1. Caddy version (caddy version):
v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=
2. How I run Caddy:
caddy run through docker on a raspberry pi4 with the path to the config set as volume mount
a. System environment:
docker on raspberry pi4
b. Command:
sudo docker start caddy
d. My complete Caddyfile or JSON config:
emby.from-pa.com
{
reverse_proxy 192.168.1.4
}
3. The problem I’m having:
I woke up this morning to my caddy hosted emby site saying “invalid certificate authority” in every browser. When i attempted to bypass that warning and continue to the site, i get “forbidden, your client does not have permission to get this page from this server”.
the absolutely strange thing is, this ONLY happens on LAN. On WAN it appears to work just fine.
As you can see, my caddy file is incredibly simple and has been running for months with no issue and then all of a sudden it stops working on WAN. What could have possibly happened?
4. Error messages and/or full log output:
5. What I already tried:
I’ve made separate docker caddy containers with all new config files and started from scratch to no avail
i’ve tried doing caddy untrust / trust commands.
I’ve tried apt-get update on the Pi to see if any of the openssl packages needed updating.
I’ve confirmed the Pi’s internal time is correct to see if that was causing any SSL cert issues
I’ve seen that using a CURL with https:emby.from-pa.com on the pi itself works fine, but doing it on any other LAN device results in some variation of “could not establish trust relation for the SSL/TLS secure channel”
on LAN typing the local IP + port pulls up emby just fine, but not emby.from-pa.com which makes me think it’s some sort of NAT hairpin issue that just suddenly emerged??
Any help at all is appreciated. I’ve been pulling my hair out at this all day and how this seemingly came from nowhere so i feel like it’s a really simple fix but i just can’t grasp it.