SSL_ERROR_SYSCALL error on reverse proxy with cloudflare and tailscale

1. The problem I’m having:

I’ve setup Caddy on a server running Jellyfin and Tailscale. Following this video for help: https://www.youtube.com/watch?v=Vt4PDUXB_fg.

I’ve done the following:

  1. Custom build caddy using xcaddy with the cloudflare dns module
  2. Setup domain on cloudflare
  3. Setup Caddyfile (pasted below)
  4. Run caddy, all logs look fine

It worked for a moment… the page resolved. But something changed, and now I just get ERR_CONNECTION_CLOSED. The output of curl -vL https://jellyfin.media.keencloud.co.za is: curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to jellyfin.media.keencloud.co.za:443.

2. Error messages and/or full log output:

The caddy run output is:

2024/11/26 14:22:26.821	INFO	using config from file	{"file": "/etc/caddy/Caddyfile"}
2024/11/26 14:22:26.822	INFO	adapted config to JSON	{"adapter": "caddyfile"}
2024/11/26 14:22:26.825	INFO	admin	admin endpoint started	{"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/11/26 14:22:26.825	INFO	http.auto_https	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "srv0", "https_port": 443}
2024/11/26 14:22:26.825	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0xc0004ae780"}
2024/11/26 14:22:26.825	INFO	http.auto_https	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2024/11/26 14:22:26.825	INFO	http	enabling HTTP/3 listener	{"addr": ":443"}
2024/11/26 14:22:26.825	INFO	http.log	server running	{"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/11/26 14:22:26.826	INFO	http.log	server running	{"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/11/26 14:22:26.826	INFO	http	enabling automatic TLS certificate management	{"domains": ["jellyfin.media.keencloud.co.za"]}
2024/11/26 14:22:26.826	INFO	autosaved config (load with --resume flag)	{"file": "/root/.config/caddy/autosave.json"}
2024/11/26 14:22:26.826	INFO	serving initial configuration
2024/11/26 14:22:26.828	INFO	tls	storage cleaning happened too recently; skipping for now	{"storage": "FileStorage:/root/.local/share/caddy", "instance": "9c7613f6-0336-4eea-b4e9-7db2324662f2", "try_again": "2024/11/27 14:22:26.828", "try_again_in": 86399.999999624}
2024/11/26 14:22:26.828	INFO	tls	finished cleaning storage units

3. Caddy version:

v2.8.4

4. How I installed and ran Caddy:

I used xcaddy to build a custom caddy with the cloudflare dns module.

xcaddy build \
          --with github.com/caddy-dns/cloudflare

a. System environment:

OS: Linux Mint 22 x86_64
Host: MINI S
Kernel: 6.8.0-49-generic
CPU: Intel N100 (4) @ 3.400G
GPU: Intel Alder Lake-N [UHD
Memory: 4083MiB / 15772MiB

b. Command:

I run the xcaddy build with ./caddy run --config /etc/caddy/Caddyfile

c. Service/unit/compose file:

d. My complete Caddy config:

(cloudflare) {
    tls {
        dns cloudflare token
    }
}

# jellyfin
jellyfin.media.keencloud.co.za {
    reverse_proxy http://127.0.0.1:8096
    import cloudflare
}

5. Links to relevant resources:

Are you sure that’s all that’s in your logs? Please enable the debug global option. The error suggests you don’t have a valid TLS cert for Caddy to serve.

You should probably run Caddy as a systemd service.