Thank you for the quick response and hints. I updated and validated the config file and it passed so looking better now. I dont use ipv6 so I have added a rule for that and I forgot to include full log I see lol long night. I am now trying to understand if the env is being passed (doesnt look like based on log errors) and if I placed it in the right place in the override.conf file.
2. Error messages and/or full log output:
AJC2:~:# journalctl -u caddy --no-pager | less +G
AJC2:~:# sudo systemctl daemon-reload
AJC2:~:# sudo systemctl restart caddy
AJC2:~:# sudo systemctl status caddy.service
● caddy.service - Caddy
Loaded: loaded (/etc/systemd/system/caddy.service; enabled; preset: enabled)
Drop-In: /etc/systemd/system/caddy.service.d
└─override.conf
Active: active (running) since Sun 2023-11-26 02:19:19 EST; 4s ago
Docs: https://caddyserver.com/docs/
Main PID: 219149 (caddy)
Tasks: 9 (limit: 1979)
Memory: 23.8M
CPU: 642ms
CGroup: /system.slice/caddy.service
└─219149 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.2303421,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.2306597,"msg":"serving initial configuration"}
Nov 26 02:19:19 AJC2 systemd[1]: Started caddy.service - Caddy.
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"error","ts":1700983159.451397,"logger":"dynamic_dns","msg":"unable to lookup current IPs from DNS records","error":"got error status: HTTP 400: [{Code:6003 Mes>
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"debug","ts":1700983159.4515085,"logger":"dynamic_dns","msg":"looked up current IPs from DNS","lastIPs":null}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"debug","ts":1700983159.6938748,"logger":"dynamic_dns.ip_sources.simple_http","msg":"lookup","type":"IPv4","endpoint":"https://api64.ipify.org","ip":"74.88.15.1>
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.6940098,"logger":"dynamic_dns","msg":"updating DNS record","zone":"ajnas.site","type":"A","name":"jellyfin","value":"74.88.15.100","ttl":>
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"error","ts":1700983159.8045983,"logger":"dynamic_dns","msg":"failed setting DNS record(s) with new IP address(es)","zone":"ajnas.site","error":"got error statu>
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.804718,"logger":"dynamic_dns","msg":"finished updating DNS","current_ips":["74.88.15.100"]}
Nov 26 02:19:23 AJC2 systemd[1]: /etc/systemd/system/caddy.service.d/override.conf:30: Assignment outside of section. Ignoring.
AJC2:~:# journalctl -u caddy --no-pager | less +G
Nov 26 02:19:19 AJC2 caddy[219149]: runtime.GOMAXPROCS=4
Nov 26 02:19:19 AJC2 caddy[219149]: runtime.Version=go1.21.3
Nov 26 02:19:19 AJC2 caddy[219149]: os.Getwd=/
Nov 26 02:19:19 AJC2 caddy[219149]: LANG=en_US.UTF-8
Nov 26 02:19:19 AJC2 caddy[219149]: LANGUAGE=en_US.UTF-8
Nov 26 02:19:19 AJC2 caddy[219149]: LC_MESSAGES=en_US.UTF-8
Nov 26 02:19:19 AJC2 caddy[219149]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Nov 26 02:19:19 AJC2 caddy[219149]: NOTIFY_SOCKET=/run/systemd/notify
Nov 26 02:19:19 AJC2 caddy[219149]: HOME=/var/lib/caddy
Nov 26 02:19:19 AJC2 caddy[219149]: LOGNAME=caddy
Nov 26 02:19:19 AJC2 caddy[219149]: USER=caddy
Nov 26 02:19:19 AJC2 caddy[219149]: INVOCATION_ID=0c8fb033f5aa44ffbf0ba884165c85bb
Nov 26 02:19:19 AJC2 caddy[219149]: JOURNAL_STREAM=8:1228977
Nov 26 02:19:19 AJC2 caddy[219149]: SYSTEMD_EXEC_PID=219149
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.2089782,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.2213807,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.222371,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x4000c44d80"}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.2227998,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.2228997,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"debug","ts":1700983159.223114,"logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{"subjects":["jellyfin.ajnas.site"]},{}]}},"http":{"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}],"logs":{"logger_names":{"jellyfin.ajnas.site":"log0"}}},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"headers","response":{"set":{"Cache-Control":["public, max-age=15, must-revalidate"],"Content-Security-Policy":["upgrade-insecure-requests"],"Feature-Policy":["accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture *; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none'"],"Referrer-Policy":["strict-origin-when-cross-origin"],"Strict-Transport-Security":["max-age=31536000; includeSubDomains; preload"],"X-Content-Type-Options":["nosniff"],"X-Frame-Options":["DENY"],"X-Xss-Protection":["1; mode=block"]}}},{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.10:54321"}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{},"logs":{"logger_names":{"jellyfin.ajnas.site":"log0"}}}}}}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.2248187,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.2250953,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"debug","ts":1700983159.2259753,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.2260838,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"debug","ts":1700983159.2263668,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.2264595,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.2264888,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["jellyfin.ajnas.site"]}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"debug","ts":1700983159.2278984,"logger":"tls","msg":"loading managed certificate","domain":"jellyfin.ajnas.site","expiration":1705370001,"issuer_key":"acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.2289293,"logger":"tls","msg":"finished cleaning storage units"}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"debug","ts":1700983159.229272,"logger":"tls.cache","msg":"added certificate to cache","subjects":["jellyfin.ajnas.site"],"expiration":1705370001,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"6f076f559f7a3b83e034db1cd2d3a092e8df85bef1e3eb8b7592f5f5b8f6d402","cache_size":1,"cache_capacity":10000}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"debug","ts":1700983159.2294133,"logger":"events","msg":"event","name":"cached_managed_cert","id":"57a40791-47b1-437a-8b7d-8168d10a8fdb","origin":"tls","data":{"sans":["jellyfin.ajnas.site"]}}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"debug","ts":1700983159.2297754,"logger":"dynamic_dns","msg":"beginning IP address check"}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.2303421,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.2306597,"msg":"serving initial configuration"}
Nov 26 02:19:19 AJC2 systemd[1]: Started caddy.service - Caddy.
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"error","ts":1700983159.451397,"logger":"dynamic_dns","msg":"unable to lookup current IPs from DNS records","error":"got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}]"}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"debug","ts":1700983159.4515085,"logger":"dynamic_dns","msg":"looked up current IPs from DNS","lastIPs":null}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"debug","ts":1700983159.6938748,"logger":"dynamic_dns.ip_sources.simple_http","msg":"lookup","type":"IPv4","endpoint":"https://api64.ipify.org","ip":"74.88.15.100"}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.6940098,"logger":"dynamic_dns","msg":"updating DNS record","zone":"ajnas.site","type":"A","name":"jellyfin","value":"74.88.15.100","ttl":0}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"error","ts":1700983159.8045983,"logger":"dynamic_dns","msg":"failed setting DNS record(s) with new IP address(es)","zone":"ajnas.site","error":"got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}]"}
Nov 26 02:19:19 AJC2 caddy[219149]: {"level":"info","ts":1700983159.804718,"logger":"dynamic_dns","msg":"finished updating DNS","current_ips":["74.88.15.100"]}
Nov 26 02:19:23 AJC2 systemd[1]: /etc/systemd/system/caddy.service.d/override.conf:30: Assignment outside of section. Ignoring.
(END)
b. Command:
caddy.service:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
Also added override.conf file to above service as I am still not understanding how to pass an .env variable
Heres the override.conf Value:
### Editing /etc/systemd/system/caddy.service.d/override.conf
### Anything between here and the comment below will become the new contents of the file
### Lines below this comment will be discarded
### /etc/systemd/system/caddy.service
# # caddy.service
# #
# # For using Caddy with a config file.
# #
# # Make sure the ExecStart and ExecReload commands are correct
# # for your installation.
# #
# # See https://caddyserver.com/docs/install for instructions.
# #
# # WARNING: This service does not use the --resume flag, so if you
# # use the API to make changes, they will be overwritten by the
# # Caddyfile next time the service is restarted. If you intend to
# # use Caddy's API to configure it, add the --resume flag to the
# # `caddy run` command or use the caddy-api.service file instead.
#
# [Unit]
# Description=Caddy
# Documentation=https://caddyserver.com/docs/
# After=network.target network-online.target
# Requires=network-online.target
#
# [Service]
Environment="CLOUDFLARE_API_TOKEN=realkeyhere_F"
# Type=notify
# User=caddy
# Group=caddy
# ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
# ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
# TimeoutStopSec=5s
# LimitNOFILE=1048576
# LimitNPROC=512
# PrivateTmp=true
# ProtectSystem=full
# AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
#
# [Install]
# WantedBy=multi-user.target
d. My complete Caddy config:
{
email ajballa555@gmail.com
acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
# Global Option Block
debug
dynamic_dns {
provider cloudflare {env.CLOUDFLARE_API_TOKEN}
domains {
ajnas.site jellyfin
}
versions ipv4
}
}
jellyfin.ajnas.site {
# Your existing TLS and other configurations for this site
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
log {
output file /var/log/caddy/jellyfin-access.log {
roll_size 10MB
roll_keep 20
roll_keep_for 720h
}
}
reverse_proxy http://192.168.1.10:54321
import /etc/caddy/security.conf
}