Disclaimer: I am running personal website on cloud, since it feels iffy to expose local IP to internet. Sorry for posting this on selfhosting, I don’t know anywhere else to ask.
I am planning to multiplex forgejo, nextcloud and other services on port 80 using caddy.
This is not working, and I am having issues diagnosing which side is preventing access.
One thing I know: it’s not DNS, since dig <my domain> works well.
I would like some pointers for what to do in this circumstances. Thanks in advance!
What I have looked into:
- curling localhost from the server works well, caddy returns a simple result.
curl <my domain>times out, currently trying to inspect packets - it seems like server receives TCP without HTTP.curl <my domain>:3000displays forgejo page, as forgejo exposes at 3000 in its container, which podman routes to host 3000.
EDIT: my Caddyfile is as follows.
:80 {
respond "Hello World!"
}
http://<my domain> {
respond "This should respond"
}
http://<my domain 2> {
reverse_proxy localhost:3000
}
EDIT2: I just tested with netcat webserver, it responds fine. This narrows it down to caddy itself!
EDIT3: (Partially) solved, it was firewall routing issue. I should have checked ufw logs. Turns out, podman needs to be allowed to route stuffs. Now to figure out how to reverse-proxy properly.
You must log in or register to comment.
Are these running on the same server? You haven’t given a lot of information here. Communication between containers is different:
Yes, they are running on the same server. I am hoping to communicate through host network, maybe that’s not working well
Inter-container communication is different. At least with docker which I have more experience with, but they’re similar. Try using the name of your container in your proxy config rather than the external host name.
Modern web services are served on port 443 over HTTPS with secure certificates, not on port 80 over HTTP.
Make sure you have a cert issued and installed for your server, that port 443 is not blocked by any firewall and that curl is explicitly connecting to https.
Install a reverse proxy like caddy, but on your server bare metal not container.
Also, expose port 443 not 80, and put a SSL certficate.
Can at least ping <my domain> from server and from home?
“bare metal” does not mean “outside of a container”. Just say “outside of a container”.
It’s a losing battle, but I’ll fight it anyway.
There’s no indication that running caddy in a container was a problem here.
