1. Caddy version (caddy version
): 2
2. How I run Caddy:
a. System environment:
Inside a docker container on a raspberry pi 4.
b. Command:
N/A
c. Service/unit/compose file:
version: "3.7"
services:
caddy:
image: caddy
container_name: caddy
hostname: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
environment:
- MY_DOMAIN
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./data:/data
- ./config:/config
networks:
default:
external:
name: proxy
d. My complete Caddyfile or JSON config:
{
# testing
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
#make homer my homepage
{$MY_DOMAIN} {
reverse_proxy homer:6941
}
portainer.{$MY_DOMAIN} {
reverse_proxy portainer:9000
}
radarr.{$MY_DOMAIN} {
reverse_proxy radarr:7878
}
sonarr.{$MY_DOMAIN} {
reverse_proxy sonarr:8989
}
lidarr.{$MY_DOMAIN} {
reverse_proxy lidarr:8686
}
ombi.{$MY_DOMAIN} {
reverse_proxy ombi:3579
}
jellyfin.{$MY_DOMAIN} {
reverse_proxy jellyfin:8096
}
jackett.{$MY_DOMAIN} {
reverse_proxy mullvad:9117
}
qbittorrent.{$MY_DOMAIN} {
reverse_proxy mullvad:8080
}
bitwarden.{$MY_DOMAIN} {
encode gzip
header {
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
# Prevent search engines from indexing (optional)
X-Robots-Tag "none"
# Server name removing
-Server
}
# Notifications redirected to the websockets server
reverse_proxy /notifications/hub bitwarden:3012
# Proxy the Root directory to Rocket
reverse_proxy bitwarden:80
}
3. The problem I’m having:
I want to route certain container traffic (jackett and qbittorrent) through a vpn.
I have a wireguard container that is on the same network as caddy, and it connect to a mullvad sever. For those 2 containers I use network_mode: container:mullvad as the network.
It appears as though caddy correctly sees those 2 containers, but when I go to the actual address I get this: HTTP ERROR 502.
I have the relevant error logs posted below.
4. Error messages and/or full log output:
{"level":"error","ts":1600277313.0205107,"logger":"http.log.error","msg":"dial tcp 192.168.80.2:9117: i/o timeout","request":{"method":"GET","uri":"/UI/Dashboard","proto":"HTTP/2.0","remote_addr":"<my public ip>:44672","host":"jackett.rypi.software","headers":{"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Accept-Language":["en-US,en;q=0.9"],"Cookie":["Jackett=CfDJ8KbBTytGR8NNsWSsHP4qUiycGDNo5Kw2pjx29gHYf2C8xL2YA_VTv3_BMkVMNYfJipSUmZcm8XD34Zx4juPRRjCsU9IncCIvL3MB79Cirj2zEBULKNWaW-ff5n-3jp1gPMl4Ys1tCkUDFdD2JE90AR6RK7vgfbQfgdFHUsgva0cUBijJIyIJVi_nI0YeRvh7-JAwAFW50jBmpgYxtcvUGX5nex2w7qAvl_pp8A9pfiMfaFN8zJpjxAevq1gtysI752Xo_5R4i3csBwkVMMzTSZ5gkpfWRre3SeuORYQzJfDbiipC1ZQetlfALQgqwY1s2tOvSaO-YElyPG5guYjsTAY"],"Dnt":["1"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"ciphersuite":4867,"proto":"h2","proto_mutual":true,"server_name":"jackett.rypi.software"}},"duration":10.001932598,"status":502,"err_id":"jfvrgzf3r","err_trace":"reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:411)"}
5. What I already tried:
I have researched possible solutions on these forums and using a search engine, but have not been able to find a solution.
I have done a lot of tweaking the network and hostnames and such, but I am pretty confident that the vpn connects correctly to the server, the containers are connected to the vpn, and that caddy can see the containers. The problem seems to lie with caddy interacting with the vpn, I just dont know where to go from here.
This post seems to be a similar error to mine, but went unsolved so I don’t know if @The_Spartan ever found a solution.