Hello Self Hosters! I am new-ish… got Jellyfin working great with tailscale remote access! I love it! I keep getting deeper into this stuff and geeking out… really excited to add my next service: Self-Hosted Nextcloud.
Would someone kindly walk me through setting up reverse proxy to my stuff with Caddy? I really just want HTTPS support, as my media files are one thing, but hosting all my personal info/docs on NextCloud is quite another thing to potentially expose…I want to make sure I harden properly, and HTTPS is clearly a part of that, even if I’m running a tailscale VPN. I have done my best following the docs/tutorial so far, but I’ve hit the wall with this “start” page… Here’s what I’ve got:
- pointed my domain “A” DNS to my website as a sub-domain… so my address in caddyfile is “sub.mydomain.com”
- I’ve installed caddy directly on my unbuntu server, but I admin my Jellyfin (and eventually Nextcloud) with Docker via CasaOS interface… is this a problem? Do I need to run Caddy in docker too?
- I’ve followed the instructions on this start page and I still only get the startpage at “sub.mydomain.com”
- my tailnet server IP address is what I’m using for the reverse proxy… that’s correct, yes?
- So many things/guides just say “reverse-proxy --to …” but when I do that, I get an error saying port 80 is ‘already in use’ I have combed my configs & devices on my router…nothing is using port 80 that I can see. Ports 80 and 443 ARE forwarded/open, before you ask! -My next big step in this journey is piHole, so if this will interfere/interact with that in some important way, I appreciate the heads-up mightily!
Thank you in advance, I appreciate it!
My caddyfile is just
sub.mydomain.com {
}
lol … obviously I annonymized it for this copypaste, but you get the idea… I am probably missing some things.
It looks like Elvith Ma’for@feddit.org has you headed in the right direction, so I won’t muddle the waters.
I meant to include this in my earlier comment, but Caddy has a built in caddyfile validator:
caddy fmt --overwrite /etc/caddy/Caddyfile caddy validate --config /etc/caddy/CaddyfileComes in very handy.
ooh I broke it as I was trying things and this was solid gold… thank you stranger!
Anytime bro. Did you get it going?
If you like, I can send you an example of the Caddyfiles, that I’m using (I used the import directive to split every service into its own Caddyfiles, you could just copy and paste everything in the same file). It will take a few hours until I get home, though.
But basically you can just put every subdomain and it’s target in a separate block and the add some things globally (e.g. passing the original IP, switching off the admin API of Caddy,…)
Something like this should work:
admin off servers { client_ip_headers X-Forwarded-For X-Real-IP } app.example.com { reverse_proxy 127.0.0.1:8080 } app2.example.com { reverse_proxy 127.0.0.1:8081 } api.example.com { reverse_proxy 127.0.0.1:8082 header { Access-Control-Allow-Methods "GET, OPTIONS" Access-Control-Allow-Origin "*" } }