1. Output of caddy version
:
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
rainee@viperhome:~$ caddy version
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
2. How I run Caddy:
built from xcaddy/from source with cloudflare and docker plugins
a. System environment:
Ubuntu 22.04.1 LTS x86_64
b. Command:
I run it through docker using a docker compose file using the latest version of the caddy image
Paste command here.
c. Service/unit/compose file:
version: "3"
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
# line above must be uncommented to allow external containers to connect. See https://github.com/qdm12/gluetun/wiki/Connect-a-container-to-gluetun#external-container-to-gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
- 6881:6881
- 6881:6881/udp
- 5801:5800
- 8112:8112
- 58846:58846
- 58946:58946
volumes:
- /home/rainee/config/gluetun:/gluetun
environment:
# See https://github.com/qdm12/gluetun/wiki
- VPN_SERVICE_PROVIDER=mullvad
- VPN_TYPE=wireguard
- SHADOWSOCKS=on
- SHADOWSOCKS_LOG=on
- SHADOWSOCKS_PASSWORD=n7ohc0euXF5X
# Wireguard:
- WIREGUARD_PRIVATE_KEY=2PRZ7aSR9WB3zoesG5jX14w/1S4zwb7RTR7MyiTbEVM=
- WIREGUARD_ADDRESSES=10.66.232.25/32,fc00:bbbb:bbbb:bb01::3:e818/128
- SERVER_HOSTNAMES=nl3-wireguard
- TZ=America/Los_Angeles
# Firewall
- FIREWALL_OUTBOUND_SUBNETS=192.168.1.0/24
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
jdownloader-2:
image: jlesage/jdownloader-2
container_name: jdownloader2
network_mode: "service:gluetun"
volumes:
- "/home/rainee/config/jdownloader-2:/config:rw"
- "/mnt/skycloud/downloads:/output:rw"
fenrus:
image: revenz/fenrus
container_name: fenrus
environment:
- TZ=America/Los_Angeles
volumes:
- /home/rainee/config/fenrus:/app/data
- /home/rainee/config/fenrus/images:/app/wwwroot/images
ports:
- 3000:3000
restart: unless-stopped
deluge:
image: lscr.io/linuxserver/deluge:latest
container_name: deluge
network_mode: "service:gluetun"
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles
- DELUGE_LOGLEVEL=error
volumes:
- /home/rainee/config/deluge:/config
- /mnt/skycloud/downloads:/downloads
- /mnt/skycloud/data/torrent:/data/torrents
metube:
image: alexta69/metube
container_name: metube
restart: unless-stopped
ports:
- "8081:8081"
volumes:
- /mnt/skycloud/downloads:/downloads
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
expose:
- "3012"
- "8080"
environment:
WEBSOCKET_ENABLED: "true"
ADMIN_TOKEN: "2GrYOZ3nxUkj7T2upxN+qfQJu8NYEMyPOQb+55/CnwZQnhREbJhKEHdOwvFw8Qg9"
YUBICO_CLIENT_ID: "77694"
YUBICO_SECRET_KEY: "BOX4KvVg87DhuVa+qmwXXaiS81M="
ROCKET_PORT: 8080
volumes:
- /home/rainee/config/bitwarden/bw-data:/data
shoko_server:
container_name: shokoserver
image: shokoanime/server:latest
restart: always
environment:
- "PUID=1000"
- "PGID=1000"
- "TZ=America/Los_Angeles"
ports:
- "8111:8111"
volumes:
- "/home/rainee/config/shoko-config:/home/shoko/.shoko"
- "/mnt/skycloud/data/media/anime:/mnt/anime"
- "/mnt/skycloud/downloads:/mnt/import"
deemix:
image: registry.gitlab.com/bockiii/deemix-docker
container_name: Deemix
volumes:
- /mnt/skycloud/data/media/music:/downloads
- /home/rainee/config/deemix:/config
environment:
- PUID=1000
- PGID=1000
- UMASK_SET=022
- DEEMIX_SINGLE_USER=true
ports:
- 6595:6595
caddy:
image: caddy:2
container_name: caddy
restart: always
ports:
- 80:80
- 443:443
volumes:
- ./caddy:/usr/bin/caddy # Your custom build of Caddy.
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- /home/rainee/config/caddyconfig/caddy-config:/config
- /home/rainee/config/caddyconfig/caddy-data:/data
environment:
DOMAIN: "https://viperhome.skye.moe" # Your domain.
EMAIL: "raineeinguki@proton.me" # The email address to use for ACME registration.
LOG_FILE: "/data/access.log"
network_mode: "host"
headscale:
container_name: headscale
image: headscale/headscale:latest-alpine
restart: unless-stopped
# ports:
# - 8080:8080
volumes:
- /home/rainee/config/headscale/config:/etc/headscale
- /home/rainee/config/headscale/data:/var/lib/headscale
entrypoint: headscale serve
networks:
reverseproxy-nw:
headscale-ui:
container_name: headscale-ui
image: ghcr.io/gurucomputing/headscale-ui:latest
restart: unless-stopped
networks:
reverseproxy-nw:
firezone:
image: firezone/firezone
ports:
- 51820:51820/udp
env_file:
# This should contain a list of env vars for configuring Firezone.
# See https://docs.firezone.dev/reference/env-vars for more info.
- ${FZ_INSTALL_DIR:-.}/.env
volumes:
# IMPORTANT: Persists WireGuard private key and other data. If
# /var/firezone/private_key exists when Firezone starts, it is
# used as the WireGuard private. Otherwise, one is generated.
- ${FZ_INSTALL_DIR:-.}/firezone:/var/firezone
cap_add:
# Needed for WireGuard and firewall support.
- NET_ADMIN
- SYS_MODULE
sysctls:
# Needed for masquerading and NAT.
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv4.ip_forward=1
- net.ipv6.conf.all.forwarding=1
depends_on:
- postgres
networks:
firezone-network:
ipv4_address: 172.25.0.100
postgres:
image: postgres:15
volumes:
- postgres-data:/var/lib/postgresql/data
environment:
POSTGRES_DB: ${DATABASE_NAME:-firezone}
POSTGRES_USER: ${DATABASE_USER:-postgres}
POSTGRES_PASSWORD: ${DATABASE_PASSWORD:?err}
networks:
- firezone-network
# Postgres needs a named volume to prevent perms issues on non-linux platforms
volumes:
postgres-data:
networks:
reverseproxy-nw:
external: true
firezone-network:
driver: bridge
ipam:
config:
- subnet: 172.25.0.0/16
d. My complete Caddy config:
version: "3"
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
# line above must be uncommented to allow external containers to connect. See https://github.com/qdm12/gluetun/wiki/Connect-a-container-to-gluetun#external-container-to-gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
- 6881:6881
- 6881:6881/udp
- 5801:5800
- 8112:8112
- 58846:58846
- 58946:58946
volumes:
- /home/rainee/config/gluetun:/gluetun
environment:
# See https://github.com/qdm12/gluetun/wiki
- VPN_SERVICE_PROVIDER=mullvad
- VPN_TYPE=wireguard
- SHADOWSOCKS=on
- SHADOWSOCKS_LOG=on
- SHADOWSOCKS_PASSWORD=
# Wireguard:
- WIREGUARD_PRIVATE_KEY=
- WIREGUARD_ADDRESSES=
- SERVER_HOSTNAMES=
- TZ=America/Los_Angeles
# Firewall
- FIREWALL_OUTBOUND_SUBNETS=192.168.1.0/24
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
jdownloader-2:
image: jlesage/jdownloader-2
container_name: jdownloader2
network_mode: "service:gluetun"
volumes:
- "/home/rainee/config/jdownloader-2:/config:rw"
- "/mnt/skycloud/downloads:/output:rw"
fenrus:
image: revenz/fenrus
container_name: fenrus
environment:
- TZ=America/Los_Angeles
volumes:
- /home/rainee/config/fenrus:/app/data
- /home/rainee/config/fenrus/images:/app/wwwroot/images
ports:
- 3000:3000
restart: unless-stopped
deluge:
image: lscr.io/linuxserver/deluge:latest
container_name: deluge
network_mode: "service:gluetun"
environment:
- PUID=1000
- PGID=1000
- TZ=America/Los_Angeles
- DELUGE_LOGLEVEL=error
volumes:
- /home/rainee/config/deluge:/config
- /mnt/skycloud/downloads:/downloads
- /mnt/skycloud/data/torrent:/data/torrents
metube:
image: alexta69/metube
container_name: metube
restart: unless-stopped
ports:
- "8081:8081"
volumes:
- /mnt/skycloud/downloads:/downloads
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
WEBSOCKET_ENABLED: "true"
ADMIN_TOKEN: ""
YUBICO_CLIENT_ID: ""
YUBICO_SECRET_KEY: ""
ROCKET_PORT: 8080
volumes:
- /home/rainee/config/bitwarden/bw-data:/data
shoko_server:
container_name: shokoserver
image: shokoanime/server:latest
restart: always
environment:
- "PUID=1000"
- "PGID=1000"
- "TZ=America/Los_Angeles"
ports:
- "8111:8111"
volumes:
- "/home/rainee/config/shoko-config:/home/shoko/.shoko"
- "/mnt/skycloud/data/media/anime:/mnt/anime"
- "/mnt/skycloud/downloads:/mnt/import"
deemix:
image: registry.gitlab.com/bockiii/deemix-docker
container_name: Deemix
volumes:
- /mnt/skycloud/data/media/music:/downloads
- /home/rainee/config/deemix:/config
environment:
- PUID=1000
- PGID=1000
- UMASK_SET=022
- DEEMIX_SINGLE_USER=true
ports:
- 6595:6595
caddy:
image: caddy:2
container_name: caddy
restart: always
ports:
- 80:80
- 443:443
volumes:
- ./caddy:/usr/bin/caddy # Your custom build of Caddy.
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- /home/rainee/config/caddyconfig/caddy-config:/config
- /home/rainee/config/caddyconfig/caddy-data:/data
environment:
DOMAIN: "" # Your domain.
EMAIL: "@" # The email address to use for ACME registration.
LOG_FILE: "/data/access.log"
network_mode: "host"
headscale:
container_name: headscale
image: headscale/headscale:latest-alpine
restart: unless-stopped
# ports:
# - 8080:8080
volumes:
- /home/rainee/config/headscale/config:/etc/headscale
- /home/rainee/config/headscale/data:/var/lib/headscale
entrypoint: headscale serve
networks:
reverseproxy-nw:
headscale-ui:
container_name: headscale-ui
image: ghcr.io/gurucomputing/headscale-ui:latest
restart: unless-stopped
networks:
reverseproxy-nw:
firezone:
image: firezone/firezone
ports:
- 51820:51820/udp
env_file:
# This should contain a list of env vars for configuring Firezone.
# See https://docs.firezone.dev/reference/env-vars for more info.
- ${FZ_INSTALL_DIR:-.}/.env
volumes:
# IMPORTANT: Persists WireGuard private key and other data. If
# /var/firezone/private_key exists when Firezone starts, it is
# used as the WireGuard private. Otherwise, one is generated.
- ${FZ_INSTALL_DIR:-.}/firezone:/var/firezone
cap_add:
# Needed for WireGuard and firewall support.
- NET_ADMIN
- SYS_MODULE
sysctls:
# Needed for masquerading and NAT.
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv4.ip_forward=1
- net.ipv6.conf.all.forwarding=1
depends_on:
- postgres
networks:
firezone-network:
ipv4_address: 172.25.0.100
postgres:
image: postgres:15
volumes:
- postgres-data:/var/lib/postgresql/data
environment:
POSTGRES_DB: ${DATABASE_NAME:-firezone}
POSTGRES_USER: ${DATABASE_USER:-postgres}
POSTGRES_PASSWORD: ${DATABASE_PASSWORD:?err}
networks:
- firezone-network
# Postgres needs a named volume to prevent perms issues on non-linux platforms
volumes:
postgres-data:
networks:
reverseproxy-nw:
external: true
firezone-network:
driver: bridge
ipam:
config:
- subnet: 172.25.0.0/16
3. The problem I’m having:
* Trying 192.168.1.21:80...
* Connected to viperhome.skye.moe (192.168.1.21) port 80 (#0)
> GET / HTTP/1.1
> Host: viperhome.skye.moe
> User-Agent: curl/7.81.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://viperhome.skye.moe/
< Server: Caddy
< Date: Tue, 29 Nov 2022 11:45:51 GMT
< Content-Length: 0
<
* Closing connection 0
4. Error messages and/or full log output:
{"level":"error","ts":1669721245.8633182,"logger":"http.log.error","msg":"dial tcp: lookup vaultwarden on 127.0.0.53:53: server misbehaving","request":{"remote_ip":"192.168.1.124","remote_port":"32667","proto":"HTTP/2.0","method":"POST","host":"viperhome.skye.moe","uri":"/identity/connect/token","headers":{"Bitwarden-Client-Name":["browser"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"],"Accept-Language":["en-US,en;q=0.9"],"Accept":["application/json"],"Bitwarden-Client-Version":["2022.10.1"],"Sec-Gpc":["1"],"Accept-Encoding":["gzip, deflate, br"],"Device-Type":["2"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Site":["none"],"Content-Length":["151"],"Content-Type":["application/x-www-form-urlencoded; charset=utf-8"],"Origin":["chrome-extension://nngceckbapebfimnlniiiahkandclblb"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"domain.1"}},"duration":0.005867847,"status":502,"err_id":"r67eimsxx","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"} {"level":"error","ts":1669722548.828256,"logger":"http.log.error","msg":"dial tcp: lookup vaultwarden on 127.0.0.53:53: server misbehaving","request":{"remote_ip":"192.168.1.124","remote_port":"33816","proto":"HTTP/2.0","method":"GET","host":"viperhome.skye.moe","uri":"/","headers":{"Cache-Control":["max-age=0"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"],"Sec-Fetch-Mode":["navigate"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Gpc":["1"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Site":["cross-site"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":true,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"viperhome.skye.moe"}},"duration":0.010308856,"status":502,"err_id":"hrsyeek13","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
{"level":"error","ts":1669722548.8633273,"logger":"http.log.error","msg":"dial tcp: lookup vaultwarden on 127.0.0.53:53: server misbehaving","request":{"remote_ip":"192.168.1.124","remote_port":"33816","proto":"HTTP/2.0","method":"GET","host":"viperhome.skye.moe","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"],"Sec-Fetch-Site":["cross-site"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br"],"Cache-Control":["max-age=0"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Gpc":["1"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":true,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"viperhome.skye.moe"}},"duration":0.0042642,"status":502,"err_id":"mk3ddwkd6","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}"
5. What I already tried:
I’ve gone from editing the caddyfile to docker container/compose file to restarting both containers and seeing what would happen if I only ran with both of them nothing I could figure out please let me know if I am missing any other info to put into this template and I will do my best to provide it
Thank you for helping this dead brained person here on trying to figure out what might be a simple solution