Caddy and Reverse Proxy issues for Nextcloud, Transmission, and Netdata

[GJSchaller]

With the help of DanB35, I was able to set up a Caddy jail and reverse proxy on my TrueNAS. Let's Encrypt works, and I can resolve and view my domain both internally and externally at: https://gjschaller.homeftp.net - so far, so good.

Now, the problematic part - I have three Jails I set up with NAT that I want to proxy to. None of them are behaving. Before I get to the specific errors, here's my Caddyfile:

{
email gjschaller@gmail.com
}

gjschaller.homeftp.net {
root * /usr/local/www/html
file_server
reverse_proxy /nextcloud* 10.0.0.253:8283
reverse_proxy /netdata* 10.0.0.253:19999
reverse_proxy /transmission* 10.0.0.253:9091
}

https://gjschaller.homeftp.net/ - Works fine. Yay!

https://gjschaller.homeftp.net/nextcloud/ - gives a "400 Bad Request" error. (There's no data in this instance, so I don't mind posting about it until it's online - I will secure it more thoroughly before I move any data into it.)

https://gjschaller.homeftp.net/netdata/ - "File does not exist, or is not accessible: /usr/local/share/netdata/web/netdata/"

https://gjschaller.homeftp.net/transmission/ - gives a 409: Conflict error after typing in my username and password for Transmission.

I can tackle them one at a time. I didn't want to clutter the main Caddy thread with all three of these issues - if it will help, I can consolidate and post the solutions there once they're hashed out here.

Thank you for any help you can offer!

 

[danb35]

If you can create subdomains on your domain, that might be easier--cloud.gjschaller.homeftp.net, etc. Otherwise, look in the settings for the software in question to see if they support a setting for the path--I haven't worked with Netdata at all, but I'm pretty sure Transmission does. What you fundamentally want is a way to tell the software that it's serving out of /transmission or /netdata or... Some software just doesn't deal well with that, and expects to be at the root of whatever FQDN you're using. The setting in question is often called something like Base URL.

 

[GJSchaller]

For Nextcloud, this may clarify:

400 Bad Request​

The plain HTTP request was sent to HTTPS port

---

nginx

 

[danb35]

What happens if you change the relevant line to:

Code:

reverse_proxy /nextcloud* https://10.0.0.253:8283

 

[GJSchaller]

I then get a blank page, with no error.

 

[danb35]

Probably because the Nextcloud jail is using TLS with a self-signed cert. I don't recommend the plugin; I like my script instead for Nextcloud. But you should be able to add something like this to your Caddyfile to skip TLS certificate validation:

Code:

transport http {
    tls_insecure_skip_verify
}

But you might find more support on the Caddy forum--though I won't consider myself anything like a Caddy guru, I'm probably the closest there is to that her (along with @Basil Hendroff). There are actual gurus there who may be able to figure these out better than I can.

Edit: See also, for more detail on this directive:

reverse_proxy (Caddyfile directive) - Caddy Documentation

Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go

caddyserver.com

 

[GJSchaller]

I'll give this a shot tomorrow - brain is fried between this, a 3D printer, and my regular IT job today. Thank you for the help, and I'll follow up once I have more progress (or not...).

 

[danb35]

a 3D printer,

Those can induce major frustration. As can astrophotography rigs...

 

[GJSchaller]

I just saw your script - I'll check that out, thank you. Really, the only major apps I need to access from the outside world are NextCloud and Piwigo, but the latter one is a separate issue (the community plugin has been broken for some time, it seems). The others (NetData and Transmission) have no urgent need to be exposed, just a techie convenience.

 

[GJSchaller]

For documentation purposes, I am abandoning this attempt, and making a new one using a sub-domain instead of a directory. I'll start a new thread.