PeteGul 20 Posted March 4, 2023 Share Posted March 4, 2023 (edited) This is completely new for me. What is RP config? Here's is the test Edit: removed pictures, to much info Edited March 4, 2023 by pettergulbra Link to comment Share on other sites More sharing options...
pwhodges 1531 Posted March 4, 2023 Share Posted March 4, 2023 4 minutes ago, pettergulbra said: This is completely new for me. What is RP config? RP = Reverse Proxy Maybe show us your Caddyfile (which contains your reverse-proxy config)? Paul Link to comment Share on other sites More sharing options...
PeteGul 20 Posted March 4, 2023 Share Posted March 4, 2023 My caddyfile is like: { acme_ca https://acme.zerossl.com/v2/DV90 email mail@gmail.com } xxx.xdns.net reverse_proxy localhost:8096 Link to comment Share on other sites More sharing options...
pwhodges 1531 Posted March 4, 2023 Share Posted March 4, 2023 Hmm. That looks straightforward enough. At this stage I'd try to be looking at the Apple TV end, but I don't know anything about it, so have no suggestions where to look. Paul Link to comment Share on other sites More sharing options...
GrimReaper 3294 Posted March 4, 2023 Share Posted March 4, 2023 1 hour ago, pettergulbra said: This is completely new for me. What is RP config? Here's is the test You have a lot of private information publicly exposed there, edit your images. Link to comment Share on other sites More sharing options...
PeteGul 20 Posted March 4, 2023 Share Posted March 4, 2023 (edited) 49 minutes ago, GrimReaper said: You have a lot of private information publicly exposed there, edit your images. Deleted the pictures Thanks for the info pwhodges: I'll take a look at the Apple TV, but it works nice without RP. Edited March 4, 2023 by pettergulbra Link to comment Share on other sites More sharing options...
atropa 8 Posted March 9, 2023 Share Posted March 9, 2023 (edited) Hey I've read a few things now. But there's one thing I don't quite understand. With Let's Encrypt it is necessary to create a txt.record in the domain. Is that no longer necessary with caddy? regards Edited March 9, 2023 by atropa Link to comment Share on other sites More sharing options...
rbjtech 4265 Posted March 9, 2023 Share Posted March 9, 2023 2 minutes ago, atropa said: Hey I've read a few things now. But there's one thing I don't quite understand. With Let's Encrypt it is necessary to create a txt.record in the domain. Is that no longer necessary with caddy? regards I suspect caddy is using it's own web services (maybe via certbot?) to be the approver for any domain ownership challenges required for the TLS certificate creation ? An alternative way to proove domain ownership before was to use .txt DNS records - but these are probably no longer required. 1 1 Link to comment Share on other sites More sharing options...
atropa 8 Posted March 9, 2023 Share Posted March 9, 2023 29 minutes ago, rbjtech said: I suspect caddy is using it's own web services (maybe via certbot?) to be the approver for any domain ownership challenges required for the TLS certificate creation ? An alternative way to proove domain ownership before was to use .txt DNS records - but these are probably no longer required. Thank you for the explanation. Then I'll test it 1 Link to comment Share on other sites More sharing options...
pwhodges 1531 Posted March 9, 2023 Share Posted March 9, 2023 Caddy simply negotiates with LetsEncrypt - this negotiation requires either port 80 and port 443 to be open to LetsEncrypt. For situations where that is not possible, or when a wildcard certificate is required, Caddy has plugins for the main registrars which use their apis and a key which the user has requested to contact them for the contents of a special TXT record. The methods are described in more detail here: https://caddyserver.com/docs/automatic-https#dns-challenge Paul 2 Link to comment Share on other sites More sharing options...
cptlores 23 Posted March 10, 2023 Share Posted March 10, 2023 (edited) Some time ago I migrated from Caddy over to Nginx-Proxy-Manager (NPM). Does the same job, but is much simpler with a nice UI to manage everything. You will need a linux computer with Docker to run NPM, but if you do then I highly recommend taking a look. Another alternative with a proper UI that is popular is Traefik Proxy. Edited March 10, 2023 by cptlores Link to comment Share on other sites More sharing options...
pwhodges 1531 Posted March 10, 2023 Share Posted March 10, 2023 2 hours ago, cptlores said: but is much simpler with a nice UI to manage everything. Sure, Caddy has no UI (nor do you need to create a login to use it, run docker etc). But the minimum usable Caddy configuration file for a secure reverse proxy contains just two lines - the text file required to initially set up NPM is more than that. I'm sure NPM is perfect for some people; but it can't sensibly be described as much simpler than Caddy! Paul 1 1 Link to comment Share on other sites More sharing options...
atropa 8 Posted March 13, 2023 Share Posted March 13, 2023 (edited) So. Now I've tested caddy and it works great. Now I have a working alternative if i get banned from cloudflare. Thanks for that However, I always get 2 errors displayed in the console. Should this concern me or can it be ignored? 2023/03/13 17:34:01.325 ←[31mERROR←[0m http.handlers.reverse_proxy aborting with incomplete response {"error": "http2: stream closed"} 2023/03/13 17:34:01.868 ←[31mERROR←[0m http.handlers.reverse_proxy aborting with incomplete response {"error": "context canceled"} regards Edited March 13, 2023 by atropa Link to comment Share on other sites More sharing options...
iPhoneMaxPro 10 Posted April 1, 2023 Share Posted April 1, 2023 (edited) Hello thanks for sharing this amazing information, I tried to configure everything and I would like to ask if it is possible to change the default ports of caddy (443-80) because I already have a server on those ports active Edited April 1, 2023 by iPhoneMaxPro Link to comment Share on other sites More sharing options...
seanbuff 840 Posted April 1, 2023 Share Posted April 1, 2023 51 minutes ago, iPhoneMaxPro said: I would like to ask if it is possible to change the default ports of caddy (443-80) because I already have a server on those ports active You should be able to change Caddy's listening ports by adding this to your Caddyfile: { http_port 880 https_port 4443 } Be sure to then update/add your routers port forwarding to these new ports, eg: External Port 443 > Internal Port 4443 and your Caddy's IP Address 1 Link to comment Share on other sites More sharing options...
pwhodges 1531 Posted April 1, 2023 Share Posted April 1, 2023 You will also need to configure the automatic SSL, as the default operation assumes the default posts. Paul 1 Link to comment Share on other sites More sharing options...
iPhoneMaxPro 10 Posted April 1, 2023 Share Posted April 1, 2023 (edited) Thanks a lot for the answer so: { http_port 8050 https_port 8005 } { email mymail@gmail.com } media.mydomain.com { reverse_proxy 192.168.1.2:8050 } emby settings: emby local http 8050 embylocal https 8005 emby remote http 8050 remote emby https 8005 with the reverse proxy no one will ever see my ip address and therefore I'm 100% anonymous right? on google domain I edit only "default nameservers" 1. Manage custom name servers 2.Create a new entry and in the host name I leave blank, type "A" ttl "3600" and then I enter my public ip. 3. Add a new entry and write "media" type "cname" ttl "3600" and then enter mydomain.com Are the steps right? because there is something wrong for me, i opened tpc/udp ports in my modem 8050 and 8005 do I have to set a "AAAA" type as well or is it not necessary? thank you in advance for the answer Edited April 1, 2023 by iPhoneMaxPro Link to comment Share on other sites More sharing options...
iPhoneMaxPro 10 Posted April 1, 2023 Share Posted April 1, 2023 15 minutes ago, pwhodges said: Sarà inoltre necessario configurare l'SSL automatico, poiché l'operazione predefinita presuppone i post predefiniti. Paolo could you explain me better? Do I have to do any special steps? Link to comment Share on other sites More sharing options...
iPhoneMaxPro 10 Posted April 1, 2023 Share Posted April 1, 2023 27 minutes ago, seanbuff said: these are exactly the steps I have performed but without success, I have a doubt if I will be able to use port 8005 instead of 443 should I enter my domain + 8005 or will it be enough to enter my domain? Link to comment Share on other sites More sharing options...
iPhoneMaxPro 10 Posted April 1, 2023 Share Posted April 1, 2023 (edited) { http_port 8050 https_port 8005 } { email mymail@gmail.com } media.mydomain.com { reverse_proxy 192.168.1.2:8050 } with this setting I get this error INFO using adjacent Caddyfile Error: adapting config using caddyfile: server block without any key is global configuration, and if used, it must be first Edited April 1, 2023 by iPhoneMaxPro Link to comment Share on other sites More sharing options...
pwhodges 1531 Posted April 1, 2023 Share Posted April 1, 2023 1 hour ago, iPhoneMaxPro said: with the reverse proxy no one will ever see my ip address and therefore I'm 100% anonymous right? No. The reverse proxy is what answers on your address. If you want anonymity, then you need to be looking at VPNs, for instance. 1 hour ago, iPhoneMaxPro said: could you explain me better? Do I have to do any special steps? I haven't done this myself, so to answer fully I'd have to read the Caddy documentation for you - but it would be easier for you to do that yourself, I guess. Look at "DNS challenge" on this page (the other challenges still require the standard ports): https://caddyserver.com/docs/automatic-https#acme-challenges There are also helpful discussions in the Caddy forums. Paul Link to comment Share on other sites More sharing options...
justinrh 174 Posted April 1, 2023 Share Posted April 1, 2023 11 hours ago, iPhoneMaxPro said: Error: adapting config using caddyfile: server block without any key is global configuration, and if used, it must be first I think this is referring to the e-mail address being in its own block and not in the first block. Move the e-mail address to be above " http_port 8050". I don't know if "http_port*" can be in the global block. The global block should be the first block. BTW, you can rid the "http_port*" and use this syntax for the hostname, e.g.: media.mydomain.com:<listening port #> { ... } Do whichever suits your fancy, of course. Link to comment Share on other sites More sharing options...
iPhoneMaxPro 10 Posted April 2, 2023 Share Posted April 2, 2023 ok thanks, so this structure can fit? { email mymail@gmail.com } media.mydomain.com:8050 { reverse_proxy 192.168.1.2:8050 } I get error like this if I give command caddy fmt Error: Caddyfile:2: Caddyfile input is not formatted + this error with I run caddy run http.acme_client challenge failed {"identifier": "media.mydomain.com "challenge_type": "http-01" , "problem": {"type": "urn:ietf:params: acme:error: dns" DNS problem: NXDOMAIN looking up A for media.mydomain. com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for media.mydomain.com - che ck that a uns record exists for this domainn" "instance": "subproblems": [1}} 2023/04/01 23:51:40.870 ERROR nttD.acme cllent validating authorization{"identifier": "media. mydomain.com" "problem": {"type": "urn:ietf:params:acme:error:dns" puzzle: ANKDUMAUN PLOOKINGPUDA for media.mydomain.com - heck LeXISTSTOr unisconain DIN S DrODLeD NXDOMAIN looking up AAAA for media.mydomain.com "title": "detail": "DNS p check that a DNS record exists for this domain", instance" subproblems": l, "order": "https://acme-v02.api.letsencrypt.org/acme/order /here maybe there is a private number" "attempt": 1, "max_attempts": 3} 2023/04/01 23:51:48.263 INFO trying to solve challenge "media.mydomain.com", "challenge_type": "ca": g/directory"} nttp.acme_client {"identifier": "tls-alpn-01" "https://acme-v02.api.letsencrypt.or Link to comment Share on other sites More sharing options...
pwhodges 1531 Posted April 2, 2023 Share Posted April 2, 2023 (edited) 33 minutes ago, iPhoneMaxPro said: Error: Caddyfile:2: Caddyfile input is not formatted This is not an actual error - just a pointless warning which some people on the Caddy forum are irritated by. It is mainly triggered by using a mix of tabs and spaces, I think. Given the errors saying it can't find any DNS records, have you actually set up your DNS? Paul Edited April 2, 2023 by pwhodges Link to comment Share on other sites More sharing options...
iPhoneMaxPro 10 Posted April 2, 2023 Share Posted April 2, 2023 1 hour ago, pwhodges said: This is not an actual error - just a pointless warning which some people on the Caddy forum are irritated by. It is mainly triggered by using a mix of tabs and spaces, I think. Given the errors saying it can't find any DNS records, have you actually set up your DNS? Paul these are my settings i have never bought a domain at this point i think i have done something wrong, i hope you understand from the pictures, let me know thank you very much Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now