Resource icon

Reverse Proxy using Caddy (with optional automatic TLS)

bermau

Dabbler
Joined
Jul 4, 2017
Messages
28
Built new jail caddy V2, with DNS cloudflare plugin.
Reworked my caddyfile, all apps are perfectly reachable.

@danb35 your guide is fantastic.

thanks all

BM
 
Joined
Jan 4, 2014
Messages
1,644
Updating Caddy

At the time of preparing this post, the current Caddy version is 2.2.1. To identify the official Caddy version, check https://github.com/caddyserver/caddy/releases. Follow the instructions below to keep your Caddy version current.

The instructions assume that you are using a terminal program such as PuTTY to access your caddy jail. Alternatively, though less desirable, you can use the main Shell in the FreeNAS/TrueNAS GUI. The instructions also assume that you don't just follow instructions blindly, but understand what the intent is behind each step.
  1. Enter the Caddy jail iocage console caddy
  2. Check the Caddy version caddy version. If it isn't, at least, the official version, continue.
  3. Exit the jail exit.
  4. Hopefully, you still have a copy of your caddy-config from the time you last built the Caddy V2 jail. Save a copy of it. If you can't find it, reconstruct it before proceeding to the next step. You can use the current jail characteristics to help you recreate it. It's a good idea to keep a copy of this file somewhere. It comes in handy each time you need to rebuild the Caddy jail.
  5. Destroy the Caddy jail iocage destroy caddy -f. Your Caddyfile resides outside the jail and won't be affected. (If you're paranoid, rename the jail instead of destroying it first, alter the renamed jail to use DHCP to avoid an IP conflict when for the rebuilt jail, and save a copy of your Caddyfile).
  6. Follow the instruction at https://github.com/danb35/freenas-iocage-caddy to download the installation script again and, together with the caddy-config from step 4, use it to rebuild the Caddy jail.
Repeat steps 1 and 2 to check your Caddy version. It should reflect the official downloadable Caddy version (see https://caddy.community/t/current-caddy-version/10287 if the version is +1 for the explanation).

The upgraded jail will continue to use your crafted Caddyfile. Confirm that your resources behind the Caddy reverse proxy are still accessible.
 
Last edited:

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
Be prepared to spend some time reworking your Caddyfile
So I just did this, this morning--I used my New and Improved™ Heimdall script (now with Caddy2 goodness!) to set up a new Heimdall jail, replacing my existing Caddy and Heimdall jails (which I had separate, as I'd set up Caddy before playing with Heimdall). And being a reckless sort, I just blew away the old jails (though I kept a copy of the old Caddyfile from the Caddy jail). Now the Caddy instance in the Heimdall jail is handling the reverse-proxy needs as well. Adding all that to the stock Caddyfile (for about a dozen apps, TLS, DNS validation with Cloudflare) took no more than about 15 minutes.
 

sshftp

Cadet
Joined
Apr 22, 2021
Messages
2
The caddy-jail script now seems to break at line 125 due to the new version of go, version 1.16. I don't know anything about go, so I wasn't able to get it to work with the new version. Instead, I ssh'd into the jail that the script created and installed an older version of go, version 1.15.11. After that, following the script starting from line 120 seems to work.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
The caddy-jail script now seems to break at line 125 due to the new version of go
Probably the same issue as this:

I'll see what I can come up with.

Edit: Yep, that was it. Fixed:
 
Last edited:

sshftp

Cadet
Joined
Apr 22, 2021
Messages
2
I somehow messed up my mount points, so I just deleted the jail and ran your updating script. It worked flawlessly this time, thanks!
 

xames

Patron
Joined
Jun 1, 2020
Messages
235
I have some php pages that does not work, how to implement php on this script¿ Thanks.
I try php_fastcgi 127.0.0.1:9000
but no good results
 
Last edited:

xames

Patron
Joined
Jun 1, 2020
Messages
235
How to implement multiple domains over one caddy server? i try with the documentation but don't work me.
 
Last edited:
Joined
Jan 4, 2014
Messages
1,644
please...
You haven't given forum members much to work with. I think you need to be explicit and explain exactly what you're trying to achieve, but please be aware of this Caddy README extract as well...

Though we'll try to help on that thread, once Caddy's up and running, the Caddy forum is likely to be a better resource for its configuration, particularly with applications whose reverse proxy settings prove to be difficult. Once you have something working, though, please post back in the iXSystems forum.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
As Basil says (and as the README he quoted says), the Caddy forum is really the place to asking questions about how to make Caddy do what you want it to do. But if you want to use PHP, you'll need to have it installed in the jail--the script doesn't do that.

Edit: But multiple domains are trivial in a Caddyfile:
Code:
domain1.com {
file_server
root * /usr/local/www/domain1/
}

domain2.com {
file_server
root * /usr/local/www/domain2/
php_fastcgi localhost:9000
}
...
 
Last edited:

xames

Patron
Joined
Jun 1, 2020
Messages
235
As Basil says (and as the README he quoted says), the Caddy forum is really the place to asking questions about how to make Caddy do what you want it to do. But if you want to use PHP, you'll need to have it installed in the jail--the script doesn't do that.

Edit: But multiple domains are trivial in a Caddyfile:
Code:
domain1.com {
file_server
root * /usr/local/www/domain1/
}

domain2.com {
file_server
root * /usr/local/www/domain2/
php_fastcgi localhost:9000
}
...

Fine works.
Now i have another problem, my 443 and 80 port is redirected to the nextcloud jail created with your script time ago, how to redirect visitors of port 80 and 443 throught nextcloud jail or the other two pages (another caddy jail) with domain1 and domain2 like you say.
 
Last edited:

xames

Patron
Joined
Jun 1, 2020
Messages
235
On he caddy pages the browser say me to accept this certificate and press to continue, how to avoid this like a normal page?

NET::ERR_CERT_AUTHORITY_INVALID
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
From the README:
1620046577409.png
 

xames

Patron
Joined
Jun 1, 2020
Messages
235
When I try to redirect my nextcloud instance inside this Caddy Server redirect to the other jail, is that good, or its something "stupid":

nextcloud.mydomain.com {
tls {
dns cloudflare pvuBLABLA...auG5I2zk68dwnoNg2utqOHlMaO4Me
}
reverse_proxy 192.168.1.96:80
}
 
Joined
Jan 4, 2014
Messages
1,644
@xames I'm finding it very difficult to follow your posts. With each post, the problems seem to morph into something else. I think it would be helpful if you provide a copy of your caddy-config and the Caddyfile for your Caddy reverse proxy, with any credentials redacted.

Now i have another problem, my 443 and 80 port is redirected to the nextcloud jail created with your script time ago, how to redirect visitors of port 80 and 443 throught nextcloud jail or the other two pages (another caddy jail) with domain1 and domain2 like you say.

What you should be doing is placing your Nextcloud jail behind your Caddy reverse proxy, not the other way around, but that's jumping too far ahead atm. I think you need to convince forum members that you have TLS working with your reverse proxy first.
 
Last edited:

xames

Patron
Joined
Jun 1, 2020
Messages
235
All two domains are working fine with tls api from cloudflare... And if i try to make inverse... Put the pages inside the danb35 nextcloud jail based on the script? Could work?
 
Top