{"level":"error","ts":1663338034.5880609,"logger":"tls.obtain","msg":"will retry","error":"[my.domain.ca] Obtain: [my.domain.ca] solving challenges: waiting for solver certmagic.solverWrapper to be ready: checking DNS propagation of _acme-challenge.my.domain.ca: NS my.my.cloudflare.com. returned SERVFAIL for _acme-challenge.my.domain.ca. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/68792424/4099082804) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":7.476983261,"max_duration":2592000}
Not getting errors when doing this. Everything appears valid.That's strange. What happens if you rundig @my.my.cloudflare.com txt _acme-challenge.my.domain.ca
? Other errors wouldn't surprise me, but SERVFAIL doesn't seem like it should be happening.
You could do that, or you could just install upgrades in the jail itself.1. So to update, since caddys files are all in the mount point, I can just rebuild another jail, after having renamed or deleted the only one.
I'm not quite sure what you're asking here. If you don't want Caddy to use HTTPS for a hostname, just specify port 80 for that host.2. Is it possible to just do reverse proxy internally without TLS (http to https redirect)?
I'm not aware of a mechanism Caddy has for this.3. How do I renew a cert manually to see if caddy is still able to do it after changing DNS rules? To confirm proper cert renewal.
If that app is using HTTPS, it will cause an error. You can configure Caddy to ignore that if you wish.4. Does it matter if the app it’s redirecting to has a self signed cert?
Cant seem to find docs to configure this...If that app is using HTTPS, it will cause an error. You can configure Caddy to ignore that if you wish.
See:Cant seem to find docs to configure this...
What does your config file look like?I'm definitely a novice here, sorry. I'm trying to install caddy to reverse proxy jellyfin to my domain. I get an error when trying to run the script ./caddy-jail.sh. Any help is appreciated!
JAIL_INTERFACES not set, defaulting to: vnet0:bridge0
caddy successfully created!
Stopped caddy due to VNET failure
Failed to create jail
JAIL_IP="192.168.1.2"What does your config file look like?
That's not going to work--your gateway needs to be on the same network as your jail.JAIL_IP="192.168.1.2"
DEFAULT_GW_IP="192.168.0.1"
And if it is then you forgot to add the /23 at the back of your IP. The script defaults to /24 if you don’t add that.That's not going to work--your gateway needs to be on the same network as your jail.
I'm pretty sure they are both on the same network, my home network. I only have one network as far as I know, my LAN. How can you tell if they're not on the same network?That's not going to work--your gateway needs to be on the same network as your jail.
I didn't forget, rather I didn't even know I was supposed to. I added /23 to the back of both the jail IP and the gateway IP and got the same error.And if it is then your forgot to add the /23 at the back of your IP. The script defaults to /24 if you don’t add that.
You really need to read up on IP subnetting, in which respect Google will be your friend. But in short, unless you've set things up in a very unusual way (and if you'd deliberately done so, you should already know all of this), 192.168.0.x is a separate network from 192.168.1.x--those are both Class C subnets, with 24-bit netmasks. If you're running devices on more than one network, you'd need something to route between those two. It's possible--but frankly bizarre, and technically invalid--to set yourself up with, say, a 23-bit subnet, but I can't think of any reason you'd want to do so; if you need more than ~200 devices on a single network, just use one of the Class B ranges in 172.16.0.0/12.How can you tell if they're not on the same network?
Though it's possible, isn't this an invalid configuration? 192.168.foo is a Class C range, which should have subnets of 8 bits or fewer. I'm not even sure the router would recognize it, though that might depend on the router @dfrey18 is using.And if it is then you forgot to add the /23 at the back of your IP.