1. The problem I’m having:
Within my local network, I cannot access any of my services via URL. If I use the local IP, I can. For example pics.smithbury.com
fails but 192.168.1.118:2283
works. I can access the services via mobile device, not connected to local network. A complication to this is I have Authentik for SSO setup which my services need to reference but cannot because internally the URL cannot be found.
This is an intermittent issue I’ve experienced previously which seems to go away overnight. But I haven’t worked out why.
I switched my DNS from 8.8.8.8 to 1.1.1.1 and used the purge cache tool, thinking it was simple DNS. But after flushing my workstation DNS (Win11, ipconfig /flushdns), the issue continues
2. Error messages and/or full log output:
I’m not seeing errors within Caddy logs, just time out in browser. Here is the log after a reload and trying to access pics.smithbury.com
.
Apr 12 12:05:49 hermes systemd[1]: Reloading Caddy...
Apr 12 12:05:49 hermes caddy[19241]: {"level":"info","ts":1744459549.8273442,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Apr 12 12:05:49 hermes caddy[19241]: {"level":"info","ts":1744459549.8320148,"msg":"adapted config to JSON","adapter":"caddyfile"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.8339176,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"59524","headers":{"Accept-Encoding":["gzip"],"Cache-Control":["must-revalidate"],"Content-Length":["28534"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.837975,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.838961,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.8393772,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"debug","ts":1744459549.8399823,"logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{"subjects":["prowlarr.smithbury.com","hoarder.smithbury.com","request.smithbury.com","readarr.smithbury.com","budget.smithbury.com","bazarr.smithbury.com","dockge.smithbury.com","lidarr.smithbury.com","radarr.smithbury.com","sonarr.smithbury.com","wallos.smithbury.com","auth.smithbury.com","pics.smithbury.com","plex.smithbury.com","rss.smithbury.com","nzb.smithbury.com","vik.smithbury.com","ab.smithbury.com","qb.smithbury.com"]},{}]}},"http":{"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}],"logs":{"logger_names":{"ab.smithbury.com":["log1"],"auth.smithbury.com":["log2"],"bazarr.smithbury.com":["log3"],"budget.smithbury.com":["log0"],"dockge.smithbury.com":["log4"],"hoarder.smithbury.com":["log5"],"lidarr.smithbury.com":["log7"],"nzb.smithbury.com":["log14"],"pics.smithbury.com":["log6"],"plex.smithbury.com":["log9"],"prowlarr.smithbury.com":["log10"],"qb.smithbury.com":["log11"],"radarr.smithbury.com":["log12"],"readarr.smithbury.com":["log13"],"request.smithbury.com":["log8"],"sonarr.smithbury.com":["log15"],"vik.smithbury.com":["log16"],"wallos.smithbury.com":["log17"]},"skip_hosts":["rss.smithbury.com"]}},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handle_response":[{"match":{"status_code":[2]},"routes":[{"handle":[{"handler":"vars"}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Email":["{http.reverse_proxy.header.X-Authentik-Email}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Email}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Groups":["{http.reverse_proxy.header.X-Authentik-Groups}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Groups}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Jwt":["{http.reverse_proxy.header.X-Authentik-Jwt}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Jwt}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-App":["{http.reverse_proxy.header.X-Authentik-Meta-App}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-App}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Jwks":["{http.reverse_proxy.header.X-Authentik-Meta-Jwks}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Jwks}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Outpost":["{http.reverse_proxy.header.X-Authentik-Meta-Outpost}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Outpost}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Provider":["{http.reverse_proxy.header.X-Authentik-Meta-Provider}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Provider}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Version":["{http.reverse_proxy.header.X-Authentik-Meta-Version}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Version}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Name":["{http.reverse_proxy.header.X-Authentik-Name}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Name}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Uid":["{http.reverse_proxy.header.X-Authentik-Uid}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Uid}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Username":["{http.reverse_proxy.header.X-Authentik-Username}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Username}":[""]}}]}]}]}],"handler":"reverse_proxy","headers":{"request":{"set":{"X-Forwarded-Method":["{http.request.method}"],"X-Forwarded-Uri":["{http.request.uri}"]}}},"rewrite":{"method":"GET","uri":"/outpost.goauthentik.io/auth/caddy"},"upstreams":[{"dial":"192.168.1.118:9000"}]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:9000"}]}],"match":[{"path":["/outpost.goauthentik.io/*"]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.110:9696"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:3000"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:5055"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handle_response":[{"match":{"status_code":[2]},"routes":[{"handle":[{"handler":"vars"}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Email":["{http.reverse_proxy.header.X-Authentik-Email}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Email}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Groups":["{http.reverse_proxy.header.X-Authentik-Groups}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Groups}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Jwt":["{http.reverse_proxy.header.X-Authentik-Jwt}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Jwt}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-App":["{http.reverse_proxy.header.X-Authentik-Meta-App}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-App}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Jwks":["{http.reverse_proxy.header.X-Authentik-Meta-Jwks}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Jwks}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Outpost":["{http.reverse_proxy.header.X-Authentik-Meta-Outpost}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Outpost}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Provider":["{http.reverse_proxy.header.X-Authentik-Meta-Provider}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Provider}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Version":["{http.reverse_proxy.header.X-Authentik-Meta-Version}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Version}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Name":["{http.reverse_proxy.header.X-Authentik-Name}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Name}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Uid":["{http.reverse_proxy.header.X-Authentik-Uid}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Uid}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Username":["{http.reverse_proxy.header.X-Authentik-Username}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Username}":[""]}}]}]}]}],"handler":"reverse_proxy","headers":{"request":{"set":{"X-Forwarded-Method":["{http.request.method}"],"X-Forwarded-Uri":["{http.request.uri}"]}}},"rewrite":{"method":"GET","uri":"/outpost.goauthentik.io/auth/caddy"},"upstreams":[{"dial":"192.168.1.118:9000"}]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:9000"}]}],"match":[{"path":["/outpost.goauthentik.io/*"]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.110:8787"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:5006"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handle_response":[{"match":{"status_code":[2]},"routes":[{"handle":[{"handler":"vars"}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Email":["{http.reverse_proxy.header.X-Authentik-Email}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Email}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Groups":["{http.reverse_proxy.header.X-Authentik-Groups}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Groups}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Jwt":["{http.reverse_proxy.header.X-Authentik-Jwt}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Jwt}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-App":["{http.reverse_proxy.header.X-Authentik-Meta-App}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-App}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Jwks":["{http.reverse_proxy.header.X-Authentik-Meta-Jwks}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Jwks}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Outpost":["{http.reverse_proxy.header.X-Authentik-Meta-Outpost}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Outpost}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Provider":["{http.reverse_proxy.header.X-Authentik-Meta-Provider}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Provider}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Version":["{http.reverse_proxy.header.X-Authentik-Meta-Version}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Version}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Name":["{http.reverse_proxy.header.X-Authentik-Name}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Name}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Uid":["{http.reverse_proxy.header.X-Authentik-Uid}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Uid}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Username":["{http.reverse_proxy.header.X-Authentik-Username}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Username}":[""]}}]}]}]}],"handler":"reverse_proxy","headers":{"request":{"set":{"X-Forwarded-Method":["{http.request.method}"],"X-Forwarded-Uri":["{http.request.uri}"]}}},"rewrite":{"method":"GET","uri":"/outpost.goauthentik.io/auth/caddy"},"upstreams":[{"dial":"192.168.1.118:9000"}]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:9000"}]}],"match":[{"path":["/outpost.goauthentik.io/*"]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:6767"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handle_response":[{"match":{"status_code":[2]},"routes":[{"handle":[{"handler":"vars"}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Email":["{http.reverse_proxy.header.X-Authentik-Email}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Email}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Groups":["{http.reverse_proxy.header.X-Authentik-Groups}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Groups}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Jwt":["{http.reverse_proxy.header.X-Authentik-Jwt}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Jwt}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-App":["{http.reverse_proxy.header.X-Authentik-Meta-App}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-App}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Jwks":["{http.reverse_proxy.header.X-Authentik-Meta-Jwks}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Jwks}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Outpost":["{http.reverse_proxy.header.X-Authentik-Meta-Outpost}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Outpost}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Provider":["{http.reverse_proxy.header.X-Authentik-Meta-Provider}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Provider}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Version":["{http.reverse_proxy.header.X-Authentik-Meta-Version}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Version}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Name":["{http.reverse_proxy.header.X-Authentik-Name}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Name}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Uid":["{http.reverse_proxy.header.X-Authentik-Uid}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Uid}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Username":["{http.reverse_proxy.header.X-Authentik-Username}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Username}":[""]}}]}]}]}],"handler":"reverse_proxy","headers":{"request":{"set":{"X-Forwarded-Method":["{http.request.method}"],"X-Forwarded-Uri":["{http.request.uri}"]}}},"rewrite":{"method":"GET","uri":"/outpost.goauthentik.io/auth/caddy"},"upstreams":[{"dial":"192.168.1.118:9000"}]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:9000"}]}],"match":[{"path":["/outpost.goauthentik.io/*"]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:5001"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handle_response":[{"match":{"status_code":[2]},"routes":[{"handle":[{"handler":"vars"}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Email":["{http.reverse_proxy.header.X-Authentik-Email}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Email}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Groups":["{http.reverse_proxy.header.X-Authentik-Groups}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Groups}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Jwt":["{http.reverse_proxy.header.X-Authentik-Jwt}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Jwt}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-App":["{http.reverse_proxy.header.X-Authentik-Meta-App}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-App}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Jwks":["{http.reverse_proxy.header.X-Authentik-Meta-Jwks}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Jwks}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Outpost":["{http.reverse_proxy.header.X-Authentik-Meta-Outpost}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Outpost}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Provider":["{http.reverse_proxy.header.X-Authentik-Meta-Provider}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Provider}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Version":["{http.reverse_proxy.header.X-Authentik-Meta-Version}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Version}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Name":["{http.reverse_proxy.header.X-Authentik-Name}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Name}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Uid":["{http.reverse_proxy.header.X-Authentik-Uid}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Uid}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Username":["{http.reverse_proxy.header.X-Authentik-Username}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Username}":[""]}}]}]}]}],"handler":"reverse_proxy","headers":{"request":{"set":{"X-Forwarded-Method":["{http.request.method}"],"X-Forwarded-Uri":["{http.request.uri}"]}}},"rewrite":{"method":"GET","uri":"/outpost.goauthentik.io/auth/caddy"},"upstreams":[{"dial":"192.168.1.118:9000"}]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:9000"}]}],"match":[{"path":["/outpost.goauthentik.io/*"]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.110:8686"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handle_response":[{"match":{"status_code":[2]},"routes":[{"handle":[{"handler":"vars"}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Email":["{http.reverse_proxy.header.X-Authentik-Email}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Email}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Groups":["{http.reverse_proxy.header.X-Authentik-Groups}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Groups}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Jwt":["{http.reverse_proxy.header.X-Authentik-Jwt}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Jwt}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-App":["{http.reverse_proxy.header.X-Authentik-Meta-App}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-App}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Jwks":["{http.reverse_proxy.header.X-Authentik-Meta-Jwks}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Jwks}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Outpost":["{http.reverse_proxy.header.X-Authentik-Meta-Outpost}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Outpost}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Provider":["{http.reverse_proxy.header.X-Authentik-Meta-Provider}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Provider}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Version":["{http.reverse_proxy.header.X-Authentik-Meta-Version}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Version}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Name":["{http.reverse_proxy.header.X-Authentik-Name}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Name}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Uid":["{http.reverse_proxy.header.X-Authentik-Uid}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Uid}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Username":["{http.reverse_proxy.header.X-Authentik-Username}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Username}":[""]}}]}]}]}],"handler":"reverse_proxy","headers":{"request":{"set":{"X-Forwarded-Method":["{http.request.method}"],"X-Forwarded-Uri":["{http.request.uri}"]}}},"rewrite":{"method":"GET","uri":"/outpost.goauthentik.io/auth/caddy"},"upstreams":[{"dial":"192.168.1.118:9000"}]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:9000"}]}],"match":[{"path":["/outpost.goauthentik.io/*"]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.110:7878"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handle_response":[{"match":{"status_code":[2]},"routes":[{"handle":[{"handler":"vars"}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Email":["{http.reverse_proxy.header.X-Authentik-Email}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Email}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Groups":["{http.reverse_proxy.header.X-Authentik-Groups}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Groups}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Jwt":["{http.reverse_proxy.header.X-Authentik-Jwt}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Jwt}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-App":["{http.reverse_proxy.header.X-Authentik-Meta-App}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-App}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Jwks":["{http.reverse_proxy.header.X-Authentik-Meta-Jwks}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Jwks}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Outpost":["{http.reverse_proxy.header.X-Authentik-Meta-Outpost}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Outpost}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Provider":["{http.reverse_proxy.header.X-Authentik-Meta-Provider}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Provider}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Meta-Version":["{http.reverse_proxy.header.X-Authentik-Meta-Version}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Meta-Version}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Name":["{http.reverse_proxy.header.X-Authentik-Name}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Name}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Uid":["{http.reverse_proxy.header.X-Authentik-Uid}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Uid}":[""]}}]}]},{"handle":[{"handler":"headers","request":{"set":{"X-Authentik-Username":["{http.reverse_proxy.header.X-Authentik-Username}"]}}}],"match":[{"not":[{"vars":{"{http.reverse_proxy.header.X-Authentik-Username}":[""]}}]}]}]}],"handler":"reverse_proxy","headers":{"request":{"set":{"X-Forwarded-Method":["{http.request.method}"],"X-Forwarded-Uri":["{http.request.uri}"]}}},"rewrite":{"method":"GET","uri":"/outpost.goauthentik.io/auth/caddy"},"upstreams":[{"dial":"192.168.1.118:9000"}]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:9000"}]}],"match":[{"path":["/outpost.goauthentik.io/*"]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.110:8989"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:8282"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:9000"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:2283"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.117:32400"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:8778"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.110:8080"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:3456"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.118:13378"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.110:8998"}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{},"logs":{"logger_names":{"ab.smithbury.com":["log1"],"auth.smithbury.com":["log2"],"bazarr.smithbury.com":["log3"],"budget.smithbury.com":["log0"],"dockge.smithbury.com":["log4"],"hoarder.smithbury.com":["log5"],"lidarr.smithbury.com":["log7"],"nzb.smithbury.com":["log14"],"pics.smithbury.com":["log6"],"plex.smithbury.com":["log9"],"prowlarr.smithbury.com":["log10"],"qb.smithbury.com":["log11"],"radarr.smithbury.com":["log12"],"readarr.smithbury.com":["log13"],"request.smithbury.com":["log8"],"sonarr.smithbury.com":["log15"],"vik.smithbury.com":["log16"],"wallos.smithbury.com":["log17"]},"skip_hosts":["rss.smithbury.com"]}}}}}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.844794,"logger":"crowdsec","msg":"initializing streaming bouncer","instance_id":"e9ef8e27"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.8452852,"logger":"crowdsec","msg":"using API key auth","instance_id":"e9ef8e27","address":"http://localhost:8080/"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.8457115,"logger":"crowdsec","msg":"started","instance_id":"e9ef8e27"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.846053,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"debug","ts":1744459549.84641,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.8470383,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Apr 12 12:05:49 hermes caddy[603]: {"level":"warn","ts":1744459549.8474145,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"debug","ts":1744459549.8478038,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
Apr 12 12:05:49 hermes caddy[603]: {"level":"warn","ts":1744459549.8482625,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":80"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.8486207,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.848678,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["nzb.smithbury.com","bazarr.smithbury.com","hoarder.smithbury.com","dockge.smithbury.com","qb.smithbury.com","vik.smithbury.com","readarr.smithbury.com","rss.smithbury.com","request.smithbury.com","budget.smithbury.com","pics.smithbury.com","lidarr.smithbury.com","auth.smithbury.com","wallos.smithbury.com","sonarr.smithbury.com","ab.smithbury.com","prowlarr.smithbury.com","radarr.smithbury.com","plex.smithbury.com"]}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.8487616,"logger":"http","msg":"servers shutting down with eternal grace period"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"debug","ts":1744459549.8468664,"logger":"crowdsec","msg":"starting streaming bouncer","instance_id":"e9ef8e27"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"debug","ts":1744459549.8468728,"logger":"crowdsec","msg":"starting decision processing","instance_id":"e9ef8e27"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"debug","ts":1744459549.8468757,"logger":"crowdsec","msg":"starting metrics provider","instance_id":"e9ef8e27"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.8489597,"logger":"crowdsec","msg":"usage metrics disabled","instance_id":"e9ef8e27","address":"http://localhost:8080/"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"debug","ts":1744459549.8468804,"logger":"dynamic_dns","msg":"beginning IP address check"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.8493705,"logger":"crowdsec","msg":"stopping ...","instance_id":"7b167817"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.8494563,"logger":"crowdsec","msg":"processing new and deleted decisions stopped","instance_id":"7b167817"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.8515637,"logger":"crowdsec","msg":"finished","instance_id":"7b167817"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.8517025,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.8520095,"logger":"admin.api","msg":"load complete"}
Apr 12 12:05:49 hermes systemd[1]: Reloaded Caddy.
Apr 12 12:05:49 hermes caddy[603]: {"level":"info","ts":1744459549.856836,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"debug","ts":1744459549.92485,"logger":"dynamic_dns.ip_sources.simple_http","msg":"lookup","type":"IPv4","endpoint":"https://icanhazip.com","ip":"118.210.34.26"}
Apr 12 12:05:49 hermes caddy[603]: {"level":"debug","ts":1744459549.924869,"logger":"dynamic_dns","msg":"no IP address change; no update needed"}
Apr 12 12:05:50 hermes caddy[603]: {"level":"debug","ts":1744459550.766459,"logger":"crowdsec","msg":"processing 4809 deleted decisions","instance_id":"e9ef8e27"}
Apr 12 12:05:50 hermes caddy[603]: {"level":"debug","ts":1744459550.7673793,"logger":"crowdsec","msg":"skipped logging for 4809 deleted decisions","instance_id":"e9ef8e27"}
Apr 12 12:05:50 hermes caddy[603]: {"level":"debug","ts":1744459550.767824,"logger":"crowdsec","msg":"finished processing 4809 deleted decisions","instance_id":"e9ef8e27"}
Apr 12 12:05:50 hermes caddy[603]: {"level":"debug","ts":1744459550.7681997,"logger":"crowdsec","msg":"processing 80993 new decisions","instance_id":"e9ef8e27"}
Apr 12 12:05:50 hermes caddy[603]: {"level":"debug","ts":1744459550.8349693,"logger":"crowdsec","msg":"skipped logging for 80993 new decisions","instance_id":"e9ef8e27"}
Apr 12 12:05:50 hermes caddy[603]: {"level":"debug","ts":1744459550.8366854,"logger":"crowdsec","msg":"finished processing 80993 new decisions","instance_id":"e9ef8e27"}
3. Caddy version:
v2.9.0 h1:rteY8N18LsQn+2KVk6R10Vg/AlNsID1N/Ek9JLjm2yE=
4. How I installed and ran Caddy:
Installed directly using this guide.
a. System environment:
OS: Ubuntu 22.04.5 LTS
Architecture: 64 bit
Systemd: Yes.
Installed using these instructions. Then default installed replaced with custom pakage these instructions.
This is the custom package I used which includes plugins for:
- Caddy DNS
- Caddy Dynamic DNS
- CrowdSec
- DNS Provider Cloudflare
b. Command:
sudo systemctl reload caddy.service
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
{
debug # Uncomment to enable debug logs
email [EMAIL]
acme_dns cloudflare [APIKEY]
dynamic_dns {
provider cloudflare [APIKEY]
domains {
smithbury.com @ *
}
versions ipv4
}
crowdsec {
api_url http://localhost:8080
api_key [APIKEY]
ticker_interval 15s
}
order crowdsec before encode
}
(authentik) {
reverse_proxy /outpost.goauthentik.io/* 192.168.1.118:9000
forward_auth 192.168.1.118:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
}
}
(log) {
log {
output file /var/log/caddy/{args[0]}.log
}
}
# ActualBudget
budget.smithbury.com {
import log actualbudget
reverse_proxy 192.168.1.118:5006
}
# AudiobookShelf
ab.smithbury.com {
import log audiobookshelf
reverse_proxy 192.168.1.118:13378
}
# Authentik
auth.smithbury.com {
import log authentik
reverse_proxy 192.168.1.118:9000
}
# Bazarr
bazarr.smithbury.com {
import authentik
import log bazarr
reverse_proxy 192.168.1.118:6767
}
# Dockge
dockge.smithbury.com {
import authentik
import log dockge
reverse_proxy 192.168.1.118:5001
}
# FreshRSS
rss.smithbury.com {
# import authentik
# import log freshrss
reverse_proxy 192.168.1.118:8778
}
# Hoarder
hoarder.smithbury.com {
import log hoarder
reverse_proxy 192.168.1.118:3000
}
# Immich
pics.smithbury.com {
import log immich
reverse_proxy 192.168.1.118:2283
}
# Lidarr
lidarr.smithbury.com {
import authentik
import log lidarr
reverse_proxy 192.168.1.110:8686
}
# Overseerr
request.smithbury.com {
import log overseerr
reverse_proxy 192.168.1.118:5055
}
# Plex
plex.smithbury.com {
import log plex
reverse_proxy 192.168.1.117:32400
}
# Prowlarr
prowlarr.smithbury.com {
import authentik
import log prowlarr
reverse_proxy 192.168.1.110:9696
}
# qBittorent
qb.smithbury.com {
import log qbittorrent
reverse_proxy 192.168.1.110:8998
}
# Radarr
radarr.smithbury.com {
import authentik
import log radarr
reverse_proxy 192.168.1.110:7878
}
# Readarr
readarr.smithbury.com {
import authentik
import log readarr
reverse_proxy 192.168.1.110:8787
}
# SABnzbd
nzb.smithbury.com {
# import authentik
import log sabnzbd
reverse_proxy 192.168.1.110:8080
}
# Sonarr
sonarr.smithbury.com {
import authentik
import log sonarr
reverse_proxy 192.168.1.110:8989
}
# Vikunja
vik.smithbury.com {
import log vikunja
reverse_proxy 192.168.1.118:3456
}
# Wallos
wallos.smithbury.com {
import log wallos
reverse_proxy 192.168.1.118:8282
}
5. Links to relevant resources:
NA