Resource icon

Reverse Proxy using Caddy (with optional automatic TLS)

victort

Guru
Joined
Dec 31, 2021
Messages
952
Though it's possible, isn't this an invalid configuration? 192.168.foo is a Class C range, which should have subnets of 8 bits or fewer. I'm not even sure the router would recognize it, though that might depend on the router @dfrey18 is using.
My network is 192.168.0.0/23 which gives me 0.1-1.255

My network is huge.
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
I think the point there is that some routers will be assuming that can't be... I think using the 10 network to go from 24 toward 16 bit netmasks is the option that routers will be set up for.... obviously high quality equipment should handle it all properly, but who knows.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
Won't anybody think of 172.16.0.0/12?
Not out of habit... also I leave that alone for the crazy networking of Kubernetes.
 

dfrey18

Cadet
Joined
Jun 11, 2023
Messages
5
You really need to read up on IP subnetting, in which respect Google will be your friend. But in short, unless you've set things up in a very unusual way (and if you'd deliberately done so, you should already know all of this), 192.168.0.x is a separate network from 192.168.1.x--those are both Class C subnets, with 24-bit netmasks. If you're running devices on more than one network, you'd need something to route between those two. It's possible--but frankly bizarre, and technically invalid--to set yourself up with, say, a 23-bit subnet, but I can't think of any reason you'd want to do so; if you need more than ~200 devices on a single network, just use one of the Class B ranges in 172.16.0.0/12.

tl;dr: if your router is at 192.168.0.1, everything on your network should probably have an address of 192.168.0.x.
Thank you. This is extremely helpful, especially the tl;dr. I had a feeling my problem was one of (a lack of) education, and not a bug or anything. I am only a novice but I truly want to learn more about networking rather than rely on others to figure out my problems. I knew there was something I needed to learn here, something I was missing, but I didn't know what, and you pointed me in the right direction. Sorry it was such a simple issue, I should have been able to figure it out myself. Thanks for your kind help.

I changed my jail ip to match the gateway network address. The install still wasn't successful, and it printed the error that the plugin wasn't installed successfully. I did some googling and the solution I found was to add master to the two xcaddy build commands in caddy-jail.sh. Caddy appears to have successfully installed after adding that.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466
I did some googling and the solution I found was to add master to the two xcaddy build commands in caddy-jail.sh.
Ah, that's likely a bug in my script. I'll take a look at that.
I leave that alone for the crazy networking of Kubernetes.
Fair enough--and to be honest, I had to look up that range anyway.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466
I did some googling and the solution I found was to add master to the two xcaddy build commands in caddy-jail.sh.
Can you show me exactly what you changed? Because those lines appear identical to those in my Nextcloud script, and that's been working well for some time.
 

dfrey18

Cadet
Joined
Jun 11, 2023
Messages
5
Can you show me exactly what you changed? Because those lines appear identical to those in my Nextcloud script, and that's been working well for some time.
No problem, sorry for delay.

I changed lines 127 and 133, simply adding master in between build and --output, see below. Before making that change, I got the plugin not installed successfully error. After the change, it installed successfully.

if ! iocage exec "${JAIL_NAME}" xcaddy build master --output /usr/local/bin/caddy --with github.com/caddy-dns/"${DNS_PLUGIN}"
if ! iocage exec "${JAIL_NAME}" xcaddy build master --output /usr/local/bin/caddy

It's all working now, except that upon system restart, caddy doesn't automatically start the proxy even though, as far as I can tell, I have properly configured my caddyfile. I have to manually start it. I suspect I need to educate myself more about how caddy works.
 

Piereligio

Dabbler
Joined
Mar 9, 2021
Messages
13
Hi everyone, I'm having some SSL issues on my home assistant instance. I'm not having any problem on my nextcloud one, both are (well, home assistant was) reachable thanks to this caddy jail. The issue seems to be about expiration date (maybe). I was wondering how I could debug this and eventually force keys renewal. Thanks in advance
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466
Caddy manages the cert automatically, at least if it can. Is the cert expired? If so, that likely means that Caddy was unable to renew it. The reasons should be mentioned in its log file, which should be in /var/log/caddy/caddy.log.
 

Piereligio

Dabbler
Joined
Mar 9, 2021
Messages
13
Caddy manages the cert automatically, at least if it can. Is the cert expired? If so, that likely means that Caddy was unable to renew it. The reasons should be mentioned in its log file, which should be in /var/log/caddy/caddy.log.
Thanks for the feedback. I think the issue is that the domain I'm using might be banned or something (caddy reports issues with certificate issuers services, having trouble to reach the domain) from the main DNS servers. I'm having some issues on it since a month, and I'm using identical configuration to other jails I'm hosting with freenom. Very weird, so now I'll try to use another domain. Thanks

EDIT: yeah it was fault of the domain, changing it solved the issue
 
Last edited:
Top