Reverse proxy with tailscale and cloudflare

1. The problem I’m having:

A complete newbie trying to access local address with custom domain from cloudflare and reverse proxy. Please tell me how to get log files as well, just copy pasted terminal in this one

2. Error messages and/or full log output:

Oct 17 01:57:02 tfr-pogtop caddy[1123018]: {"level":"debug","ts":1729151822.8904467,"logger":"events","msg":"event","name":"cert_obtaining","id":"fa04af8b-8bf5-46a0-9e38-0227a07f2f7e","origin":"tls","data":{"identifier":"immich.caddy.harkirtan.me"}}
Oct 17 01:57:02 tfr-pogtop caddy[1123018]: {"level":"debug","ts":1729151822.891005,"logger":"tls.obtain","msg":"trying issuer 1/1","issuer":"acme-v02.api.letsencrypt.org-directory"}
Oct 17 01:57:02 tfr-pogtop caddy[1123018]: {"level":"info","ts":1729151822.892003,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/167510053","account_contact":[]}
Oct 17 01:57:02 tfr-pogtop caddy[1123018]: {"level":"debug","ts":1729151822.8920453,"logger":"tls.issuance.acme.acme_client","msg":"creating order","account":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/167510053","identifiers":["immich.caddy.harkirtan.me"]}
Oct 17 01:57:03 tfr-pogtop caddy[1123018]: {"level":"debug","ts":1729151823.4705272,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Thu, 17 Oct 2024 07:57:03 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["Mxxe5XbPgZz9zzZVkOApAe5iQ8tjSehwT18tILC2MHgtq7ZiFL8"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Oct 17 01:57:03 tfr-pogtop caddy[1123018]: {"level":"debug","ts":1729151823.5592797,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["167510053"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["364"],"Content-Type":["application/json"],"Date":["Thu, 17 Oct 2024 07:57:03 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-staging-v02.api.letsencrypt.org/acme/order/167510053/19814018923"],"Replay-Nonce":["Mxxe5XbPf7MZEaso1u7TfweE8Cxhfp508MOLJd-SUetSCWWxe8w"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
Oct 17 01:57:03 tfr-pogtop caddy[1123018]: {"level":"debug","ts":1729151823.6263325,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/14464885083","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["167510053"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["830"],"Content-Type":["application/json"],"Date":["Thu, 17 Oct 2024 07:57:03 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["AsXtR2E7KjvtmTn51mPnOJGwUDk-KA63KSG6UkH9GmQjeojuyhI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Oct 17 01:57:03 tfr-pogtop caddy[1123018]: {"level":"info","ts":1729151823.6265965,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"immich.caddy.harkirtan.me","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Oct 17 01:57:03 tfr-pogtop caddy[1123018]: {"level":"error","ts":1729151823.6944177,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"immich.caddy.harkirtan.me","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.immich.caddy.harkirtan.me\" (usually OK if presenting also failed)"}
Oct 17 01:57:03 tfr-pogtop caddy[1123018]: {"level":"debug","ts":1729151823.7681267,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/14464885083","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["167510053"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["834"],"Content-Type":["application/json"],"Date":["Thu, 17 Oct 2024 07:57:03 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["Mxxe5XbPuTgL6RxO3JOHtJgMOuXVAOemOGkWoezFXfgWT2bLA0Q"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Oct 17 01:57:03 tfr-pogtop caddy[1123018]: {"level":"error","ts":1729151823.7684433,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"immich.caddy.harkirtan.me","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[immich.caddy.harkirtan.me] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.immich.caddy.harkirtan.me\": unexpected response code 'NOTIMP' for _acme-challenge.immich.caddy.harkirtan.me. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/167510053/19814018923) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
Oct 17 01:57:03 tfr-pogtop caddy[1123018]: {"level":"debug","ts":1729151823.7685366,"logger":"events","msg":"event","name":"cert_failed","id":"6abc328f-08ae-4176-90d4-cbb08b5a60da","origin":"tls","data":{"error":{},"identifier":"immich.caddy.harkirtan.me","issuers":["acme-v02.api.letsencrypt.org-directory"],"renewal":false}}
Oct 17 01:57:03 tfr-pogtop caddy[1123018]: {"level":"error","ts":1729151823.7685685,"logger":"tls.obtain","msg":"will retry","error":"[immich.caddy.harkirtan.me] Obtain: [immich.caddy.harkirtan.me] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.immich.caddy.harkirtan.me\": unexpected response code 'NOTIMP' for _acme-challenge.immich.caddy.harkirtan.me. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/167510053/19814018923) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":6,"retrying_in":600,"elapsed":1204.373307405,"max_duration":2592000}
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

3. Caddy version:

4. How I installed and ran Caddy:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

a. System environment:

Linux 6.8.0-47-generic amd64 systemd

b. Command:

systemctl start caddy

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

# Set this path to your site's directory.
#       root * /usr/share/caddy

# Enable the static file server.
#       file_server

# Another common task is to set up a reverse proxy:
# reverse_proxy localhost:8080

# Or serve a PHP site through php-fpm:
# php_fastcgi localhost:9000
#}
{
        debug
}

(cloudflare) {
        tls {
                dns cloudflare my api token with zone edit and read permissions
        }
}

# immich
immich.caddy.harkirtan.me {
        reverse_proxy http://100.106.156.82:2283
        import cloudflare
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

5. Links to relevant resources:

Logs for what? You already have the logs managed by journalctl.

thats good. I tried to follow the instructions. please let me know if you need any additional information

I don’t understand. What’s the question? Elaborate. Explain.

I’m not able to use caddy with cloudflare. I have the log and the question you answered was additional question but not the main.

You didn’t actually ask a question initially. I only look at the logs based on what is asked. You could’ve said “Caddy is failing to get a certificate from Cloudflare”.

Anyway, the error is this:

This means that your system’s DNS resolvers don’t support the DNS query Caddy tried to make to fetch the necessary information about your domain to continue.

You can configure Caddy to use different resolvers instead of your local ones with resolvers 1.1.1.1 (i.e. Cloudflare’s own DNS servers). Add this right below your dns cloudflare line.

caddy.service - Caddy
Loaded: loaded (/etc/systemd/system/caddy.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Thu 2024-10-17 12:35:53 MDT; 6min ago
Duration: 8h 33min 7.329s
Docs: Welcome — Caddy Documentation
Process: 1297876 ExecStart=/usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile (code=exited, status=1/FAILURE)
Main PID: 1297876 (code=exited, status=1/FAILURE)
Status: “loading new config: http app module: start: finalizing automatic HTTPS: managing certificates for [portainer.caddy.harkirtan.me immich.caddy.harkirtan.me libre.caddy.harkirtan.me]: automate: manage [portainer.caddy.harkirtan.me immich.caddy.harkirtan.me libre.caddy.harkirtan.me]: portainer.caddy.harkirtan.me: caching certificate: open /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/portainer.caddy.harkirtan.me/portainer.caddy.harkirtan.me.key: permission denied”
CPU: 89ms

Oct 17 12:35:53 tfr-pogtop caddy[1297876]: {“level”:“info”,“ts”:1729190153.7534935,“logger”:“tls”,“msg”:“finished cleaning storage units”}
Oct 17 12:35:53 tfr-pogtop caddy[1297876]: {“level”:“info”,“ts”:1729190153.753502,“logger”:“http.log”,“msg”:“server running”,“name”:“srv0”,“protocols”:[“h1”,“h2”,“h3”]}
Oct 17 12:35:53 tfr-pogtop caddy[1297876]: {“level”:“debug”,“ts”:1729190153.7535303,“logger”:“http”,“msg”:“starting server loop”,“address”:“[::]:80”,“tls”:false,“http3”:false}
Oct 17 12:35:53 tfr-pogtop caddy[1297876]: {“level”:“info”,“ts”:1729190153.7535388,“logger”:“http.log”,“msg”:“server running”,“name”:“remaining_auto_https_redirects”,“protocols”:[“h1”,“h2”,“h3”]}
Oct 17 12:35:53 tfr-pogtop caddy[1297876]: {“level”:“info”,“ts”:1729190153.7535431,“logger”:“http”,“msg”:“enabling automatic TLS certificate management”,“domains”:[“portainer.caddy.harkirtan.me”,“immich.caddy.harkirtan.me”,“libre.caddy.harkirtan.me”]}
Oct 17 12:35:53 tfr-pogtop caddy[1297876]: {“level”:“info”,“ts”:1729190153.7536047,“logger”:“tls.cache.maintenance”,“msg”:“stopped background certificate maintenance”,“cache”:“0xc0005c4c00”}
Oct 17 12:35:53 tfr-pogtop caddy[1297876]: Error: loading initial config: loading new config: http app module: start: finalizing automatic HTTPS: managing certificates for [portainer.caddy.harkirtan.me immich.caddy.harkirtan.me libre.caddy.harkirtan.me]: automate: manage [portainer.caddy.harkirtan.me immich.caddy.harkirtan.me libre.caddy.harkirtan.me]: portainer.caddy.harkirtan.me: caching certificate: open /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/portainer.caddy.harkirtan.me/portainer.caddy.harkirtan.me.key: permission denied
Oct 17 12:35:53 tfr-pogtop systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Oct 17 12:35:53 tfr-pogtop systemd[1]: caddy.service: Failed with result ‘exit-code’.
Oct 17 12:35:53 tfr-pogtop systemd[1]: Failed to start caddy.service - Caddy.

caddy service restart error

Caddy needs to be able to write to /var/lib/caddy/.local/share/caddy. /var/lib/caddy It should be owned by the caddy user. Check the file permissions. That directory should have been created with the correct permissions when you installed the package. If you did anything else, it may have been broken.

Are you on a system with SELinux? It could be blocking access for some strange reason.

I’m on ubuntu and how do i change the permissions?

root@tfr-pogtop:~# ls -ld /var/lib/caddy
drwxrwx–x 4 caddy caddy 4096 Oct 16 22:10 /var/lib/caddy

this is the output for permissions.

And what about the contents? Go down the directory tree, does anything have the wrong permissions?

ls -ld /var/lib/caddy/.local/share/caddy
drwx-w---- 4 root caddy 4096 Oct 17 04:02 /var/lib/caddy/.local/share/caddy

Okay, it should not be owned by root. I don’t know why that happened, I have to assume you can something earlier which caused them to be created with the wrong permissions. You can wipe it out with sudo rm -rf /var/lib/caddy/.local and restart Caddy so it recreates them.

thas out of the way. service is up and running but I’m still not able to use my cloudflare domain to access my local machine. I’m using the caddyfile uploaded above. @francislavoie

Unfortunately there’s a million and one ways to make this kind of thing fail. Without being very specific about what’s going on, we have no way to make guesses as to what’s breaking except to throw stuff at the wall and see if it sticks.

To help us help you, one of the best ways for you to get us usable information is to follow a three-step format, with specifics:

1. What did you do?
   e.g. “I opened Chrome, and tried to browse to example.com”
2. What outcome did you expect?
   e.g. “I should be able to see my website on HTTPS”
3. What result did you get instead?
   e.g. “My browser gave me a warning saying the certificate was untrusted”

You should assume that we will need to know the exact wording of any errors you get, etc.

Sorry was catching up with life and I was on my phone so couldn’t get the necessary information. Now I can so here it is:

1. What am I trying to do?

I am trying to access my local machines through tailscale and caddy which I have both installed. Caddy is running as systemctl service.

2. What have a got so far?

Created a caddy file and point CNAME to my qualifield tailnode. Installed caddy cloudflare module.

3. How does my Caddy file look like?

(cloudflare) {
tls {
dns cloudflare my api token with zone edit and read permissions
}
}
#immich
immich.harkirtanshomelab.com {
reverse_proxy http://100.106.156.82:2283
import cloudflare
}
#portainer
portainer.harkirtanshomelab.com {
reverse_proxy https://100.65.139.106:9443
import cloudflare
}

4. What error am I getting?

Oct 18 16:34:45 tfr-pogtop caddy[166153]: INVOCATION_ID=286e9100e52b49d3826c38deddac2dcc
Oct 18 16:34:45 tfr-pogtop caddy[166153]: JOURNAL_STREAM=8:189830
Oct 18 16:34:45 tfr-pogtop caddy[166153]: SYSTEMD_EXEC_PID=166153
Oct 18 16:34:45 tfr-pogtop caddy[166153]: MEMORY_PRESSURE_WATCH=/sys/fs/cgroup/system.slice/caddy.service/memory.pressure
Oct 18 16:34:45 tfr-pogtop caddy[166153]: MEMORY_PRESSURE_WRITE=c29tZSAyMDAwMDAgMjAwMDAwMAA=
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“info”,“ts”:1729290885.0548742,“msg”:“using config from file”,“file”:“/etc/caddy/Caddyfile”}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“info”,“ts”:1729290885.058349,“msg”:“adapted config to JSON”,“adapter”:“caddyfile”}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“warn”,“ts”:1729290885.0585454,“msg”:“Caddyfile input is not formatted; run ‘caddy fmt --overwrite’ to fix inconsistencies”,“adapter”:“caddyfile”,“file”:“/etc/caddy/Caddyfile”,“line”:2}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“info”,“ts”:1729290885.0602396,“logger”:“admin”,“msg”:“admin endpoint started”,“address”:“localhost:2019”,“enforce_origin”:false,“origins”:[“//localhost:2019”,“//[::1]:2019”,“//127.0.0.1:2019”]}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“info”,“ts”:1729290885.0608947,“logger”:“tls.cache.maintenance”,“msg”:“started background certificate maintenance”,“cache”:“0xc000659700”}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“info”,“ts”:1729290885.0612366,“logger”:“http.auto_https”,“msg”:“server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS”,“server_name”:“srv0”,“https_port”:443}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“info”,“ts”:1729290885.0613918,“logger”:“http.auto_https”,“msg”:“enabling automatic HTTP->HTTPS redirects”,“server_name”:“srv0”}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“debug”,“ts”:1729290885.0615776,“logger”:“http.auto_https”,“msg”:“adjusted config”,“tls”:{“automation”:{“policies”:[{“subjects”:[“portainer.harkirtanshomelab.com”,“immich.harkirtanshomelab.com”]},{}]}},“http”:{“servers”:{“remaining_auto_https_redirects”:{“listen”:[“:80”],“routes”:[{},{}]},“srv0”:{“listen”:[“:443”],“routes”:[{“handle”:[{“handler”:“subroute”,“routes”:[{“handle”:[{“handler”:“reverse_proxy”,“transport”:{“protocol”:“http”,“tls”:{}},“upstreams”:[{“dial”:“100.65.139.106:9443”}]}]}]}],“terminal”:true},{“handle”:[{“handler”:“subroute”,“routes”:[{“handle”:[{“handler”:“reverse_proxy”,“upstreams”:[{“dial”:“100.106.156.82:2283”}]}]}]}],“terminal”:true}],“tls_connection_policies”:[{}],“automatic_https”:{}}}}}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“info”,“ts”:1729290885.062492,“logger”:“http”,“msg”:“enabling HTTP/3 listener”,“addr”:“:443”}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“debug”,“ts”:1729290885.063236,“logger”:“http”,“msg”:“starting server loop”,“address”:“[::]:443”,“tls”:true,“http3”:true}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“info”,“ts”:1729290885.0661504,“logger”:“http.log”,“msg”:“server running”,“name”:“srv0”,“protocols”:[“h1”,“h2”,“h3”]}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“debug”,“ts”:1729290885.0664446,“logger”:“http”,“msg”:“starting server loop”,“address”:“[::]:80”,“tls”:false,“http3”:false}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“info”,“ts”:1729290885.066845,“logger”:“http.log”,“msg”:“server running”,“name”:“remaining_auto_https_redirects”,“protocols”:[“h1”,“h2”,“h3”]}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“info”,“ts”:1729290885.0669625,“logger”:“http”,“msg”:“enabling automatic TLS certificate management”,“domains”:[“portainer.harkirtanshomelab.com”,“immich.harkirtanshomelab.com”]}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“debug”,“ts”:1729290885.0695124,“logger”:“tls.cache”,“msg”:“added certificate to cache”,“subjects”:[“portainer.harkirtanshomelab.com”],“expiration”:1737062691,“managed”:true,“issuer_key”:“acme-v02.api.letsencrypt.org-directory”,“hash”:“c822cff1ae9a1289a8058d2aafbdeffa7684909f85ebbdffeba8ca2197f61863”,“cache_size”:1,“cache_capacity”:10000}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“debug”,“ts”:1729290885.0695915,“logger”:“events”,“msg”:“event”,“name”:“cached_managed_cert”,“id”:“effdfdc4-ecbd-4a70-8053-a826a9b71eba”,“origin”:“tls”,“data”:{“sans”:[“portainer.harkirtanshomelab.com”]}}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“info”,“ts”:1729290885.070595,“logger”:“tls”,“msg”:“storage cleaning happened too recently; skipping for now”,“storage”:“FileStorage:/var/lib/caddy/.local/share/caddy”,“instance”:“fd047840-57fa-425a-b0bf-91e5000a729b”,“try_again”:1729377285.0705922,“try_again_in”:86399.999999079}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“info”,“ts”:1729290885.0708666,“logger”:“tls”,“msg”:“finished cleaning storage units”}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“debug”,“ts”:1729290885.071842,“logger”:“tls.cache”,“msg”:“added certificate to cache”,“subjects”:[“immich.harkirtanshomelab.com”],“expiration”:1737061972,“managed”:true,“issuer_key”:“acme-v02.api.letsencrypt.org-directory”,“hash”:“fc1af603f777ec03a72e25e8addf899343d0dc0a0bfe66876a70716960b2de53”,“cache_size”:2,“cache_capacity”:10000}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“debug”,“ts”:1729290885.0720282,“logger”:“events”,“msg”:“event”,“name”:“cached_managed_cert”,“id”:“d197820f-b972-4fd9-8009-6283dae505dd”,“origin”:“tls”,“data”:{“sans”:[“immich.harkirtanshomelab.com”]}}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“info”,“ts”:1729290885.07242,“msg”:“autosaved config (load with --resume flag)”,“file”:“/var/lib/caddy/.config/caddy/autosave.json”}
Oct 18 16:34:45 tfr-pogtop caddy[166153]: {“level”:“info”,“ts”:1729290885.072667,“msg”:“serving initial configuration”}
Oct 18 16:34:45 tfr-pogtop systemd[1]: Started caddy.service - Caddy.

There’s no error in those logs. That’s not an answer to that question. You haven’t shown any evidence of an actual problem. Explain. Use words. Don’t just paste things blindly.

Please use code blocks, not quotes, for logs and config. Use the </> button to help you.

I’m so sorry for the nobbiness. Please don’t mind me. Love the fellow canadian’s passive aggressiveness btw.

Anyway, I have a domain name registered with cloudflare that I want to use to reach out my services in my homelab i.e. immich, portainer etc.

The problem is I have set it up following the instructions and whenever I use the web address, it doesn’t connect as webpage (screenshot below). I want to know what am I doing wrong. Why my custom domain name doesn’t point to my local machine for instance, https://immich.harkirtanshomelab.com should point to my local tailscale address.

Let me know if you need some more words.

Screenshot 2024-10-18 2057191831×1219 52.9 KB

So, to follow my example from earlier:

1. You tried to navigate to immich.harkirtanshomelab.com
2. You expected to connect to Caddy
3. Instead, your browser couldn’t find the website

So, lets explore that a little. I note that immich.harkirtanshomelab.com has no public DNS records, neither CNAME nor DNS. As a result, I get the same error in Firefox.

So the first thing to check is to make sure that your DNS is configured correctly. The address immich.harkirtanshomelab.com must resolve to an IP address in order for Firefox to even try to connect to it.

I used the dig command and the output was
(don’t mind the address, I have changed it accordingly)
it returns as a CNAME which should be it no?

; <<>> DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu <<>> immich.my.poglab.cc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46942
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;immich.my.poglab.cc.           IN      A

;; ANSWER SECTION:
immich.my.poglab.cc.    300     IN      CNAME   tfr-pogtop.goat-chromatic.ts.net.
tfr-pogtop.goat-chromatic.ts.net. 600 IN A      100.65.139.106

;; AUTHORITY SECTION:
ts.net.                 300     IN      SOA     ns1.dnsimple.com. admin.dnsimple.com. 1616829543 86400 7200 604800 300

;; Query time: 220 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Sat Oct 19 10:17:43 MDT 2024
;; MSG SIZE  rcvd: 168