I’m trying to move from Nginx Proxy Manager to Caddy to access local services in my network using FQDN. I purchased my domain through Cloudflare and have set up an edge SSL certificate (unsure if needed). I set up the cloudflare module, got my API key and Caddy is able to obtain a certificate for my domain.
The issue is when I access a site I get “too many redirects”. I checked in the browser network panel and they are 301 permanently moved redirects.
2. Error messages and/or full log output:
Request URL:
https://pve.smoochii.dev/
Request Method:
GET
Status Code:
301 Moved Permanently
Remote Address:
192.168.1.13:443
Referrer Policy:
strict-origin-when-cross-origin
Can you do a curl -vL on your site so that we can see what’s going on?
Maybe enable debug global option (the details should be in the post template you filled out, or at Global options (Caddyfile) — Caddy Documentation) and post the roundtrip information Caddy puts out, too.
Those should narrow down where the redirect loop is happening so it can be addressed.
Hi @Whitestrake, I think this might have to do with the fact that proxmox URL is not https. I remember when I set this up in nginx proxy manager I had to specify http and not https.
Here is the output from the curl:
❯ curl -vL pve.smoochii.dev
* Host pve.smoochii.dev:80 was resolved.
* IPv6: (none)
* IPv4: 192.168.1.13
* Trying 192.168.1.13:80...
* Connected to pve.smoochii.dev (192.168.1.13) port 80
> GET / HTTP/1.1
> Host: pve.smoochii.dev
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://pve.smoochii.dev/
< Server: Caddy
< Date: Tue, 08 Oct 2024 14:07:09 GMT
< Content-Length: 0
<
* Closing connection
* Clear auth, redirects to port from 80 to 443
* Issue another request to this URL: 'https://pve.smoochii.dev/'
* Host pve.smoochii.dev:443 was resolved.
* IPv6: (none)
* IPv4: 192.168.1.13
* Trying 192.168.1.13:443...
* Connected to pve.smoochii.dev (192.168.1.13) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
* subject: CN=pve.smoochii.dev
* start date: Oct 7 17:24:44 2024 GMT
* expire date: Jan 5 17:24:43 2025 GMT
* subjectAltName: host "pve.smoochii.dev" matched cert's "pve.smoochii.dev"
* issuer: C=US; O=Let's Encrypt; CN=E6
* SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://pve.smoochii.dev/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: pve.smoochii.dev]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: pve.smoochii.dev
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/2 301
< alt-svc: h3=":443"; ma=2592000
< cache-control: max-age=0
< date: Tue, 08 Oct 2024 14:07:09 GMT
< expires: Tue, 08 Oct 2024 14:07:09 GMT
< location: https://pve.smoochii.dev/
< pragma: no-cache
< server: Caddy
< server: pve-api-daemon/3.0
<
* Ignoring the response-body
* Connection #1 to host pve.smoochii.dev left intact
* Issue another request to this URL: 'https://pve.smoochii.dev/'
* Found bundle for host: 0x600000c08030 [can multiplex]
* Re-using existing connection with host pve.smoochii.dev
* [HTTP/2] [3] OPENED stream for https://pve.smoochii.dev/
* [HTTP/2] [3] [:method: GET]
* [HTTP/2] [3] [:scheme: https]
* [HTTP/2] [3] [:authority: pve.smoochii.dev]
* [HTTP/2] [3] [:path: /]
* [HTTP/2] [3] [user-agent: curl/8.7.1]
* [HTTP/2] [3] [accept: */*]
> GET / HTTP/2
> Host: pve.smoochii.dev
> User-Agent: curl/8.7.1
> Accept: */*
>
I also tried adding this to my Caddyfile but it didn’t seem to do anything.
reverse_proxy 192.168.1.181:8006 {
transport http {
tls_insecure_skip_verify
}
}
Other URLs that actually use https, vaultwarden, for example, seem to work fine.
Weird… I moved my Caddyfile from root’s home directory to /etc/caddy and now it works . I only did this so I could SSH using my own user to edit the file.
Maybe the config update didn’t take the first time and moving the Caddyfile and restarting Caddy from it actually put it on the right config? Only thing I can think of to explain that one.
For what it’s worth, you can give your Cloudflare API key to Proxmox itself to get its own HTTPS cert valid.
I do that myself and then have Caddy simply latch on to the Proxmox cert, purely to have the web UI on standard ports, I wrote about it here:
Thanks for this information. I actually learned today that I just had it set up completely wrong and it was only working temporarily when I manually ran caddy start. I had to modify the service file to pass the api key into the environment and then it started working.
I will check out what you wrote there. I’m not overly familiar with proxmox, just hosting a few containers on it for right now.
. I only did this so I could SSH using my own user to edit the file.