Home Assistant Add-on: Caddy 2

dasbooter · April 7, 2022, 4:28pm

So my reverse proxy stopped working and I cant figure out what is going on. I was fixing a light switch and my wife accidentally turned off a breaker which seems to have broken my fragile networking situation.
Everything has been restarted in the network and although there was some warnings about improper shutdowns everything seems to be back online.
I have checked that that the devices have all taken up the proper local ips which were reserved anyway. The duckdns service is working and it appears that my modem never lost the same IP.

I have checked the log which showed no error just a warning about not using caddy_fmt to fix up my caddy file. I cannot remember if the log should say it successfully retrieved certificates explicitly which I dont see.

I have reverted back to a known working configuration of caddy 1 without success! I have been at it for over and hour.

I guess I am wondering if the service that provides the certificates is still working at this point. I am not sure how to proceed?

Addendum: I went back to my duckdns account and o’boy they changed there login options and I had to recreate an account but was able to get back my domain. I changed to the new token generated and added to the duckdns addon and changed it in the caddyfile. I noticed my email that was required to retrieve letsencrypt was also there. Does that even need to be there? I am not getting too far on this

DavidFW1960 · April 7, 2022, 9:43pm

it uses the email if for instance your cert hasn’t renewed and is expiring, Check the IP address is correct for the domain and your router didn’t just decide to use a different one. Also check in Home Assistant Supervisor>System>host that the ip address is correct.

dasbooter · April 8, 2022, 3:04pm

Thanks for the response. So as I pulled out my hair at my residence trying to figure out the problem my wife came home and mentioned she had access without issue. I immediately disabled wifi on my phone switching to mobile data and could get access to my domain. That was alot of wasted time on my part but such is life. I still cannot access my domain from my local network but I can get local address access via the local IP addresses. I haven’t looked into it but have a vague memory of this happening before.

I can ping my domain from local though. Ah the mysteries of networking.

DavidFW1960 · April 8, 2022, 11:29pm

your router must support nat loopback for the domain to work internally

dasbooter · April 9, 2022, 6:11pm

Thank you for that information .I’ll look through the settings but the hardware that was in place hasn’t changed and was only restarted. Could it be related to trusted proxies in my config file for HA. Caddy in HA reverse proxies for all docker containers including containers on a separate physical installation.

Edit: I’ll conclude my discussion since it seems this is not Caddy related. Feel free to chime in if I’m wrong anybody. Thanks Dave I’ll check into loopback on my router

callifo · April 11, 2022, 8:34am

Just found it finally, not caddy, my Suricata IPS was blocking the delete request.

dasbooter · June 2, 2022, 12:10pm

Hello all
Wondering if any of you media enthusiasts might be able to help me with my stack. Remote access to Plex seems a little flaky. Can I optimize my caddy file to make it more reliable? The plex web interface shows plex as intermittently not remotely accessible.
In plex under remote connections I have this:
Private_internal_plexserver_ip:32400 <-- Public_external_ip:443 <-- Internet
In Caddy 1 adding “transparent” to the caddy file for plex sorted this but I think this is the default for caddy 2.
Any feedback would be appreciated

dasbooter · June 5, 2022, 7:55pm

Ok crickets around here. Any body have experience reverse proxying a unify controller(not the home assistant add-on) on the same machine

CentralCommand · June 5, 2022, 8:27pm

Just an FYI caddy has its own forum here. For specific caddy configuration and how to questions I’d recommend looking and asking there. Since that’s dedicated to caddy and where the caddy experts hang out

dasbooter · June 10, 2022, 11:09pm

I was aware of the forum as it came up in my searches however any excerpts from that forum in my Caddyfile have not resulted in success. The configuration might have been encountered by other users here so I had hoped to hear from someone.

Thanks for the feedback. I will keep trying

dasbooter · October 7, 2022, 5:49pm

I have recently started getting deceptive site warnings from chrome and when loading pages through my domain name they appear incomplete. I am using duckdns for my domain. I have also noted that my google assistant integration that I have had for a number of years has been not available with the statement "yourappname"testing is not available intermittently(as in works this time but not next time) I dont believe I made any changes to my setup.
Im definitely not up on my networking but it seems domain related maybe, do I thought I would try a new domain. What changes do I have to make to my Caddy file to use my new domain as I can see some duckdns entry near the top of that file?

jaaem · November 16, 2022, 12:35pm

I got crowdsec homeassistant addon to integrate with this addon. Posted a community guide, if it helps:

dasbooter · November 17, 2022, 12:58pm

@berichta I have and issue and I am not sure if its home assistant or this addon. The addon appears to be working but it shows as not started in home assistant. The logs dont show anything as far as I can tell. Hitting the start button doesn’t really do anything and doesn’t seem to evoke an error in the log. Any help with what’s going on?

edit: I do see some errors now not sure if its pertitnent
{"level":"error","ts":16686.370,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: stream closed"} {"level":"error","ts":16686.472,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: stream closed"}

berichta · November 17, 2022, 8:12pm

Hi @dasbooter,
From what you describe I take that the UI isn’t matching the state of the add-on.
This can happen, or at least happened to me in a similar fashion. In such cases, I usually reloaded the webpage with cleard cache. For me (on Mac) it would be cmd + shift + r.

For the listed errors I have no clue yet.

dasbooter · November 18, 2022, 9:41am

Thanks for replying. The behavior also made me think it was just a cache issue but I have cleared the cache and even tried a different browser but it still shows as not started with the red dot in the upper right corner
How would I completely scrub all parts of the addon so I can start from scratch with it. Would all the folders in the base ssl directory be purged also? I have tried reverting to previous configuration but that didnt fix the problem and I didnt realize that a back and forth with backups can be a little problematic with other things

this is the error showing now {"level":"error","ts":1668770179.934891,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: stream closed"}

I have tried to use services to stop start restart the addon but they all give a failed to start service undefined error

final edit: Deleted anything I thought was caddy related including all folders in SSL(backed up but still probably shouldn’t have done that). Removed the addon restarted HA then also restarted the actual Virtual Machine. Reinstalled the addon and put back my Caddyfile. Now finally HA recognizes the addon as started. Problem with the shotgun approach is I dont know what the problem was.

dasbooter · November 24, 2022, 5:19pm

Can somebody help me with simple mark down I cant get it right and I would like to incorporate the security back into my simple caddy file. Ive had to temporarily move away from duckdns for home assistant specifically as I am having problems with google assistant integration. I am still using duckdns as you can see for somethings. I cant seem to get the security part back into my caddy file without causing an error.
This part defined as common:

}
(common) {
	tls {
		dns duckdns redacted
		on_demand
	}
	header {
		Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		Referrer-Policy "same-origin"
		Content-Security-Policy "frame-ancestors redacted.duckdns.org *.redacted.duckdns.org"
		-Server
		Permissions-Policy "geolocation=(self), microphone=()"
	}
}

redacted.twilightparadox.com {
	reverse_proxy redacted:8123
}
ombi.redacted.duckdns.org {
	reverse_proxy redacted:3579
}
tautalli.redacted.duckdns.org {
	reverse_proxy redacted:8181
}
portainer.redacted.duckdns.org {
	reverse_proxy redacted:9000
}
plex.redacted.duckdns.org {
	reverse_proxy redacted:32400
}
redacted.redacted.duckdns.org {
	reverse_proxy redacted:redacted
}
redacted.redacted.duckdns.org {
	reverse_proxy redacted:redacted {
		transport http {
			tls
			tls_insecure_skip_verify
		}
	}
}
prowlarr.redacted.duckdns.org {
	reverse_proxy redacted:9696
}
sonarr.redacted.duckdns.org {
	reverse_proxy redacted:8989
}
radarr.redacted.duckdns.org {
	reverse_proxy redacted:7878
}
organizr.redacted.duckdns.org {
	reverse_proxy redacted:8006
}

OK? I tried to go back to my old caddy file which uses on duckdns with dns challenge and I am getting “Error during parsing: getting module named ‘dns.providers.duckdns’: module not registered: dns.providers.duckdns.” I thought this addon was compiled with the duckdns dns module? Nevermind it was not I had to download one from the caddywebisite with the addon (linux amd64 and name it caddy not Caddy in /share/caddy/

bughattiveyron · March 9, 2023, 7:20pm

Curious if anyone is getting a deceptive site warning using caddy2 in home assistant? mine started yesterday and all of my sites behind my router are showing deceptive, not just home assistant.

caddyfile

# Synology
https://liquidxpe.somename.com {
        reverse_proxy https://XX.XX.XX.48:5001 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}
# Unifi
https://liquiduni.somename.com {
        reverse_proxy https://XX.XX.XX.240:8443 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}
# Edgerouter
https://liquidrt.somename.com {
        reverse_proxy https://XX.XX.XX.1:8440 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}
# DSM Portainer
https://dsmportainer.somename.com {
        reverse_proxy https://XX.XX.XX.48:9443 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}
# HA Portainer
https://haportainer.somename.com {
        reverse_proxy http://XX.XX.XX.240:9000 {
                transport http
        }
}
# Radarr
https://radarr.somename.com {
        reverse_proxy http://XX.XX.XX.48:7878 {
                transport http
        }
}
# Sonarr
https://sonarr.somename.com {
        reverse_proxy http://XX.XX.XX.48:8989 {
                transport http
        }
}
# Readarr
https://read.somename.com {
        reverse_proxy http://XX.XX.XX.48:8787 {
                transport http
        }
}
# Lidarr
https://music.somename.com {
        reverse_proxy http://XX.XX.XX.48:8686 {
                transport http
        }
}
# SabNZBD
https://sab.somename.com {
        reverse_proxy http://XX.XX.XX.48:8080 {
                transport http
        }
}
# automate-myhome
https://automate-myhome.com {
        reverse_proxy http://XX.XX.XX.240:49153 {
                transport http
        }
}
# HomeAssist
https://homeaccess.somename.com {
        reverse_proxy https://XX.XX.XX.220:8123 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}
#Frigate
https://frigate.somename.com {
        reverse_proxy http://XX.XX.XX.75:5000 {
                transport http
        }
}
#Search
https://search.somename.com {
        reverse_proxy http://XX.XX.XX.48:5055 {
                transport http
        }
}
#Transcode
https://transcode.somename.com {
        reverse_proxy http://XX.XX.XX.75:8265 {
                transport http
        }
}
#Plex
https://watch.somename.com {
        reverse_proxy http://XX.XX.XX.75:32400 {
                transport http
        }
}

tung256 · March 22, 2023, 2:02pm

link dead now?

strange i cant even add your repository

nevermind. seems it works on Edge browser only…

tung256 · March 22, 2023, 2:55pm

can someone please show me their config for very basic https access to my HA machine?
what to put in here?

i only need local https://192.168.1.229:8123
as of now, i access my HA OS’s GUI via http://192.168.1.229:8123
i wont need to access the gui remotely or anything fancy like that

i did try but this does not work when i try to open tung.ha (tung.ha is not a real site)

mostlychris · March 28, 2023, 1:41pm

When using the Home Assistant add-on, how do I use cloudflare for the DNS challenge? I’m getting the following error, which I assume means it isn’t included in the add-on.

Error during parsing: getting module named ‘dns.providers.cloudflare’: module not registered: dns.providers.cloudflare