2592000
< server: Caddy
< content-length: 0
< date: Wed, 30 Aug 2023 13:15:10 GMT
<
* Connection #0 to host fritz-repater-boden.home.mietzen.xyz left intact
Caddy log:
2023/08/30 15: 04: 53 INFO http.log.access handled request {
"request": {
"remote_ip": "192.168.30.103",
"remote_port": "53489",
"client_ip": "192.168.30.103",
"proto": "HTTP/2.0",
"method": "GET",
"host": "fritz-repater-boden.home.mietzen.xyz",
"uri": "/",
"headers": {
"Sec-Ch-Ua": [
"\"Chromium\";v=\"115\", \"Not/A)Brand\";v=\"99\""
],
"Upgrade-Insecure-Requests": [
"1"
],
"Accept-Encoding": [
"gzip, deflate, br"
],
"Sec-Gpc": [
"1"
],
"Accept": [
"text/html,application/xhtml+xml,application/xml;q=0.9,image/jxl,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
],
"Sec-Fetch-Mode": [
"navigate"
],
"Accept-Language": [
"en-GB,en-US;q=0.9,en;q=0.8,de;q=0.7"
],
"Sec-Fetch-Dest": [
"document"
],
"Sec-Fetch-User": [
"?1"
],
"Sec-Ch-Ua-Mobile": [
"?0"
],
"Sec-Ch-Ua-Platform": [
"\"macOS\""
],
"Dnt": [
"1"
],
"User-Agent": [
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
],
"Sec-Fetch-Site": [
"same-site"
]
},
"tls": {
"resumed": false,
"version": 772,
"cipher_suite": 4867,
"proto": "h2",
"server_name": "fritz-repater-boden.home.mietzen.xyz"
}
},
"bytes_read": 0,
"user_id": "",
"duration": 0.000179334,
"size": 0,
"status": 0,
"resp_headers": {
"Server": [
"Caddy"
],
"Alt-Svc": [
"h3=\":443\"; ma=2592000"
]
}
}
2023/08/30 15: 04: 53 INFO http.log.access handled request {
"request": {
"remote_ip": "192.168.30.103",
"remote_port": "53489",
"client_ip": "192.168.30.103",
"proto": "HTTP/2.0",
"method": "GET",
"host": "fritz-repater-boden.home.mietzen.xyz",
"uri": "/favicon.ico",
"headers": {
"User-Agent": [
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
],
"Sec-Ch-Ua-Platform": [
"\"macOS\""
],
"Accept": [
"image/jxl,image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"
],
"Referer": [
"https://fritz-repater-boden.home.mietzen.xyz/"
],
"Accept-Language": [
"en-GB,en-US;q=0.9,en;q=0.8,de;q=0.7"
],
"Dnt": [
"1"
],
"Sec-Ch-Ua": [
"\"Chromium\";v=\"115\", \"Not/A)Brand\";v=\"99\""
],
"Sec-Fetch-Mode": [
"no-cors"
],
"Sec-Fetch-Dest": [
"image"
],
"Accept-Encoding": [
"gzip, deflate, br"
],
"Sec-Ch-Ua-Mobile": [
"?0"
],
"Sec-Gpc": [
"1"
],
"Sec-Fetch-Site": [
"same-origin"
]
},
"tls": {
"resumed": false,
"version": 772,
"cipher_suite": 4867,
"proto": "h2",
"server_name": "fritz-repater-boden.home.mietzen.xyz"
}
},
"bytes_read": 0,
"user_id": "",
"duration": 0.000222358,
"size": 0,
"status": 0,
"resp_headers": {
"Server": [
"Caddy"
],
"Alt-Svc": [
"h3=\":443\"; ma=2592000"
]
}
}
Request without caddy2 from the machine caddy is running on:
$ curl -k -v https://192.168.30.4
* processing: https://192.168.30.4
* Trying 192.168.30.4:443...
* Connected to 192.168.30.4 (192.168.30.4) port 443
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: CN=192.168.30.4
* start date: Jan 1 00:00:24 1970 GMT
* expire date: Jan 16 00:00:24 2038 GMT
* issuer: CN=192.168.30.4
* SSL certificate verify result: self-signed certificate (18), continuing anyway.
* using HTTP/1.x
> GET / HTTP/1.1
> Host: 192.168.30.4
> User-Agent: curl/8.2.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 200 OK
< Cache-Control: no-cache
< Cache-Control: no-cache, no-store, must-revalidate
< Connection: close
< Content-Type: text/html; charset=utf-8
< Date: Wed, 30 Aug 2023 13:36:35 GMT
< Expires: -1
< Pragma: no-cache
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Content-Security-Policy: default-src 'none'; connect-src 'self'; font-src 'self'; frame-src https://service.avm.de https://fritzhelp.avm.de/help/ https://help.avm.de https://www.avm.de https://avm.de https://assets.avm.de https://clickonce.avm.de http://clickonce.avm.de http://download.avm.de https://download.avm.de 'self'; img-src 'self' https://tv.avm.de https://help.avm.de/images/ http://help.avm.de/images/ data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; media-src 'self'
<
<!DOCTYPE html>
<html lang="de">
<head>
<meta http-equiv=content-type content="text/html; charset=utf-8" />
<meta http-equiv="Cache-Control" content="private, no-transform" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="format-detection" content="telephone=no" />
<meta http-equiv="x-rim-auto-match" content="none" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes, minimal-ui" />
<meta name="mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
<meta http-equiv="cleartype" content="on">
<link rel="icon" href="/favicon.ico" size="16x16"/>
<link rel="icon" href="/icon.svg" type="image/svg+xml"/>
<link rel="icon" href="/icon.png" type="image/png"/>
<link rel="apple-touch-icon" href="/apple-touch-icon.png" />
<link rel="apple-touch-startup-image" href="/apple-touch-icon.png" />
<style>
/*@font-face {
font-family: 'Source Sans Pro';
font-style: italic;
font-stretch: normal;
font-weight: 400;
src: url('/assets/fonts/SourceSansPro-Italic.woff2') format('woff2');
}*/
@font-face {
font-family: 'Source Sans Pro';
font-style: normal;
font-stretch: normal;
font-weight: 400;
src: url('/assets/fonts/source-sans-pro-v11-latin-ext_latin-regular.woff2') format('woff2');
}
@font-face {
font-family: 'Source Sans Pro';
font-style: normal;
font-stretch: normal;
font-weight: 600;
src: url('/assets/fonts/source-sans-pro-v11-latin-ext_latin-600.woff2') format('woff2');
}
@font-face {
font-family: 'Source Sans Pro';
font-style: normal;
font-stretch: normal;
font-weight: 900;
src: url('/assets/fonts/SourceSansPro-Black.woff2') format('woff2');
}
html, input, textarea, keygen, select, button {
font-family: 'Source Sans Pro', Arial, sans-serif;
font-size: 100%;
}
</style>
<link rel="stylesheet" type="text/css" href="/css/box.css">
<link rel='stylesheet' type='text/css' href="/css/rd/login.css"/>
<title>
FRITZ!Repeater
</title>
</head>
<body>
<script>
var gNbc = false;
</script>
<script src="/js/browser.js"></script>
<script src="/js/vendor.js"></script>
<script src="/js/box-login.js"></script>
<script type="module">
import { setConfig } from "/js/config.js";
import login from "/js/login.js";
setConfig({"ZIGBEE":false,"GUI_IS_POWERLINE":false,"isDebug":false,"gu_type":"release","WLAN":{"is_double_wlan":false},"GUI_IS_REPEATER":true,"GUI_IS_GATEWAY":false,"language":"de","GUI_HIDE_TEASER":false});
const data = {"firstTenMin":false,"challenge":"2$60000$1ad7ea6b0141a0cf24e2cc0a39551a1b$6000$2b72bd10a2d23b2c16bd23a5a121b3c8","blockTime":0,"pageTitle":"Willkommen bei Ihrem FRITZ!Repeater 600","lastPage":"","loginReason":0,"username":"","abortConfig":false,"hideForgotPasswordLink":false,"authMode":"0","facTitle":"FRITZ!Repeater Werkseinstellungen","falseUsername":false,"fallbackRedirectUrl":"http:\/\/192.168.178.2\/","showFactoryPasswordHint":false,"txt":{"forgotPassword":"Kennwort vergessen?","loginWithPassword":"Sie können sich auch %1%showPasswordLink%nur mit dem FRITZ!Box-Kennwort anmelden%\/1%showPasswordLink%.","facOnAllowedComp":"Das Wiederherstellen der Werkseinstellungen starten Sie von einem Computer aus, für den die Internetnutzung in der FRITZ!Box unbegrenzt ist.","pleaseChoose":"Bitte wählen ...","facNotSet":"FRITZ!Repeater wurde nicht auf Werkseinstellungen zurückgesetzt","notAuthorized":"Sie sind momentan als Benutzer %1%Name% angemeldet. Dieser Benutzer hat keine Berechtigung, auf die von Ihnen angeforderten FRITZ!Repeater-Inhalte zuzugreifen.","autoLogoutLoginAgain":"Sie wurden automatisch abgemeldet, bitte melden Sie sich erneut an.","pushNotWorking":"Push Service funktioniert nicht?","sendLoginLink":"Zugangslink senden","pushLoginRestartExplain":"Zur Sicherheit ist die Anmeldung an Ihrer FRITZ!Box nur in einem vorgegebenen Zeitraum möglich. Dieser Zeitraum wurde überschritten.","hint_headline":"Hinweis:","waitMore":"Bitte warten Sie %1 Sekunden.","facNotAllowed":"Das Wiederherstellen der Werkseinstellungen ist gescheitert, da dieser Computer nicht dazu berechtigt ist.","pushLoginRestartBtn":"Anmeldevorgang starten","waitOne":"Bitte warten Sie 1 Sekunde.","loginWithAnotherUser":"Sie können sich auch %1%showUsersLink%mit Ihrem Benutzernamen und Kennwort anmelden%\/1%showUsersLink%.","chooseUsername":"Bitte geben Sie einen Benutzernamen an.","sendPushServiceMail":"Push Service Mail senden","facLoseSettings":"Beachten Sie bitte, dass beim Zurücksetzen alle Ihre Einstellungen verloren gehen!","mistypedOrNotAuthorized":"Haben Sie sich vielleicht vertippt oder fehlt Ihnen die Zugangsberechtigung für diesen Bereich?","pushLoginRestartRequest":"Bitte starten Sie erneut den Anmeldevorgang.","defaultUserHint":"Automatisch angelegter Benutzer. Sie können sich mit dem FRITZ!Box-Kennwort anmelden.","login":"Anmelden","loginMailSent":"Die E-Mail mit den Zugangsdaten zur Benutzeroberfläche wurde versendet.","waitTryAgain":"Bitte melden Sie sich erneut an.","loginAgainUserPass":"Für die Anmeldung sind die Anmeldedaten Ihrer FRITZ!Box erforderlich","caution":"Achtung","facRepeat":"Sie können dann die Werkseinstellungen erneut wiederherstellen.","boxPassword":"FRITZ!Box-Kennwort","loginFailed":"Anmeldung fehlgeschlagen.","user":"Benutzername","autoLogoutTimeout":"Sie wurden automatisch abgemeldet, da seit längerer Zeit keine Aktivität registriert wurde.","facDisconnectPower":"Trennen Sie den FRITZ!Repeater für mindestens eine Minute von der Stromversorgung. Nach einer weiteren Minute können Sie erneut auf die Benutzeroberfläche zugreifen. Klicken Sie dann auf \"Zur Übersicht\".","pass":"Kennwort","facNotAllowedOr10Min":"Sie haben keine Berechtigung diese Aktion durchzuführen oder Ihr FRITZ!Repeater ist schon länger als 10 Minuten in Betrieb.","setFacDefaults":"Werkseinstellungen wiederherstellen","choose":"OK","loginBoxPassword":"Für die Anmeldung ist das Kennwort Ihrer FRITZ!Box erforderlich.","repeaterPassword":"FRITZ!Repeater-Kennwort","tooManyLogins":"Es wurden zu viele Sitzungen gleichzeitig gestartet.","pushNeedsWan":"Für den Versand einer Push Service Mail benötigt Ihr FRITZ!Repeater eine aktive Internetverbindung.","loginLinkMailPossible":"Wenn Sie Ihr Kennwort für die Benutzeroberfläche vergessen haben, können Sie sich einen Zugangslink per Push Service Mail senden lassen.","facFailed":"Das Wiederherstellen der Werkseinstellungen ist gescheitert."},"cutPowerTxt":"Trennen Sie zunächst den FRITZ!Repeater für mindestens eine Minute vom Strom und kehren Sie auf diese Seite zurück, nachdem Ihr FRITZ!Repeater neu gestartet ist.","pageTitleProduct":"FRITZ!Repeater 600","facWhatNextTxt":"Nach dem Zurücksetzen werden Sie automatisch auf die Übersichtsseite des FRITZ!Repeaters weitergeleitet.","showUser":false,"facPationsTxt":"Es kann bis zu 5 Minuten dauern, bis der FRITZ!Repeater wieder erreichbar ist, bitte haben Sie etwas Geduld.","ifSetFacTxt":"Wenn Sie Ihr Kennwort vergessen haben, kann die Benutzeroberfläche erst dann wieder geöffnet werden, wenn der FRITZ!Repeater auf die Werkseinstellungen zurückgesetzt wurde.","facIsSetTxt":"Der FRITZ!Repeater wird auf Werkseinstellungen zurückgesetzt und startet anschließend neu. Alle Verbindungen gehen dabei kurz verloren.","logoutTxt":"\"Sie haben sich erfolgreich von dem FRITZ!Repeater abgemeldet.\"","changedPassTxt":"\"Das Kennwort wurde geändert.\"","defaultPassword":false,"pushBtnLogin":false,"activeUsers":[],"fromInternet":false,"pushmailEnabled":false,"sid":"0000000000000000"};
if (window.gNbc) {
data.nbc = true;
}
function localInit() {
"use strict";
window.history.replaceState({}, '', '/');
login.init(data);
}
localInit();
</script>
</body>
</html>
* Closing connection
* TLSv1.3 (OUT), TLS alert, close notify (256):
3. Caddy version:
$ ./caddy version
v2.7.4 h1:J8nisjdOxnYHXlorUKXY75Gr6iBfudfoGhrJ8t7/flI=
4. How I installed and ran Caddy:
- Downloaded FreeBSD AMD64 Binary with modules from: Download Caddy
- Put it under /opt/CaddyV2 and made it executable
- Wrote system service
a. System environment:
OPNsense 23.7.2 AMD64
b. Command:
./caddy run --envfile /opt/CaddyV2/.env
c. service file:
#!/bin/sh
. /etc/rc.subr
name="caddyv2"
rcvar="caddyv2_enable"
caddyv2_user="root"
caddyv2_command="/opt/CaddyV2/caddy run --envfile /opt/CaddyV2/.env"
pidfile="/var/run/${name}.pid"
command="/usr/sbin/daemon"
command_args="-P ${pidfile} -r -f ${caddyv2_command}"
load_rc_config $name
: ${caddyv2_enable:=no}
run_rc_command "$1"
d. My complete Caddy config:
{
storage file_system {
root /opt/CaddyV2/data
}
log caddy {
output file /opt/CaddyV2/data/logs/caddy.log {
roll_size 10MiB
roll_local_time
roll_keep 5
roll_keep_for 336h
}
format console {
time_local
time_format wall
}
level INFO
}
email contact@mietzen.xyz
dynamic_dns {
provider porkbun {
api_key {env.PORKBUN_API_KEY}
api_secret_key {env.PORKBUN_API_SECRET_KEY}
}
domains {
mietzen.xyz wireguard.home
}
versions ipv4
ip_source command /opt/CaddyV2/fritzbox_ext_ip 192.168.178.1
check_interval 5m
ttl 1h
}
}
home.mietzen.xyz *.home.mietzen.xyz {
tls {
dns porkbun {
api_key {env.PORKBUN_API_KEY}
api_secret_key {env.PORKBUN_API_SECRET_KEY}
}
}
log opnsense {
hostnames opnsense.home.mietzen.xyz
output file /opt/CaddyV2/data/logs/opnsense.log {
roll_size 10MiB
roll_local_time
roll_keep 5
roll_keep_for 336h
}
format console {
time_local
time_format wall
}
level INFO
}
@opnsense host opnsense.home.mietzen.xyz
handle @opnsense {
reverse_proxy https://192.168.30.1:8443 {
transport http {
tls
tls_insecure_skip_verify
}
}
}
log fritzbox_unten {
hostnames fritzbox-unten.home.mietzen.xyz
output file /opt/CaddyV2/data/logs/fritzbox-unten.log {
roll_size 10MiB
roll_local_time
roll_keep 5
roll_keep_for 336h
}
format console {
time_local
time_format wall
}
level INFO
}
@fritzbox_unten host fritzbox-unten.home.mietzen.xyz
handle @fritzbox_unten {
reverse_proxy https://192.168.30.2 {
transport http {
tls
tls_insecure_skip_verify
}
}
}
log fritzbox_oben {
hostnames fritzbox-oben.home.mietzen.xyz
output file /opt/CaddyV2/data/logs/fritzbox-oben.log {
roll_size 10MiB
roll_local_time
roll_keep 5
roll_keep_for 336h
}
format console {
time_local
time_format wall
}
level INFO
}
@fritzbox_oben host fritzbox-oben.home.mietzen.xyz
handle @fritzbox_oben {
reverse_proxy https://192.168.30.3 {
transport http {
tls
tls_insecure_skip_verify
}
}
}
log fritz_repeater_boden {
hostnames fritz-repeater-boden.home.mietzen.xyz
output file /opt/CaddyV2/data/logs/fritz-repeater-boden.log {
roll_size 10MiB
roll_local_time
roll_keep 5
roll_keep_for 336h
}
format console {
time_local
time_format wall
}
level INFO
}
@fritz_repeater_boden host fritz-repeater-boden.home.mietzen.xyz
handle @fritz_repeater_boden {
reverse_proxy https://192.168.30.4 {
transport http {
tls
tls_insecure_skip_verify
}
}
}
}
fritz-repeater-boden.log is not created
5. Links to relevant resources:
I’ve read: