Using BirdNet-Pi with https

HaPeKa · June 22, 2025, 2:09pm

1. The problem I’m having:

Birdnet-Pi uses caddy but only http access is configured. I’d like to use https instead.

2. Error messages and/or full log output:

no error message, https don't work

3. Caddy version:

caddy version v2.10.0 h1:

4. How I installed and ran Caddy:

I did the birdnet-pi installation as described here:

a. System environment:

Raspberry Pi OS Lite 64bit

b. Command:

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

sudo more /etc/caddy/Caddyfile
http:// {
        root * /home/birder/BirdSongs/Extracted
        file_server browse
        handle /By_Date/* {
                file_server browse
        }
        handle /Charts/* {
                file_server browse
        }
        basicauth /views.php?view=File* {
                birdnet $2a$14$GifbyTv9vm1CrnVFXI9B5OLPWY.04aFErIWQ6HbBRhJb7KGRw81/O
        }
        basicauth /Processed* {
                birdnet $2a$14$GifbyTv9vm1CrnVFXI9B5OLPWY.04aFErIWQ6HbBRhJb7KGRw81/O
        }
        basicauth /scripts* {
                birdnet $2a$14$GifbyTv9vm1CrnVFXI9B5OLPWY.04aFErIWQ6HbBRhJb7KGRw81/O
        }
        basicauth /stream {
                birdnet $2a$14$GifbyTv9vm1CrnVFXI9B5OLPWY.04aFErIWQ6HbBRhJb7KGRw81/O
        }
        basicauth /phpsysinfo* {
                birdnet $2a$14$GifbyTv9vm1CrnVFXI9B5OLPWY.04aFErIWQ6HbBRhJb7KGRw81/O
        }
        basicauth /terminal* {
                birdnet $2a$14$GifbyTv9vm1CrnVFXI9B5OLPWY.04aFErIWQ6HbBRhJb7KGRw81/O
        }
        reverse_proxy /stream localhost:8000
        php_fastcgi unix//run/php/php-fpm.sock
        reverse_proxy /log* localhost:8080
        reverse_proxy /stats* localhost:8501
        reverse_proxy /terminal* localhost:8888
}

5. Links to relevant resources:

ferrybig · June 23, 2025, 6:22am

Replace the http:// { line (the first line) by your desired hostname when the website is ran using https, eg: netbird.example.com {

HaPeKa · June 23, 2025, 10:56am

Thank you @ferrybig

I did this, but could not connect. I read something about a selfsigned certificate for caddy. Is this installed by default or should I get a lets encrypt one?

I have another Raspberry with a lets encrypt certificate running on apache webserver, that works well. However, on that Raspberry there is no carry installed.

HaPeKa · June 23, 2025, 1:39pm

I managed to install a lets encrypt certificate and after connecting to the raspberry, I saw the apache welcome page instead of the birdnetpi caddy page.
Then I followed this solution:

sudo systemctl stop apache2
sudo systemctl disable apache2

# Check which version of php-fpm is installed
ls /run/php
php8.2-fpm.pid  php8.2-fpm.sock  php-fpm.sock

# edit the Caddy config file to point to this version
sudo vi /etc/caddy/Caddyfile

#
# old
#  php_fastcgi unix//run/php/php7.4-fpm.sock
#
# new
#  php_fastcgi unix//run/php/php8.2-fpm.sock
#

# Confirm the caddy user is unable to read the index file
sudo -u caddy ls -lrta /home/pi/BirdSongs/Extracted/index.php

# fix the permissions
sudo chmod -R g+rx /home/pi

# it should work now
sudo -u caddy ls -lrta /home/pi/BirdSongs/Extracted/index.php

# now restart the failed caddy service
sudo systemctl start caddy


I get then the following errors:

systemctl status caddy.service
× caddy.service - Caddy
     Loaded: loaded (/lib/systemd/system/caddy.service; enabled; preset: enabled)
    Drop-In: /etc/systemd/system/caddy.service.d
             └─override.conf
     Active: failed (Result: exit-code) since Mon 2025-06-23 15:29:29 CEST; 6min ago
       Docs: https://caddyserver.com/docs/
    Process: 2014 ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile (code=exited, status=1/FAILURE)
   Main PID: 2014 (code=exited, status=1/FAILURE)
     Status: "loading new config: http app module: start: listening on :80: listen tcp :80: bind: address already in us>
        CPU: 183ms

Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.36629,"logger":"http.auto_https","msg":"server >
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3663824,"logger":"http.auto_https","msg":"enabl>
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3679144,"logger":"tls.cache.maintenance","msg":>
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3813195,"logger":"http","msg":"enabling HTTP/3 >
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3818297,"logger":"http.log","msg":"server runni>
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3921013,"msg":"maxprocs: No GOMAXPROCS change t>
Jun 23 15:29:29 birdnetpi1 caddy[2014]: Error: loading initial config: loading new config: http app module: start: list>
Jun 23 15:29:29 birdnetpi1 systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Jun 23 15:29:29 birdnetpi1 systemd[1]: caddy.service: Failed with result 'exit-code'.
Jun 23 15:29:29 birdnetpi1 systemd[1]: Failed to start caddy.service - Caddy.

journalctl -xeu caddy.service
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.36629,"logger":"http.auto_https","msg":"server >
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3663824,"logger":"http.auto_https","msg":"enabl>
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3679144,"logger":"tls.cache.maintenance","msg":>
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3813195,"logger":"http","msg":"enabling HTTP/3 >
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3818297,"logger":"http.log","msg":"server runni>
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3921013,"msg":"maxprocs: No GOMAXPROCS change t>
Jun 23 15:29:29 birdnetpi1 caddy[2014]: Error: loading initial config: loading new config: http app module: start: list>
Jun 23 15:29:29 birdnetpi1 systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit caddy.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Jun 23 15:29:29 birdnetpi1 systemd[1]: caddy.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit caddy.service has entered the 'failed' state with result 'exit-code'.
Jun 23 15:29:29 birdnetpi1 systemd[1]: Failed to start caddy.service - Caddy.
░░ Subject: A start job for unit caddy.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit caddy.service has finished with a failure.
░░
░░ The job identifier is 1572 and the job result is failed.
...skipping...
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"warn","ts":1750685369.3560827,"logger":"config.adapter.caddyfile","ms>
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3595297,"msg":"adapted config to JSON","adapter>
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3650362,"logger":"admin","msg":"admin endpoint >
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.36629,"logger":"http.auto_https","msg":"server >
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3663824,"logger":"http.auto_https","msg":"enabl>
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3679144,"logger":"tls.cache.maintenance","msg":>
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3813195,"logger":"http","msg":"enabling HTTP/3 >
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3818297,"logger":"http.log","msg":"server runni>
Jun 23 15:29:29 birdnetpi1 caddy[2014]: {"level":"info","ts":1750685369.3921013,"msg":"maxprocs: No GOMAXPROCS change t>
Jun 23 15:29:29 birdnetpi1 caddy[2014]: Error: loading initial config: loading new config: http app module: start: list>
Jun 23 15:29:29 birdnetpi1 systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit caddy.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Jun 23 15:29:29 birdnetpi1 systemd[1]: caddy.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit caddy.service has entered the 'failed' state with result 'exit-code'.
Jun 23 15:29:29 birdnetpi1 systemd[1]: Failed to start caddy.service - Caddy.
░░ Subject: A start job for unit caddy.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit caddy.service has finished with a failure.
░░
░░ The job identifier is 1572 and the job result is failed.
lines 179-207/207 (END)

Why does caddy not start anymore?
'''

HaPeKa · July 2, 2025, 6:32pm

as there are no helpful hints on this issue, I tried a basic function and added birdnetpi1.local to the Caddyfile. When I try to connect with https the connection is redirected to http. Why does the automatic https function not work in this case?

Mohammed90 · July 2, 2025, 6:35pm

Definitely not Caddy doing it. Run curl -vL birdnetpi1.local and share the output.

HaPeKa · July 2, 2025, 7:02pm

thank you @Mohammed90 , that’s what I get, issuing the command:

curl -vL birdnetpi1.local
* Host birdnetpi1.local:80 was resolved.
* IPv6: fd77:2963:b4ba:0:9ee9:47d0:ecf0:6734
* IPv4: 192.168.5.114
*   Trying 192.168.5.114:80...
* Connected to birdnetpi1.local (192.168.5.114) port 80
> GET / HTTP/1.1
> Host: birdnetpi1.local
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://birdnetpi1.local/
< Server: Caddy
< Date: Wed, 02 Jul 2025 18:35:58 GMT
< Content-Length: 0
< 
* Closing connection
* Clear auth, redirects to port from 80 to 443
* Issue another request to this URL: 'https://birdnetpi1.local/'
* Host birdnetpi1.local:443 was resolved.
* IPv6: fd77:2963:b4ba:0:9ee9:47d0:ecf0:6734
* IPv4: 192.168.5.114
*   Trying 192.168.5.114:443...
* Connected to birdnetpi1.local (192.168.5.114) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

HaPeKa · July 14, 2025, 3:58pm

Just a short feedback. I could solve it with help from ChatGPT. In the end I had an issue with Google Chrome, that persistently transfered https traffic to http. Clearing browser cache an enabling HSTS solved it.

Furthermore, I decided to implement a reverse proxy, as I have two webserver and 2 birdnetpi devices, that should be accessible via https only from the outside. This works fine now.