Installing SSL + HTTPS using a reverse proxy like caddy on Android

[pwhodges 2012]

Is that the whole Caddyfile?

Paul

[pwhodges 2012]

Actually, checking Caddy's documentation, my suggestion was in fact wrong (I only used that format in Caddy v1, and it behaves differently now).  Use Q-Droid's solution by adding:

{
   http_port  8080
   https_port 8443
)

as a separate block at the start of the Caddyfile.

Paul

[ziomario 5]

Like this ?

 

ziomario.ns0.it {
               http_port 8080
               https_port 8443
               encode
               reverse_proxy 192.168.1.6:8096
}

 

Edited August 16, 2024 by ziomario

[ziomario 5]

it's not good. Error is : unrecognized directive : http_port

[Q-Droid 989]

Global options are a separate block so it would be like this:

# global options
{
    http_port 8080
    https_port 8443
}
# reverse proxy for ziomario
ziomario.ns0.it {
               encode
               reverse_proxy 192.168.1.6:8096
}
 

[ziomario 5]

Running the script without sudo still does not work. Errors is :

ERROR : tls.obtain will retry error ziomario.ns0.it solving challenge authorization failed HTTP 400 urn:iert.params acme error connection: connection refused.

Ports opened on the router are :

 

Caddy-HTTPS
PC192.168.1.6
TCP/UDP
8443

Caddy-HTTP
PC192.168.1.6
TCP/UDP
8080

Emby-Android
PC192.168.1.6
TCP/UDP
8096

Emby-Android
PC192.168.1.6
TCP/UDP
8920

HTTP
PC192.168.1.6
TCP/UDP
80

HTTPS
PC192.168.1.6
TCP/UDP
443

 

Using sudo in the script,instead,to connect to the Emby server I should use port 8443 :

 

https://ziomario.ns0.it:8443

 

While before,I didn't have to write the port. It was cleaner to open the website like this :

 

https://ziomario.ns0.it

Edited August 16, 2024 by ziomario

[pwhodges 2012]

In the router, open ports 80 & 443 (and no others), forwarding them to PC192.168.1.6, ports 8080 & 8443.  This will be accessed without specifying a port - just https: .

In Caddy, reverse proxy using the http port set in Emby (8096), specifying http (reverse_proxy http://192.168.1.6:8096).  The https port isn't used, as Emby is not doing https (Caddy is), and the Emby security setting should say "handled by reverse proxy".

Why have you got encode in your Caddyfile?  I don't think it will be useful.

Paul

Edited August 16, 2024 by pwhodges

[ziomario 5]

---> In the router, open ports 80 & 443 (and no others), forwarding them to PC192.168.1.6, ports 8080 & 8443.

what this mean ? I can't do what you suggest. For me open ports means forward them. To open and to forward are the same action.

Check the attached image.

 

Edited August 16, 2024 by ziomario

[Q-Droid 989]

Pay attention, read and try to understand what's posted. 

You only need the bottom two entries, not the others. AND for 80 change the destination port to 8080. AND for 443 change the destination port to 8443.

You are opening, forwarding and translating the port values. 

[ziomario 5]

Nope man. It does not work. The only thing I can do is to disable port 80 and 443. But I get the same error as before...

 

Edited August 16, 2024 by ziomario

[ziomario 5]

Should also remove port 8096 and 8920 ?

[Q-Droid 989]

You need two entries/lines in your router. 

LAN port 8080, public port 80.

LAN port 8443, public port 443.

[ziomario 5]

like this one,ok...

 

Edited August 16, 2024 by ziomario

[pwhodges 2012]

JUST TWO LINES as mentioned in several posts.  REMOVE the lines referring to Emby.  The only connections from the outside will be for Caddy (with the settings you now have), which is then solely responsible for passing data on to Emby through the reverse_proxy command.

Paul

[Luke 42077]

have you figured this out now?

[ziomario 5]

Nope. I'm still waiting for your help to understand how to use the Emby.pfx file. I still asking myself what's your role in the emby project. I see you rarely and usually you give some mild help. Now I think that you want only to know if the problem has been fixed to close the thread,right ? Is this your role ? To observe,to let that others help and find the solutions without taking part to the discussion and to close the threads ?

 

Edited August 26, 2024 by ziomario

[Q-Droid 989]

4 hours ago, ziomario said:

I'm still waiting for your help to understand how to use the Emby.pfx file.

If you're using Caddy now you don't need the Emby pfx file. Caddy takes care of that.

[ziomario 5]

I'm not married with Caddy. Plus,I want to learn + I don't like to leave any problem unresolved.

[seanbuff 1313]

1 hour ago, ziomario said:

I'm not married with Caddy. Plus,I want to learn + I don't like to leave any problem unresolved.

You opened this topic specifically asking for help installing a reverse proxy, namely Caddy. In this instance, the use of Caddy would negate having to mess with external certs and .pfx files and having to constantly generate new ones when they expire. As has been mentioned, Caddy handles all of this for you, automatically.

If however, you would prefer to add the complication of managing certificates yourself via pfx files, I would suggest opening a separate topic for the issues you are experiencing with that. Thanks.