Trying to reverse proxy with Jellyfin, unable to access via HTTPS

tranquilo · June 1, 2021, 11:41pm

1. Caddy version (`caddy version`):

v2.4.1 h1:kAJ0JB5Xk5gPdTH/27S5cyoMGqD5lBAe9yZ8zTjVJa0=

2. How I run Caddy:

Caddy installed via curl+apt
Caddyfile in /etc/caddy/Caddyfile

a. System environment:

DigitalOcean droplet, Ubuntu 20.04 LTS
Jellyfin Stable Docker + Docker installed from official repo

b. Command:

N/A - service is running automatically.

c. Service/unit/compose file:

N/A

d. My complete Caddyfile or JSON config:

6.synthfleshop.casa {
        reverse_proxy 127.0.0.1:8096
}

3. The problem I’m having:

I can access Jellyfin at http://6.synthfleshop.casa:8096 and see a Caddy webpage at http://6.synthfleshop.casa/ however I’m unable to access either page via HTTPS.

4. Error messages and/or full log output:

5. What I already tried:

I followed these steps from another person trying to setup Jellyfin and it didn’t help.

caddy reload
reload: no config file to load

systemctl reload caddy didn’t help.

ufw status

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
8096                       ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
8096 (v6)                  ALLOW       Anywhere (v6)

6. Links to relevant resources:

matt · June 1, 2021, 11:46pm

I might be missing something, but how is this not applicable if you’re running Caddy with systemctl?

You missed this section too. What are the error messages and logs?

Please help us help you.

tranquilo · June 1, 2021, 11:58pm

Sorry, the documentation wasn’t super clear for me on where to find this information.

I might be missing something, but how is this not applicable if you’re running Caddy with systemctl?

I thought this was only related to using Caddy via Docker since the documentation didn’t seem to mention service or unit. Where/how can I find this?

You missed this section too. What are the error messages and logs?

What is the command and/or location for these? None of the commands appear to relate to logs and the Logs page in the documentation doesn’t say a location or command for them either.

francislavoie · June 2, 2021, 1:43am

When running as a systemd service, you can see your logs with the journalctl command. For example:

journalctl -u caddy --no-pager | less

If you installed Caddy with the apt repo, then the systemd service is already wired up for you. The service file is in /lib/systemd/system/caddy.service. It’s likely still the default if you haven’t touched it, so that’s of no concern.

tranquilo · June 2, 2021, 2:40am

Well I just tested my server again now and HTTPS seems to work. It’s been almost 8 hours since I started Caddy, looking at the logs it looks like it took 3.5 hours for the SSL certificate to get issued. Is that a typical timeframe?

journalctl -u caddy --no-pager | less

-- Logs begin at Tue 2021-06-01 19:54:51 UTC, end at Wed 2021-06-02 02:26:51 UTC. --
Jun 01 20:11:02 6-Ubuntu-20 systemd[1]: Starting Caddy...
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: caddy.HomeDir=/var/lib/caddy
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: caddy.Version=v2.4.1 h1:kAJ0JB5Xk5gPdTH/27S5cyoMGqD5lBAe9yZ8zTjVJa0=
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: runtime.GOOS=linux
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: runtime.GOARCH=amd64
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: runtime.Compiler=gc
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: runtime.NumCPU=1
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: runtime.GOMAXPROCS=1
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: runtime.Version=go1.16.4
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: os.Getwd=/
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: LANG=C.UTF-8
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: NOTIFY_SOCKET=/run/systemd/notify
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: HOME=/var/lib/caddy
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: LOGNAME=caddy
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: USER=caddy
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: INVOCATION_ID=7e953732508b4c5b809fbeb6485feebe
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: JOURNAL_STREAM=9:47271
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622578262.718147,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622578262.7223623,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"ori
gins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622578262.7228007,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to
 this server","server_name":"srv0","http_port":80}
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622578262.7248158,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jun 01 20:11:02 6-Ubuntu-20 systemd[1]: Started Caddy.
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622578262.7335143,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000255420"}
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622578262.7337933,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622578262.7343671,"logger":"tls","msg":"finished cleaning storage units"}
Jun 01 20:11:02 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622578262.7366085,"msg":"serving initial configuration"}
Jun 01 23:37:32 6-Ubuntu-20 systemd[1]: Reloading Caddy.
Jun 01 23:37:32 6-Ubuntu-20 caddy[15443]: {"level":"info","ts":1622590652.7544327,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Jun 01 23:37:32 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590652.7609093,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:35860","headers":{"Accept-Encoding":["gzip"],"Content-Length":["256"],"Content-Type":["application/json"],"Origin":["localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Jun 01 23:37:32 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590652.7634828,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["[::1]:2019","127.0.0.1:2019","localhost:2019"]}
Jun 01 23:37:32 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590652.7641997,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Jun 01 23:37:32 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590652.764419,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Jun 01 23:37:32 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590652.7660558,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["6.synthfleshop.casa"]}
Jun 01 23:37:32 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590652.767098,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002544d0"}
Jun 01 23:37:32 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590652.7696478,"logger":"tls.obtain","msg":"acquiring lock","identifier":"6.synthfleshop.casa"}
Jun 01 23:37:32 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590652.7744827,"logger":"tls.obtain","msg":"lock acquired","identifier":"6.synthfleshop.casa"}
Jun 01 23:37:32 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590652.7810853,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc000255420"}
Jun 01 23:37:32 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590652.7814288,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jun 01 23:37:32 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590652.7822902,"logger":"admin.api","msg":"load complete"}
Jun 01 23:37:32 6-Ubuntu-20 systemd[1]: Reloaded Caddy.
Jun 01 23:37:32 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590652.7889054,"logger":"admin","msg":"stopped previous server","address":"tcp/localhost:2019"}
Jun 01 23:37:33 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590653.772764,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["6.synthfleshop.casa"]
Jun 01 23:37:33 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590653.7734945,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["6.synthfleshop.casa"]}
Jun 01 23:37:34 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590654.2323594,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"6.synthfleshop.casa","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Jun 01 23:37:34 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590654.7943099,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"6.synthfleshop.casa","challenge":"http-01","remote":"66.133.109.36:16672","distributed":false}
Jun 01 23:37:34 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590654.7966096,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"6.synthfleshop.casa","challenge":"http-01","remote":"3.120.130.29:23518","distributed":false}
Jun 01 23:37:35 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590655.0438855,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"6.synthfleshop.casa","challenge":"http-01","remote":"3.19.56.43:26126","distributed":false}
Jun 01 23:37:35 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590655.6391523,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"6.synthfleshop.casa","challenge":"http-01","remote":"54.189.22.122:29628","distributed":false}
Jun 01 23:37:36 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590656.0830436,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-v02.api.letsencrypt.org/acme/order/125637358/10109995007"}
Jun 01 23:37:37 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590657.233821,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":2,"first_url":"https://acme-v02.api.letsencrypt.org/acme/cert/030e37a3aef4c697135930629f6ba82b1a74"}
Jun 01 23:37:37 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590657.2350888,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"6.synthfleshop.casa"}
Jun 01 23:37:37 6-Ubuntu-20 caddy[11304]: {"level":"info","ts":1622590657.2353427,"logger":"tls.obtain","msg":"releasing lock","identifier":"6.synthfleshop.casa"}

/lib/systemd/system/caddy.service

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

francislavoie · June 2, 2021, 4:36am

You had just never reloaded Caddy after first editing your config. It issued a certificate immediately after being reloaded with the correct config. Notice that you see no mention of your domain in the logs until just before it was issued.

tranquilo · June 2, 2021, 12:28pm

How do you reload then? I tried to:

As well as a full reboot of the server didn’t help either.

francislavoie · June 2, 2021, 3:22pm

sudo systemctl reload caddy is the right command.

Are you sure you had saved /etc/caddy/Caddyfile correctly, after modifying it?

tranquilo · June 20, 2021, 11:32pm

I’m pretty sure I did, just sudo nano /etc/caddy/Caddyfile then saved the text:

6.synthfleshop.casa {
        reverse_proxy 127.0.0.1:8096
}

I can’t recall if I did sudo before systemctl reload caddy, maybe that was it.

system · July 1, 2021, 11:41pm

This topic was automatically closed after 30 days. New replies are no longer allowed.