Trying to setup reverse proxy for two services in Ubuntu

1. The problem I’m having:

I have Nextcloud and Jellyfin setup and was simply running them by opening ports on the router, but could not get the ssl certificate to work for both services. In seeking an answer to that, it was suggested to run Caddy as a reverse proxy, then I would only need to have the ssl certificate on caddy, and it would work for both sites. I got caddy installed and running, but when I initially setup only the reverse proxy going to apache for nextcloud, I got the message that the site was not secure. I tried to add a redirect by path for jellyfin, and that gives an error that there are too many redirects. I know I do not have the Caddyfile setup correctly, but cannot figure how to do that, and how to make sure the ssl certificate from Let’s Encrypt is active and working.

2. Error messages and/or full log output:

May 31 18:53:59 porterfamserv caddy[2706]: runtime.GOARCH=amd64
May 31 18:53:59 porterfamserv caddy[2706]: runtime.Compiler=gc
May 31 18:53:59 porterfamserv caddy[2706]: runtime.NumCPU=4
May 31 18:53:59 porterfamserv caddy[2706]: runtime.GOMAXPROCS=4
May 31 18:53:59 porterfamserv caddy[2706]: runtime.Version=go1.20
May 31 18:53:59 porterfamserv caddy[2706]: os.Getwd=/
May 31 18:53:59 porterfamserv caddy[2706]: LANG=en_US.UTF-8
May 31 18:53:59 porterfamserv caddy[2706]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
May 31 18:53:59 porterfamserv caddy[2706]: NOTIFY_SOCKET=/run/systemd/notify
May 31 18:53:59 porterfamserv caddy[2706]: HOME=/var/lib/caddy
May 31 18:53:59 porterfamserv caddy[2706]: LOGNAME=caddy
May 31 18:53:59 porterfamserv caddy[2706]: USER=caddy
May 31 18:53:59 porterfamserv caddy[2706]: INVOCATION_ID=41bec738763b401d9a745b60d1ff8cfc
May 31 18:53:59 porterfamserv caddy[2706]: JOURNAL_STREAM=8:30242
May 31 18:53:59 porterfamserv caddy[2706]: SYSTEMD_EXEC_PID=2706
May 31 18:53:59 porterfamserv caddy[2706]: {"level":"info","ts":1685580839.769313,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
May 31 18:53:59 porterfamserv caddy[2706]: Error: adapting config using caddyfile: parsing caddyfile tokens for 'handle_path': /etc/caddy/Caddyfile:22 - Error during parsing: unrecognized directive: ] - are you sure your Caddyfile structure (nesting and braces) is correct?
May 31 18:53:59 porterfamserv systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
May 31 18:53:59 porterfamserv systemd[1]: caddy.service: Failed with result 'exit-code'.
May 31 18:53:59 porterfamserv systemd[1]: Failed to start Caddy.
May 31 18:56:05 porterfamserv systemd[1]: Starting Caddy...
May 31 18:56:05 porterfamserv caddy[2737]: caddy.HomeDir=/var/lib/caddy
May 31 18:56:05 porterfamserv caddy[2737]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
May 31 18:56:05 porterfamserv caddy[2737]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
May 31 18:56:05 porterfamserv caddy[2737]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
May 31 18:56:05 porterfamserv caddy[2737]: caddy.Version=v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
May 31 18:56:05 porterfamserv caddy[2737]: runtime.GOOS=linux
May 31 18:56:05 porterfamserv caddy[2737]: runtime.GOARCH=amd64
May 31 18:56:05 porterfamserv caddy[2737]: runtime.Compiler=gc
May 31 18:56:05 porterfamserv caddy[2737]: runtime.NumCPU=4
May 31 18:56:05 porterfamserv caddy[2737]: runtime.GOMAXPROCS=4
May 31 18:56:05 porterfamserv caddy[2737]: runtime.Version=go1.20
May 31 18:56:05 porterfamserv caddy[2737]: os.Getwd=/
May 31 18:56:05 porterfamserv caddy[2737]: LANG=en_US.UTF-8
May 31 18:56:05 porterfamserv caddy[2737]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
May 31 18:56:05 porterfamserv caddy[2737]: NOTIFY_SOCKET=/run/systemd/notify
May 31 18:56:05 porterfamserv caddy[2737]: HOME=/var/lib/caddy
May 31 18:56:05 porterfamserv caddy[2737]: LOGNAME=caddy
May 31 18:56:05 porterfamserv caddy[2737]: USER=caddy
May 31 18:56:05 porterfamserv caddy[2737]: INVOCATION_ID=13ebb8e68f474f14865c063ac9357c3a
May 31 18:56:05 porterfamserv caddy[2737]: JOURNAL_STREAM=8:30320
May 31 18:56:05 porterfamserv caddy[2737]: SYSTEMD_EXEC_PID=2737
May 31 18:56:05 porterfamserv caddy[2737]: {"level":"info","ts":1685580965.033834,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
May 31 18:56:05 porterfamserv caddy[2737]: {"level":"warn","ts":1685580965.034712,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":13}
May 31 18:56:05 porterfamserv caddy[2737]: {"level":"info","ts":1685580965.0352552,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
May 31 18:56:05 porterfamserv caddy[2737]: {"level":"info","ts":1685580965.0357912,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
May 31 18:56:05 porterfamserv caddy[2737]: {"level":"info","ts":1685580965.0358038,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
May 31 18:56:05 porterfamserv caddy[2737]: {"level":"info","ts":1685580965.0358677,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002827e0"}
May 31 18:56:05 porterfamserv caddy[2737]: {"level":"info","ts":1685580965.0361133,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
May 31 18:56:05 porterfamserv caddy[2737]: {"level":"info","ts":1685580965.0361814,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
May 31 18:56:05 porterfamserv caddy[2737]: {"level":"info","ts":1685580965.03622,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
May 31 18:56:05 porterfamserv caddy[2737]: {"level":"info","ts":1685580965.0362458,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
May 31 18:56:05 porterfamserv caddy[2737]: {"level":"info","ts":1685580965.0362513,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["anthporter.ddns.net"]}
May 31 18:56:05 porterfamserv caddy[2737]: {"level":"info","ts":1685580965.0368445,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
May 31 18:56:05 porterfamserv caddy[2737]: {"level":"info","ts":1685580965.036912,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
May 31 18:56:05 porterfamserv systemd[1]: Started Caddy.
May 31 18:56:05 porterfamserv caddy[2737]: {"level":"info","ts":1685580965.0371735,"logger":"tls","msg":"finished cleaning storage units"}
May 31 18:56:05 porterfamserv caddy[2737]: {"level":"info","ts":1685580965.037932,"msg":"serving initial configuration"}
(END)

3. Caddy version:

v2.6.4

4. How I installed and ran Caddy:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/gpg.key’ | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt’ | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

a. System environment:

Ubuntu Server 22.04

b. Command:

sudo systemctl start caddy
sudo systemctl restart caddy

c. Service/unit/compose file:

d. My complete Caddy config:

I KNOW this is incorrect for what I am trying to do, but don’t know how to format it.

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.

anthporter.ddns.net {
        reverse_proxy localhost:8080


        handle_path /jellyfin/* {
                rewrite * /jellyfin{uri}
                reverse_proxy localhost:8096
        }
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

5. Links to relevant resources:

See this article:

I suggest using subdomains for each service instead. Much easier.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.