Hello All
As a user huge success with Caddy in other applications. I was wondering if there was any compatibility?
I’ve been toying with the reverse_proxy directive in a caddy instance and haven’t had any luck with it forwarding to the .local domains hosted by Start9.
Not quite sure if the issue is with ROOT CA, TLS, or proxying the headers. But I haven’t had any luck getting the services to reverse-proxy.
Any help in this department would be greatly appreciated!
As mentioned in our Telegram conversation, We don’t have any official guide on Caddy. But do have a guide for setting up a Reverse Proxy done by our very own @StuPleb
This will no longer be necessary once StartOS 036 is released.
Maybe some other community members who have experimented with Caddy can chime in with information and or tips on their setup.
I have great news to report back!
With the help of this community post, I have successfully used Caddy to reverse proxy to my Start9 .local service WITH TLS!
Caddy and Pi-Hole work in tandem to take a domain or subdomain request and correctly route the traffic to that specific .local service hosted on the start9 all while retaining the secure tunnel. I’d like to explain what is being done in an effort to understand it myself LOL. Please feel free to interject, very much still learning here…
A total of 2 devices were needed to accomplish this because again, I’m still a noob to a lot of this… The first device was a Mac mini running Docker Desktop with a Pi-Hole instance. The second device is an Macbook pro 2012 running Pop!_OS with a Caddy instance.
DNS PROVIDER
Create an A record on my domain proxying to my ip.
Enable Full SSl/TLS encryption (Cloudflare recommended)
Mac mini/Pi-Hole
Download Docker Desktop
Install Pi-Hole with Docker
Run Pi-Hole
Visit PiHole web interface sidebar - Domains - Add a new domain or regex filter
Still in PiHole web interface sidebar - Local DNS - DNS Records - Add a new domain/IP combination
Local Router
Reserve the Start9 Node and Mac mini’s IP address
Open ports 80 and 443 to MacBook Pro running Caddy
Change home router DNS settings to match the Mac Mini’s (Pi-Hole’s) IP address
Verify Pi Hole DNS is functioning properly and you can get to the open internet
MacBook Pro/Pop!_OS/Caddy
/etc/systemd/relsolved.conf
DNS=Mac Mini's IP
Domains=~local
CA CERTIFICATES
Using a web browser visit the IP address of the Start9 node. Follow this tutorial for how to install CA certificates on linux.
Install Caddy
Create Caddyfile with format:
domain.com {
reverse_proxy LongSelfHostedAddress.local
}
sudo caddy run --config /path/to/caddyfileIf you followed every step you should ‘in practice’ have a functional reverse proxy to your start9 .local service with TLS encryption so you so don’t accidentally leak any clear text queries
I really hope this helps someone out there! I know its kind of a crazy seupt, but its the best way I’ve found to do it because you can’t run Caddy and Pi-Hole on the same machines because they both want to observe the same ports.
I also believe this is as a safer alternative to using something like Tailscale which exposes the wholeness of your network to your entire tailnet. Using this option allows you to have the safest and most customizable way to allow yourself and others to utilize your node services.
ENJOY!
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.