I see a CNAME on immich.my.poglab.cc but your browser shows you trying to connect to immich.harkirtanshomelab.com. The former should work, the latter wouldn’t.
Try curl -vL on your address.
1 Like
Sorry for the confusion. I have mentioned in the last reply that my setup has changed. I have updated the screenshot. Here is the output for curl -vL
root@tfr-pogtop:~# curl -vL immich.my.poglab.cc
* Host immich.my.poglab.cc:80 was resolved.
* IPv6: (none)
* IPv4: 100.65.139.106
* Trying 100.65.139.106:80...
* Connected to immich.my.poglab.cc (100.65.139.106) port 80
> GET / HTTP/1.1
> Host: immich.my.poglab.cc
> User-Agent: curl/8.5.0
> Accept: */*
>
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://immich.my.poglab.cc/
< Server: Caddy
< Date: Sat, 19 Oct 2024 16:36:45 GMT
< Content-Length: 0
<
* Closing connection
* Clear auth, redirects to port from 80 to 443
* Issue another request to this URL: 'https://immich.my.poglab.cc/'
* Host immich.my.poglab.cc:443 was resolved.
* IPv6: (none)
* IPv4: 100.65.139.106
* Trying 100.65.139.106:443...
* Connected to immich.my.poglab.cc (100.65.139.106) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
* subject: CN=immich.my.poglab.cc
* start date: Oct 19 06:05:25 2024 GMT
* expire date: Jan 17 06:05:24 2025 GMT
* subjectAltName: host "immich.my.poglab.cc" matched cert's "immich.my.poglab.cc"
* issuer: C=US; O=Let's Encrypt; CN=E6
* SSL certificate verify ok.
* Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://immich.my.poglab.cc/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: immich.my.poglab.cc]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: immich.my.poglab.cc
> User-Agent: curl/8.5.0
> Accept: */*
>
< HTTP/2 200
< alt-svc: h3=":443"; ma=2592000
< cache-control: no-store
< content-type: text/html; charset=utf-8
< date: Sat, 19 Oct 2024 16:36:45 GMT
< etag: "189a-HzBX0avj5gpXmOCdh2S3+vXC3OU"
< server: Caddy
< x-powered-by: Express
< content-length: 6298
<
<!doctype html>
<html>
<head>
<!-- (used for SSR) -->
<!-- metadata:tags -->
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16.png" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32.png" />
<link rel="icon" type="image/png" sizes="48x48" href="/favicon-48.png" />
<link rel="icon" type="image/png" sizes="96x96" href="/favicon-96.png" />
<link rel="icon" type="image/png" sizes="144x144" href="/favicon-144.png" />
<link rel="apple-touch-icon" sizes="180x180" href="/apple-icon-180.png" />
<link rel="preload" as="font" type="font/ttf" href="/_app/immutable/assets/Overpass.DCP28BvT.ttf" crossorigin="anonymous" />
<link rel="preload" as="font" type="font/ttf" href="/_app/immutable/assets/OverpassMono.XkUhFDDw.ttf" crossorigin="anonymous" />
<link rel="modulepreload" href="/_app/immutable/entry/start.C4vuz8EH.js">
<link rel="modulepreload" href="/_app/immutable/chunks/entry.DgYIZSgS.js">
<link rel="modulepreload" href="/_app/immutable/chunks/scheduler.7z7EQB7W.js">
<link rel="modulepreload" href="/_app/immutable/chunks/control.CYgJF_JY.js">
<link rel="modulepreload" href="/_app/immutable/entry/app.CEsa3Nc4.js">
<link rel="modulepreload" href="/_app/immutable/chunks/preload-helper.C1FmrZbK.js">
<link rel="modulepreload" href="/_app/immutable/chunks/fetch-client.Cr96I8Qt.js">
<link rel="modulepreload" href="/_app/immutable/chunks/fetch-errors.CEVjoig5.js">
<link rel="modulepreload" href="/_app/immutable/chunks/index.DoTFCMjV.js">
<style>
/* prevent FOUC */
html {
height: 100%;
width: 100%;
}
body,
html {
margin: 0;
padding: 0;
}
@keyframes delayedVisibility {
to {
visibility: visible;
}
}
@keyframes loadspin {
100% {
transform: rotate(360deg);
}
}
#stencil {
--stencil-width: 150px;
display: flex;
width: var(--stencil-width);
margin-left: auto;
margin-right: auto;
margin-top: calc(50vh - var(--stencil-width) / 2);
margin-bottom: 100vh;
place-items: center;
justify-content: center;
overflow: hidden;
visibility: hidden;
animation:
0s linear 0.3s forwards delayedVisibility,
loadspin 8s linear infinite;
}
.bg-immich-bg {
background-color: white;
}
.dark .dark\:bg-immich-dark-bg {
background-color: black;
}
</style>
<script>
/**
* Prevent FOUC on page load.
*/
const colorThemeKeyName = 'color-theme';
let theme = localStorage.getItem(colorThemeKeyName);
if (!theme) {
theme = { value: 'light', system: true };
} else if (theme === 'dark' || theme === 'light') {
theme = { value: theme, system: false };
localStorage.setItem(colorThemeKeyName, JSON.stringify(theme));
} else {
theme = JSON.parse(theme);
}
let themeValue = theme.value;
if (theme.system) {
if (window.matchMedia('(prefers-color-scheme: dark)').matches) {
themeValue = 'dark';
} else {
themeValue = 'light';
}
}
if (themeValue === 'light') {
document.documentElement.classList.remove('dark');
} else {
document.documentElement.classList.add('dark');
}
</script>
<link rel="stylesheet" href="/custom.css" />
</head>
<body class="bg-immich-bg dark:bg-immich-dark-bg">
<div id="stencil">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 792 792">
<style type="text/css">
.st0 {
fill: #fa2921;
}
.st1 {
fill: #ed79b5;
}
.st2 {
fill: #ffb400;
}
.st3 {
fill: #1e83f7;
}
.st4 {
fill: #18c249;
}
</style>
<g>
<path
class="st0"
d="M375.48,267.63c38.64,34.21,69.78,70.87,89.82,105.42c34.42-61.56,57.42-134.71,57.71-181.3
c0-0.33,0-0.63,0-0.91c0-68.94-68.77-95.77-128.01-95.77s-128.01,26.83-128.01,95.77c0,0.94,0,2.2,0,3.72
C300.01,209.24,339.15,235.47,375.48,267.63z"
/>
<path
class="st1"
d="M164.7,455.63c24.15-26.87,61.2-55.99,103.01-80.61c44.48-26.18,88.97-44.47,128.02-52.84
c-47.91-51.76-110.37-96.24-154.6-110.91c-0.31-0.1-0.6-0.19-0.86-0.28c-65.57-21.3-112.34,35.81-130.64,92.15
c-18.3,56.34-14.04,130.04,51.53,151.34C162.05,454.77,163.25,455.16,164.7,455.63z"
/>
<path
class="st2"
d="M681.07,302.19c-18.3-56.34-65.07-113.45-130.64-92.15c-0.9,0.29-2.1,0.68-3.54,1.15
c-3.75,35.93-16.6,81.27-35.96,125.76c-20.59,47.32-45.84,88.27-72.51,118c69.18,13.72,145.86,12.98,190.26-1.14
c0.31-0.1,0.6-0.2,0.86-0.28C695.11,432.22,699.37,358.52,681.07,302.19z"
/>
<path
class="st3"
d="M336.54,510.71c-11.15-50.39-14.8-98.36-10.7-138.08c-64.03,29.57-125.63,75.23-153.26,112.76
c-0.19,0.26-0.37,0.51-0.53,0.73c-40.52,55.78-0.66,117.91,47.27,152.72c47.92,34.82,119.33,53.54,159.86-2.24
c0.56-0.76,1.3-1.78,2.19-3.01C363.28,602.32,347.02,558.08,336.54,510.71z"
/>
<path
class="st4"
d="M617.57,482.52c-35.33,7.54-82.42,9.33-130.72,4.66c-51.37-4.96-98.11-16.32-134.63-32.5
c8.33,70.03,32.73,142.73,59.88,180.6c0.19,0.26,0.37,0.51,0.53,0.73c40.52,55.78,111.93,37.06,159.86,2.24
c47.92-34.82,87.79-96.95,47.27-152.72C619.2,484.77,618.46,483.75,617.57,482.52z"
/>
</g>
</svg>
</div>
<div>
<script>
{
__sveltekit_14i2lm9 = {
base: ""
};
const element = document.currentScript.parentElement;
Promise.all([
import("/_app/immutable/entry/start.C4vuz8EH.js"),
import("/_app/immutable/entry/app.CEsa3Nc4.js")
]).then(([kit, app]) => {
kit.start(app, element);
});
}
</script>
</div>
</body>
</html>
* Connection #1 to host immich.my.poglab.cc left intact
root@tfr-pogtop:~#
Hmm, curl works fine. It’s a browser-specific issue, possibly a Firefox-specific issue.
Can you try to browse to your ts.net address directly in Firefox and see if it can connect to that? (It should fail this too because Caddy won’t have a cert for your ts.net address and isn’t configured to serve it, but it should at least have a different error.) Can you try browse to the poglab.cc site in a different browser on the same computer, or on a different computer?
1 Like
Shouldn’t it be happening automatically on the backend as its a tailscale address? I read that in the documentation.
Not unless you tell Caddy you want to serve the ts.net address.
Caddy doesn’t make assumptions about what sites you want to serve, in case you specifically don’t want to serve the ts.net address.
I’m not sure. Like you demonstrated earlier, curl is working fine. Caddy is responding fine and gave you a HTML document so the reverse proxy is working fine. Everything’s A-OK on the server side.
It seems like Firefox and Brave on your computers aren’t following the CNAME for some reason. Maybe they’re using some other DNS resolution stack than the host? I don’t know, but it’s beyond the scope of Caddy being able to fix. It might be some nuance between Tailscale and your browsers, but as far as Caddy is concerned, everything’s going great on its end.
2 Likes
Hi @TrashForReal,
Here is some information on that error Ways to Fix the ‘PR_END_OF_FILE_ERROR’ in Firefox
This one is just because Firefox is connecting to Caddy with ts.net SNI and Caddy isn’t configured for the site so it ends the connection there, breaking HTTPS. It’s fine, expected in this case. Fix is to add the ts.net address to the list of site addresses or to use the actually-configured address (although using the CNAME’d address seems to be producing the DNS issues as noted above).
1 Like
This needs to be done on tailscale side?
Didn’t seem to fix the issue. Thank you tho!
1 Like
I’ll have to figure out the other parts of the equation then
Do I need to setup a DDNS which automatically changes my public IP on cloudflare DNS records?
In short, Tailscale itself does not consistently support CNAME records pointed to it’s own magic DNS names. It is notably broken on Windows which I assume is where your problem browsers are.
Your options are to use an A record pointing at your Tailnet IP for your server, or if you’re sharing the node out to other users (which changes the IP address for each user) you’ll simply need to abandon the custom domain and use the ts.net domain exclusively in Caddy and in your browser.
We can’t help you any further with this issue on these forums as it’s a Tailscale/Operating System/DNS resolution issue and not something Caddy can fix.
1 Like
Thank you so much! I hope some fix comes in the future. You can close this topic if you would like to.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.