Reverse Proxy using Caddy (with optional automatic TLS)

[danb35]

http://192.168.0.200:8989 | Loads Sonarr Web UI (But now redirects to http://192.168.0.200:8989/sonarr)
http://192.168.0.200:8989/sonarr | Loads Sonarr Web UI (Works as it should - default setup)
http://192.168.0.200/sonarr | Redirects to TrueNAS Web UI

All of this is as expected.

http://192.168.0.199/sonarr | Blank white page

This isn't. Is there anything in the page or tab heading (i.e., where the page name would normally appear), or is it completely blank?

 

[Electr0]

This isn't. Is there anything in the page or tab heading (i.e., where the page name would normally appear), or is it completely blank?

Just the address that I'm trying to navigate too.

I tried giving my Sonarr jail a static external IP and updating the Caddyfile with it, but even that didn't work.

 

[slowmail]

I'm just starting out with TrueNAS, and would like to use caddy to access the web interface for some of my jails (rslsync, transmission) with https.
I can't seem to get it to work, and might be having similar issue as the last poster (Electr0) - did this ever get resolved?

192.168.250.1 - TrueNAS
192.168.250.10 - caddy
192.168.250.11:8888 - rslsync
192.168.250.12:9091 - transmission

Immediately after installing, 192.168.250.10:2020 displayed "Hello, World!" correctly.

I updated Caddyfile with the following, and "service caddy restart".

Code:

*:80 {
        root * /usr/local/www/html
        file_server
        reverse_proxy /rslsync* 192.168.250.11:8888
        reverse_proxy /transmission* 192.168.250.12:9091
}

http://192.168.250.10/test.txt displays a blank screen (Firefox/Chome)
http://192.168.250.10/rslsync displays a blank screen (Firefox/Chrome)
http://192.168.250.10/transmission displays a blank screen, but the URL changes to http://192.168.250.10/transmission/web/ (Firefox/Chrome)

However, if I change Caddyfile, and remove the * at the very beginning:

Code:

:80 {
        root * /usr/local/www/html
        file_server
        reverse_proxy /rslsync* 192.168.1.11:8888
        reverse_proxy /transmission* 192.168.1.12:9091
}

http://192.168.250.10/test.txt displays the file at /usr/local/www/html/test.txt
http://192.168.250.10/rslsync displays "invalid request" (Firefox/Chrome)
http://192.168.250.10/transmission displays a blank page (Firefox)
http://192.168.250.10/transmission returns a 404 error (Chrome) This 192.168.1.10 page can’t be found. No webpage was found for the web address: http://192.168.1.10/transmission/web/ HTTP ERROR 404

Any idea what I might be doing wrong?
Thanks.

 

[Electr0]

(Electr0) - did this ever get resolved?

Unfortunately, it did not.

 

[Basil Hendroff]

@Electr0 Your problems seem to start in post #246. I've just installed Caddy on a test system via the script without any issue. I've also been able to replicate @danb35's result in post #258 again without issue.

Please supply the caddy-config that you used with the script.

Did you install sonarr via the plugin? Please confirm your TN server address and your sonarr admin portal address.

@slowmail I've also had no problem proxying to my transmission service. You need to use the subdomain method with rslsync as it does not lend itself to the subfolder method, however, let's sort out your transmission issue first.

@slowmail @Electr0 My test Caddy service is in a jail with IP 10.1.1.99. My Caddyfile has the following contents

Code:

:80 {
    reverse_proxy /sonarr* 10.1.1.14:8989
    reverse_proxy /transmission* 10.1.1.28:9091
}

From a browser entering 10.1.1.99/sonarr or 10.1.1.99/transmission directs me to the relevant service.

 

[slowmail]

My caddy-config:

Code:

JAIL_IP="192.168.250.10"
DEFAULT_GW_IP="192.168.250.100"
POOL_PATH="/mnt/tank"
DNS_PLUGIN=cloudflare

(should it be "cloudflare" (with quotes) instead?)

I updated Caddyfile with the following (based on your post), and restarted Caddy:

Code:

:80 {
    reverse_proxy /rslsync* 192.168.250.11:8888
    reverse_proxy /transmission* 192.168.1.12:9091
}

---

192.168.250.10/rslsync return "invalid request"

"curl -ILX GET 192.168.250.11:8888" from caddy-jail returns the following:

Code:

HTTP/1.1 301 Moved Permanently
Connection: close
Location: /gui/

HTTP/1.1 401 Unauthorized
Connection: close
Content-Length: 0
Content-Type: text/html
WWW-Authenticate: Basic real

---

192.168.250.10/transmission returns "409: Conflict"

Show : (full message)

Your request had an invalid session-id header.

To fix this, follow these steps:

When reading a response, get its X-Transmission-Session-Id header and remember it
Add the updated header to your outgoing requests
When you get this 409 error message, resend your request with the updated header

This requirement has been added to help prevent CSRF attacks.

X-Transmission-Session-Id: 8K3Y4WMLiG8KS2IQesXvvXiFRrE9pRuJS8OiCCOJ6UOCaovs

"curl -ILX GET 192.168.250.12:9091" from caddy-jail returns the following:

Code:

HTTP/1.1 301 Moved Permanently
Server: Transmission
Location: /transmission/web/
Date: Wed, 17 Nov 2021 15:23:37 GMT
Content-Length: 31
Content-Type: text/html; charset=ISO-8859-1

HTTP/1.1 200 OK
Server: Transmission
Content-Type: text/html
Date: Wed, 17 Nov 2021 15:23

---

 

[Basil Hendroff]

@slowmail Curious... If I do the same for Transmission, I see the following (which is expected behaviour in my case):

Code:

root@caddy:~ # curl -ILX GET 10.1.1.28:9091
HTTP/1.1 401 Unauthorized
Server: Transmission
WWW-Authenticate: Basic realm="Transmission"
Date: Thu, 18 Nov 2021 19:02:43 GMT
Content-Length: 82
Content-Type: text/html; charset=ISO-8859-1

Out of interest, what version of Transmission are you running?

Try the following curl -ILX GET 192.168.250.12:9091/transmission/web/

 

[Basil Hendroff]

If you're using DNS-O-Matic as a Dynamic DNS provider, please note that it has been offline for several days now https://support.opendns.com/hc/en-us/community/posts/4412306764436-bad-auth

 

[Electr0]

@Basil Hendroff

I now seem to have solved my issue.

However, if I change Caddyfile, and remove the * at the very beginning:

Code:

:80 {
        root * /usr/local/www/html
        file_server
        reverse_proxy /rslsync* 192.168.1.11:8888
        reverse_proxy /transmission* 192.168.1.12:9091
}

I just did this ^^ (removed the * before the :80) and now everything is working as intended.

 

[GardG]

Is it possible to use the current version of this resource with lego-deprecated DNS validation? I'd like to use the DNS validation with a DNS provide that's only supported by the deprecated plugin, but I can't seem to get the necessary environment variables set. I tried to use rc.conf as described in post #78, but I still get the "some credentials information are missing" error.

 

[danb35]

You can compile it with that plugin easily enough, but I'm afraid you're on your own to use it--I don't have any experience there.

 

[GardG]

Got it! I had one heck of a time trying to figure out how to set the environment variables properly.

In /usr/local/etc/rc.d/caddy I added this above the #Defaults line:

Code:

DOMENESHOP_API_TOKEN=x
export DOMENESHOP_API_TOKEN
DOMENESHOP_API_SECRET=x
export DOMENESHOP_API_SECRET

and it works perfectly. I have a feeling this isn't best practice, it feels a bit hacky, so I'm open to other suggestions. Maybe this could be implemented via some config file or install script, but I'm not sure if that's worth it for a deprecated plugin.

 

[wootness]

To upgrade from v22 to v23, do I need to delete the jail and reinstall using the updated script?

 

[danb35]

I suppose you're asking about Nextcloud, but this really isn't the thread for that. But no, you should be able to update it using the built-in updater.

 

[wootness]

I suppose you're asking about Nextcloud, but this really isn't the thread for that. But no, you should be able to update it using the built-in updater.

oops! I got the threads mixed up. Will repost on the Nextcloud thread since I wasn't able to rerun the script over the existing install.

 

[NasKar]

My reverse proxy stopped working. Don't know what the issue is. iPhone on cellular Safari say to many redirects. Works fine on my local network with the lock symbol.
Setup:
TrueNAS 12.0-U8
iocage jail caddy 192.168.5.83 (reverse proxy with this script)
iocage jail cloud 192.168.5.81(nextcloud)
iocage jail wordpress 192.168.5.235
VM collabora 192.168.5.89
Namecheap for mydomain has the cloudflare DNS
Cloudflare DNS settings unchanged since RP was working. Red is WAN IP and Grey box is mydomain.

When on an outside computer to my network and I ping cloud.mydomain.com I get request time out but my WAN IP shows up.
I reinstalled the RP jail (probably shouldn't have done that) but not love. Hope someone can point me in the right direction. Thanks


Caddy file with my domain replaced with 'mydomain'

Code:

{
    #  acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
    email mydomain@gmail.com
}

mydomain.com {
    root * /usr/local/www/html/
    file_server
    #    header {
    #        enable HSTS
    #        Strict-Transport-Security max-age=31536000;
    #    }
}
cloud.mydomain.com {
    encode gzip
    reverse_proxy http://192.168.5.81
    header {
        enable HSTS
        Strict-Transport-Security max-age=31536000;
    }
}

collabora.mydomain.com {
    encode gzip

    @collabora {
        path /loleaflet/* # Loleaflet is the client part of LibreOffice Online
        path /hosting/discovery # WOPI discovery URL
        path /hosting/capabilities # Show capabilities as json
        path /lool/* # Main websocket, uploads/downloads, presentations
    }
    reverse_proxy @collabora http://192.168.5.89:9980
}

blog.mydomain.com {
    encode gzip
    reverse_proxy http://192.168.5.235
    #  header {
    #     enable HSTS
    #     Strict-Transport-Security max-age=31536000;
    #        }
}

Caddy log file:

Code:

Successfully started Caddy (pid=20635) - Caddy is running in the background
{"level":"info","ts":1644290911.7542896,"logger":"tls.obtain","msg":"acquiring lock","identifier":"mydomain.com"}
{"level":"info","ts":1644290911.7543125,"logger":"tls.obtain","msg":"acquiring lock","identifier":"blog.mydomain.com"}
{"level":"info","ts":1644290911.7544155,"logger":"tls.obtain","msg":"acquiring lock","identifier":"collabora.mydomain.com"}
{"level":"info","ts":1644290911.7545595,"logger":"tls.obtain","msg":"acquiring lock","identifier":"cloud.mydomain.com"}
{"level":"info","ts":1644290911.7793787,"logger":"tls.obtain","msg":"lock acquired","identifier":"mydomain.com"}
{"level":"info","ts":1644290911.779415,"logger":"tls.obtain","msg":"lock acquired","identifier":"collabora.mydomain.com"}
{"level":"info","ts":1644290911.7794201,"logger":"tls.obtain","msg":"lock acquired","identifier":"blog.mydomain.com"}
{"level":"info","ts":1644290911.779363,"logger":"tls.obtain","msg":"lock acquired","identifier":"cloud.mydomain.com"}
{"level":"info","ts":1644290913.559896,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["mydomain.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mydomain@gmail.com"}
{"level":"info","ts":1644290913.559938,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["mydomain.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mydomain@gmail.com"}
{"level":"info","ts":1644290913.653107,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["cloud.mydomain.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mydomain@gmail.com"}
{"level":"info","ts":1644290913.6531372,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["cloud.mydomain.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mydomain@gmail.com"}
{"level":"info","ts":1644290913.6581154,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["blog.mydomain.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mydomain@gmail.com"}
{"level":"info","ts":1644290913.6581502,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["blog.mydomain.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mydomain@gmail.com"}
{"level":"info","ts":1644290913.6740546,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["collabora.mydomain.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mydomain@gmail.com"}
{"level":"info","ts":1644290913.6740746,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["collabora.mydomain.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"mydomain@gmail.com"}
{"level":"info","ts":1644290913.8053393,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"cloud.mydomain.com","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1644290913.8191323,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"blog.mydomain.com","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1644290913.9595878,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"mydomain.com","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1644290913.9773815,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"blog.mydomain.com","challenge":"http-01","remote":"18.116.86.117:58232","distributed":false}
{"level":"info","ts":1644290914.096823,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"cloud.mydomain.com","challenge":"http-01","remote":"162.158.107.66:48738","distributed":false}
{"level":"info","ts":1644290914.0999036,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"blog.mydomain.com","challenge":"http-01","remote":"66.133.109.36:37968","distributed":false}
{"level":"info","ts":1644290914.100303,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"cloud.mydomain.com","challenge":"http-01","remote":"172.70.135.148:22956","distributed":false}
{"level":"info","ts":1644290914.1096852,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"collabora.mydomain.com","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1644290914.1893458,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"blog.mydomain.com","challenge":"http-01","remote":"52.39.4.59:21120","distributed":false}
{"level":"info","ts":1644290914.2594244,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"cloud.mydomain.com","challenge":"http-01","remote":"172.69.33.29:44662","distributed":false}
{"level":"info","ts":1644290914.2790313,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"collabora.mydomain.com","challenge":"http-01","remote":"3.19.56.43:42630","distributed":false}
{"level":"info","ts":1644290914.334119,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"mydomain.com","challenge":"http-01","remote":"172.70.175.162:50202","distributed":false}
{"level":"info","ts":1644290914.340886,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"collabora.mydomain.com","challenge":"http-01","remote":"34.221.255.206:20486","distributed":false}
{"level":"info","ts":1644290914.3710446,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"collabora.mydomain.com","challenge":"http-01","remote":"64.78.149.164:48038","distributed":false}
{"level":"info","ts":1644290914.456692,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"mydomain.com","challenge":"http-01","remote":"162.158.107.62:52700","distributed":false}
{"level":"info","ts":1644290914.5330048,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"mydomain.com","challenge":"http-01","remote":"172.68.133.159:63660","distributed":false}
{"level":"info","ts":1644290924.1743982,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-v02.api.letsencrypt.org/acme/order/399302330/62148868340"}
{"level":"info","ts":1644290924.4933386,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-v02.api.letsencrypt.org/acme/order/399302340/62148868740"}
{"level":"info","ts":1644290924.5354552,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":2,"first_url":"https://acme-v02.api.letsencrypt.org/acme/cert/037d667e966f2f29b6a53dfa3ece2a31ef54"}
{"level":"info","ts":1644290924.5360005,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"blog.mydomain.com"}
{"level":"info","ts":1644290924.536028,"logger":"tls.obtain","msg":"releasing lock","identifier":"blog.mydomain.com"}
{"level":"info","ts":1644290925.3918548,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":2,"first_url":"https://acme-v02.api.letsencrypt.org/acme/cert/04fa8d6bc76683372d8099eacfc977dece39"}
{"level":"info","ts":1644290925.3922832,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"collabora.mydomain.com"}
{"level":"info","ts":1644290925.3922982,"logger":"tls.obtain","msg":"releasing lock","identifier":"collabora.mydomain.com"}
{"level":"info","ts":1644290945.2409728,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-v02.api.letsencrypt.org/acme/order/399302320/62148868300"}
{"level":"info","ts":1644290945.6721592,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":2,"first_url":"https://acme-v02.api.letsencrypt.org/acme/cert/0345017c19775b6b1c780aa1b261af74743a"}
{"level":"info","ts":1644290945.6726627,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"cloud.mydomain.com"}
{"level":"info","ts":1644290945.6726854,"logger":"tls.obtain","msg":"releasing lock","identifier":"cloud.mydomain.com"}
{"level":"info","ts":1644290945.7207837,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-v02.api.letsencrypt.org/acme/order/399302300/62148868500"}
{"level":"info","ts":1644290946.7189362,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":2,"first_url":"https://acme-v02.api.letsencrypt.org/acme/cert/042438bc15eb88339652ec71917386fca8b7"}
{"level":"info","ts":1644290946.7194,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"mydomain.com"}
{"level":"info","ts":1644290946.719416,"logger":"tls.obtain","msg":"releasing lock","identifier":"mydomain.com"}
{"level":"error","ts":1644291000.6028864,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:35343","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000352543,"status":502,"err_id":"faab7p6s9","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644291345.1188214,"logger":"http.log.error","msg":"dial tcp 192.168.5.235:80: connect: host is down","request":{"remote_addr":"179.43.169.181:36798","proto":"HTTP/1.1","method":"GET","host":"blog.mydomain.com","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (X11; Linux i686; rv:10.0) Gecko/20100101 Firefox/10.0"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"blog.mydomain.com"}},"duration":0.000193839,"status":502,"err_id":"ztvnsjb82","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644293701.3352559,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:12199","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000292047,"status":502,"err_id":"ctg1dsu75","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644297302.7280982,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:45168","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000276894,"status":502,"err_id":"f2xm8n7dc","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644300967.8932493,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:13611","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000290233,"status":502,"err_id":"mqzdfq3yk","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644304805.545611,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:25620","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000352353,"status":502,"err_id":"m1445k5wn","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644308463.0640624,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:56108","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000336183,"status":502,"err_id":"6senirskq","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644312187.269289,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:61461","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"Accept-Encoding":["gzip"],"User-Agent":["Nextcloud Server Crawler"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000305639,"status":502,"err_id":"8r3bx09nw","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644315967.4748206,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:34126","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000310226,"status":502,"err_id":"ij42jk3vj","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644319807.1472886,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:36714","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000294623,"status":502,"err_id":"41utsu6ts","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644324000.540893,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:59734","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000320987,"status":502,"err_id":"yis5d45gq","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644327609.0064871,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:38851","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000306755,"status":502,"err_id":"d5gybx2fx","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644331210.5091243,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:16631","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000288444,"status":502,"err_id":"vuh40z76f","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644335108.2680013,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:34432","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000285144,"status":502,"err_id":"n4nen86m7","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644336550.4521816,"logger":"http.log.error","msg":"dial tcp 192.168.5.235:80: i/o timeout","request":{"remote_addr":"65.154.226.165:34025","proto":"HTTP/2.0","method":"GET","host":"blog.mydomain.com","uri":"/","headers":{"Cache-Control":["no-cache"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.71 Safari/537.36"],"Accept-Language":["en-US,en;q=0.9"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"],"Sec-Fetch-Site":["none"],"Accept-Encoding":["gzip, deflate, br"],"Pragma":["no-cache"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"blog.mydomain.com"}},"duration":10.001626277,"status":502,"err_id":"2ed9y33cj","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644339008.5841138,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:11235","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000321922,"status":502,"err_id":"jwyi76bhy","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644342908.3482137,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:45264","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000291046,"status":502,"err_id":"ekccay1mm","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644346807.4476967,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:10056","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000301947,"status":502,"err_id":"sksta2utx","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644350700.633382,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:33415","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000296286,"status":502,"err_id":"u9pnw6up6","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644354581.0438936,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:10115","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000297453,"status":502,"err_id":"r4x66xcy7","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"error","ts":1644358500.5465176,"logger":"http.log.error","msg":"dial tcp 192.168.5.89:9980: connect: connection refused","request":{"remote_addr":"192.168.5.81:58287","proto":"HTTP/1.1","method":"GET","host":"collabora.mydomain.com","uri":"/hosting/capabilities","headers":{"User-Agent":["Nextcloud Server Crawler"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"collabora.mydomain.com"}},"duration":0.000324694,"status":502,"err_id":"2q6rmzwkg","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
{"level":"info","ts":1644361297.092793,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:59040","headers":{"Accept-Encoding":["gzip"],"Content-Length":["1625"],"Content-Type":["application/json"],"Origin":["localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
{"level":"info","ts":1644361297.0930536,"logger":"admin.api","msg":"config is unchanged"}
{"level":"info","ts":1644361297.0930731,"logger":"admin.api","msg":"load complete"}
{"level":"info","ts":1644361722.7412798,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:44307","headers":{"Accept-Encoding":["gzip"],"Content-Length":["1514"],"Content-Type":["application/json"],"Origin":["localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
{"level":"info","ts":1644361722.741944,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1644361722.7421067,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0001b68c0"}
{"level":"info","ts":1644361722.7421486,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1644361722.7421854,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1644361722.7426903,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["collabora.mydomain.com","cloud.mydomain.com","blog.mydomain.com","mydomain.com"]}
{"level":"info","ts":1644361722.7427182,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/db/caddy/data/caddy"}
{"level":"info","ts":1644361722.8810925,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1644361722.9932683,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc000246d90"}
{"level":"info","ts":1644361722.9934256,"msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}
{"level":"info","ts":1644361722.9934406,"logger":"admin.api","msg":"load complete"}
{"level":"info","ts":1644361723.0188112,"logger":"admin","msg":"stopped previous server","address":"tcp/localhost:2019"}

 

[NasKar]

It's working today. Sounds like something had to propagate thru the internet. Just happy it's working.

 

[GJSchaller]

Good evening! After getting advice elsewhere on this forum, I followed the documentation to GitHub, then to this forum thread.

I've followed the process, cloned the repository to a local folder on my TrueNAS, modified caddy-config, and run the script. When I do, I get the following output / failure - what am I missing, or how can I correct this?

go: downloading golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c
go: downloading google.golang.org/appengine v1.6.7
go: downloading go.opencensus.io v0.23.0
go: downloading github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
2022/04/24 20:40:14 [INFO] exec (timeout=0s): /usr/local/bin/go build -o /usr/local/bin/caddy -ldflags -w -s -trimpath
# github.com/lucas-clemente/quic-go/internal/qtls
/root/go/pkg/mod/github.com/lucas-clemente/quic-go@v0.23.0/internal/qtls/go118.go:5:13: cannot use "quic-go doesn't build on Go 1.18 yet." (untyped string constant) as int value in variable declaration
2022/04/24 20:41:08 [INFO] Cleaning up temporary folder: /tmp/buildenv_2022-04-24-2039.297169161
2022/04/24 20:41:08 [FATAL] exit status 2
Command: xcaddy build --output /usr/local/bin/caddy failed!
Failed to build Caddy without plugin, terminating.
root@truenas[/mnt/data/temp/caddy]#

 

[danb35]

Bother. There's an incompatibility that will be resolved when Caddy 2.5.0 is released, but until then it's a problem. As a workaround, edit line 86 of the script as follows:

Code:

cat <<__EOF__ >/tmp/pkg.json
    {
  "pkgs":[
  "nano","bash","go","git","caddy"
  ]
}

...and then comment out lines 133-137:

Code:

#  if ! iocage exec "${JAIL_NAME}" xcaddy build --output /usr/local/bin/caddy
#  then
#    echo "Failed to build Caddy without plugin, terminating."
#    exit 1
#  fi 

 

[GJSchaller]

Thank you, that worked!