Hi Danb35, I really appreciate the reply.
I tried the suggestion to edit the `/etc/hosts` file on my caddy jail but it did not fix the issue post system reboot. Here is that file:
Code:
root@caddy:/usr/local/www # cat /etc/hosts
# $FreeBSD$
#
# Host Database
#
# This file should contain the addresses and aliases for local hosts that
# share this file. Replace 'my.domain' below with the domainname of your
# machine.
#
# In the presence of the domain name service or NIS, this file may
# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
#
#
::1 localhost localhost.my.domain
127.0.0.1 localhost localhost.my.domain caddy
#
# Imaginary network.
#10.0.0.2 myname.my.domain myname
#10.0.0.3 myfriend.my.domain myfriend
#
# According to RFC 1918, you can use the following IP networks for
# private nets which will never be connected to the Internet:
#
# 10.0.0.0 - 10.255.255.255
# 172.16.0.0 - 172.31.255.255
# 192.168.0.0 - 192.168.255.255
#
# In case you want to be able to connect to the Internet, you need
# real official assigned numbers. Do not try to invent your own network
# numbers but instead get one from your network provider (if any) or
# from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.)
#
192.168.1.199 caddy
192.168.1.70 my.b.c
Your guess is correct, my Caddyfile was shown above, but I will show it again:
Caddyfile for caddy jail:
Code:
root@caddy:/usr/local/www # cat Caddyfile
{
#acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
#acme_ca https://acme-v02.api.letsencrypt.org/directory
email myemail@gmail.com
}
:2020 {
respond "uwu nya"
}
#bruh.b.c {
# #tls {
# # dns cloudflare xxx
# #}
# reverse_proxy https://192.168.1.70 # nextcloud
#
# log {
#
# output file "test.log"
# }
#}
my.b.c {
log {
output file /var/log/caddy/nextcloud-access.log
}
reverse_proxy https://192.168.1.70 # nextcloud test please work
}
nya.b.c {
respond "pomf pomf boom"
#reverse_proxy http://192.168.1.95:9091 # Transmission
}
whatthedogdoin.b.c {
tls {
dns cloudflare xxx
}
redir https://www.youtube.com/watch?v=dQw4w9WgXcQ
}
watch.b.c {
reverse_proxy 192.168.1.101:8096 # jellyfin
}
my Caddyfile in nextcloud:
Code:
root@nextcloud:/usr/local/www # cat Caddyfile
{
# debug
#acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
email myemail@gmail.com
default_sni my.b.c
}
my.b.c {
root * /usr/local/www/nextcloud
file_server
log {
output file /var/log/my.b.c.log
}
php_fastcgi 127.0.0.1:9000 {
env front_controller_active true
}
tls {
# dns cloudflare xxx
dns cloudflare xxxdifferentone
}
header {
# enable HSTS
Strict-Transport-Security max-age=31536000;
}
# client support (e.g. os x calendar / contacts)
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
redir /.well-known/webfinger /index.php/.well-known/webfinger 301
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
respond @forbidden 404
}
#other.b.c {
# tls {
# dns cloudflare
# }
#respond "please work"
#}
Unfortunately, it seems like accessing the site `my.b.c` still produces an 502. My `caddy run debug` isn't spitting out any useful logs this time...
I tried `curl -v my.b.c` from an external computer and this is what showed up:
Code:
curl -v my.b.c ✔ 3.0.3
* Trying 260xxxx80...
* Trying 17xxxxxx0...
* Connected to my.b.c (17xxxxxx9) port 80 (#0)
> GET / HTTP/1.1
> Host: my.b.c
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Date: Sun, 27 Nov 2022 04:45:09 GMT
< Content-Length: 0
< Connection: keep-alive
< Location: https://my.b.c/
< CF-Cache-Status: DYNAMIC
< Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DIqNLc7Mg0HNT3AmeWwD95Fz9vSw8z5IPD2zpm43X6uypEAz5RXkE0YEjJAF%2BS6KQZo7r31%2F5Wr%2FRKuFl5IjoBNY9AQ6UFbPVOGyOIVRS9945Zp7Y7dhX%2BrhOxRBHg8lsQ5IGN7z"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 77083xxxxx891-SEA
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<
* Connection #0 to host my.b.c left intact
Same error as before in `caddy run debug`: "x509: cannot validate certificate for 192.168.1.70 because it doesn't contain any IP SANs" when accessing the site from an external network.
So I'm still seeing the 502s but I'm unsure what the issue is. Jellyfin is accessible from external networks, and nextcloud is accessible from internal networks. My router is provided by the ISP so I don't think I'm able to perform your other suggested preferred action.
Thankful for any guidance. Thanks :)
Edit: I tried the unrecommended suggestion, and now this is working on external networks. Is this really bad to do? It'll be used by friends, not government files or anything lol. Just wanted to understand how bad this is.
Code:
my.b.c {
log {
output file /var/log/caddy/nextcloud-access.log
}
#reverse_proxy https://192.168.1.70 # nextcloud test please work
reverse_proxy https://192.168.1.70 {
transport http {
tls_insecure_skip_verify
}
}
}