1. Output of caddy version
:
v2.6.2
2. How I run Caddy:
a. System environment:
Docker / Portainer
b. Command:
Paste command here.
c. Service/unit/compose file:
Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane. -->
d. My complete Caddy config:
# 2022-12-22
(headersGlobal) {
X-Powered-By "Zogg"
Host {host}
X-Real-IP {host}
X-Forwarded-For {host}
-Server
-Via
}
(headersSecurity) {
Referrer-Policy "strict-origin-when-cross-origin"
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Permitted-Cross-Domain-Policies: "none"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
X-XSS-Protection 0
Permissions-Policy "fullscreen=(*), display-capture=(self), accelerometer=(), battery=(), camera=(), autoplay=(self), vibrate=(self), geolocation=(self), midi=(self), notifications=(*), push=(*), microphone=(self), magnetometer=(self), gyroscope=(self), payment=(self)"
Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss: https:"
}
(headersRobots) {
X-Robots-Tag "none,noarchive,nosnippet,notranslate,noimageindex"
}
(headersCaching) {
cache-Control "public, max-age=86400, s-maxage=86400, max-stale=3600, stale-while-revalidate=86400, stale-if-error=86400"
}
(common) {
encode zstd gzip
header {
import headersGlobal
import headersRobots
import headersCaching
import headersSecurity
defer
}
}
(pterodadctyl) {
encode zstd gzip
header {
import headersGlobal
import headersRobots
import headersCaching
import headersSecurity
Sec-Fetch-Site "cross-site"
X-Forwarded-Proto "https"
Access-Control-Allow-Headers "*,Authorization"
defer
}
}
(reverseProxy) {
trusted_proxies 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 104.24.0.0/14 172.64.0.0/13 131.0.72.0/22 2400:cb00::/32 2606:4700::/32 2803:f800::/32 2405:b500::/32 2405:8100::/32 2a06:98c0::/29 2c0f:f248::/32
transport http {
resolvers 192.168.50.202
keepalive_idle_conns 512
keepalive_idle_conns_per_host 256
}
}
{
order cache before rewrite
order rate_limit before basicauth
log {
level error
}
#debug
#log {
# level debug
#}
cache {
allowed_http_verbs GET HEAD OPTIONS
api {
souin {
security
}
}
cdn {
api_key {env.CF_DNS_API_TOKEN}
dynamic true
email {env.CF_API_EMAIL}
hostname zogg.fr
provider cloudflare
strategy soft
}
headers Content-Type Authorization
key {
disable_body
disable_host
disable_method
}
#log_level debug
log_level error
redis {
url 192.168.50.202:6379
}
default_cache_control no-store
}
admin off
acme_dns cloudflare {env.CF_DNS_API_TOKEN}
email {env.CF_API_EMAIL}
}
#
# zogg.fr
#
*.zogg.fr {
tls {
dns cloudflare {env.CF_DNS_API_TOKEN}
resolvers 1.1.1.1
}
header {
Host {upstream_hostport}
X-Forwarded-Proto {scheme}
X-Forwarded-For {host}
defer
}
rate_limit {
zone dynamic {
key {remote_host}
window 10s
events 256
}
}
# Varnish
#reverse_proxy 192.168.50.202:1080
#
# services
#
@drawio host drawio.zogg.fr
handle @drawio {
import common
cache
reverse_proxy 192.168.50.202:5022 {
import reverseProxy
}
}
@error host error.zogg.fr
handle @error {
import common
cache
#reverse_proxy 192.168.50.202:2080
reverse_proxy 192.168.50.202:1080 {
import reverseProxy
}
}
@firefly host firefly.zogg.fr
handle @firefly {
import common
reverse_proxy 192.168.50.202:6182 {
import reverseProxy
}
}
@grafana host grafana.zogg.fr
handle @grafana {
import common
cache
reverse_proxy 192.168.50.202:3000
}
@hastbin host hastbin.zogg.fr
handle @hastbin {
import common
reverse_proxy 192.168.50.202:7777 {
import reverseProxy
}
}
@homelab host homelab.zogg.fr
handle @homelab {
import common
reverse_proxy https://192.168.50.202:8006 {
import reverseProxy
transport http {
tls
tls_insecure_skip_verify
}
}
}
@infos host infos.zogg.fr
handle @infos {
import common
handle {
cache {
regex {
exclude .+ghost
}
}
#reverse_proxy 192.168.50.202:3001
reverse_proxy 192.168.50.202:1080 {
import reverseProxy
}
}
}
@invidious host invidious.zogg.fr
handle @invidious {
import common
reverse_proxy 192.168.50.202:4000
}
@matomo host matomo.zogg.fr
handle @matomo {
import common
reverse_proxy 192.168.50.202:8597 {
import reverseProxy
}
}
@matrix host matrix.zogg.fr
handle @matrix {
import common
header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin *
respond /.well-known/matrix/server `{"m.server": "matrix.zogg.fr:443"}`
respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://matrix.zogg.fr"}}`
reverse_proxy /_matrix/* 192.168.50.202:8008 {
import reverseProxy
}
reverse_proxy /_synapse/client/* 192.168.50.202:8008 {
import reverseProxy
}
}
@element host element.zogg.fr
handle @element {
import common
reverse_proxy 192.168.50.202:7080 {
import reverseProxy
}
}
@n8n host n8n.zogg.fr
handle @n8n {
import common
cache
reverse_proxy 192.168.50.202:5678 {
import reverseProxy
}
}
@paperless host paperless.zogg.fr
handle @paperless {
import common
cache
reverse_proxy 192.168.50.202:8777 {
import reverseProxy
}
}
@photoprism host photoprism.zogg.fr
handle @photoprism {
import common
cache
#reverse_proxy 192.168.50.202:2342
reverse_proxy 192.168.50.202:1080 {
import reverseProxy
}
}
@portainer host portainer.zogg.fr
handle @portainer {
import common
reverse_proxy 192.168.50.202:9000 {
import reverseProxy
}
}
@psitransfer host psitransfer.zogg.fr
handle @psitransfer {
import common
reverse_proxy 192.168.50.202:3377 {
import reverseProxy
}
}
@registry host registry.zogg.fr
handle @registry {
import common
reverse_proxy https://192.168.50.202:5443 {
import reverseProxy
transport http {
tls
tls_insecure_skip_verify
}
}
}
@searxng host searxng.zogg.fr
handle @searxng {
import common
reverse_proxy 192.168.50.202:8082 {
import reverseProxy
}
}
@services host services.zogg.fr
handle @services {
import common
cache
reverse_proxy 192.168.50.202:3552 {
import reverseProxy
}
}
@shlink host shlink.zogg.fr
handle @shlink {
import common
cache
reverse_proxy 192.168.50.202:5080 {
import reverseProxy
}
}
@l host l.zogg.fr
handle @l {
import common
reverse_proxy 192.168.50.202:5081 {
import reverseProxy
}
}
@sshwifty host sshwifty.zogg.fr
handle @sshwifty {
import common
handle_path /sshwifty/socket {
reverse_proxy 192.168.50.202:8182 {
import reverseProxy
}
}
handle {
reverse_proxy 192.168.50.202:8182 {
import reverseProxy
}
}
}
@vaultwarden host vaultwarden.zogg.fr
handle @vaultwarden {
import common
handle_path /notifications/hub {
reverse_proxy 192.168.50.202:7001 {
import reverseProxy
}
}
handle {
reverse_proxy 192.168.50.202:7000 {
import reverseProxy
}
}
}
@wbo host wbo.zogg.fr
handle @wbo {
import common
cache
reverse_proxy 192.168.50.202:11000 {
import reverseProxy
}
}
@webpdf host webpdf.zogg.fr
handle @webpdf {
import common
reverse_proxy 192.168.50.202:25568 {
import reverseProxy
}
}
@youtubedl host youtubedl.zogg.fr
handle @youtubedl {
import common
reverse_proxy 192.168.50.202:8998 {
import reverseProxy
}
}
#
# pannel
#
@clemambpap host clemambpap.zogg.fr
handle @clemambpap {
import common
cache
#reverse_proxy 192.168.50.203:2080
reverse_proxy 192.168.50.202:1080 {
import reverseProxy
}
}
@node host node.zogg.fr
handle @node {
import pterodadctyl
reverse_proxy 192.168.50.203:8181 {
import reverseProxy
}
}
@panel host panel.zogg.fr
handle @panel {
import pterodadctyl
reverse_proxy 192.168.50.203:8001 {
import reverseProxy
}
}
@stats-clemambpap host stats-clemambpap.zogg.fr
handle @stats-clemambpap {
import common
cache
reverse_proxy 192.168.50.203:27062 {
import reverseProxy
}
}
# fallback
handle {
abort
}
}
3. The problem I’m having:
Unable to log in Sshwifty and error in console.
4. Error messages and/or full log output:
Browser console log:
GET https://sshwifty.zogg.fr/sshwifty/socket/verify 403
5. What I already tried:
I’ve tried many settings in my config but I still get this issue.
I think something is broken in my setup…