Mhh, have s small setback; the Unifi controller via the web works but the Android app does not allow me to login. Any idea what this could be?
unifi.mydomain.com {
proxy / https://192.168.1.41:8443 {
insecure_skip_verify
transparent
}
tls [email protected]
}Hi, slightly off-topic. What NAS have you got?
I don’t know enough about the unifi app to say really. What does it usually expect if you aren’t proxying?
Nikc,
I followed your link but this is the result:
● caddy.service - Caddy HTTP/2 web server
Loaded: loaded (/etc/systemd/system/caddy.service; enabled)
Active: failed (Result: exit-code) since lun 2017-08-21 07:41:28 CEST; 11h ag o
Docs: https://caddyserver.com/docs
Main PID: 597 (code=exited, status=226/NAMESPACE)
ago 21 07:41:28 jarvis systemd[1]: Started Caddy HTTP/2 web server.
ago 21 07:41:28 jarvis systemd[1]: caddy.service: main process exited, code...CE
ago 21 07:41:28 jarvis systemd[1]: Unit caddy.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.
Did you changed something on caddy.service file ?
I changed for example only user and group.
Thank you again
Do you have the un ellipsed error?
Yes : Hint: Some lines were ellipsized, use -l to show in full.
Haha you need to add - l when you run it to get unellipsed lines.
When i run with -l i receive a different error:
ago 21 07:41:28 jarvis systemd[1]: Started Caddy HTTP/2 web server.
ago 21 07:41:28 jarvis systemd[1]: caddy.service: main process exited, code=exited, status=226/NAMESPACE
ago 21 07:41:28 jarvis systemd[1]: Unit caddy.service entered failed state.The systemd file is made for Ubuntu.
However fix here should work, final post:
I commented those lines but nothing happens!
I also followed the link. Executed all the steps and all works fine on an RPI3. The only thing I could not run was
sudo ufw allow http
sudo ufw allow https
But don’t think this is needed and the RPI3 (at least all works fine now for me.
@nikc0069 The unfifi app also seems to work now (after adding websocket)
Great news. Raspbian doesn’t use ufw so you are correct that isn’t needed.
I’m afraid then I can’t help you with this part. I’m a bit of a Linux noob but someone else may be able to weigh in on your particular issue.
By the way; I was looking at this post. There are two tests mentioned. SSLabs.com gives me an A but securityheaders.io a F. Do you have the same? Is there anything I can do about this?
There is. I can’t get to my configuration easily right now but first post here should help:
Thanks for the pointer.
For the folks that were able to get Caddy to run, I have a few questions.
I’ve been at this all afternoon and still can’t access my HA box
In your configuration.yaml file, did you use base URL?
Ex.: base_url: your.site.org:8123
Also does your cert setup look like this?
ssl_certificate: /etc/ssl/caddy/acme/acme-v01.api.letsencrypt.org/sites/your.site.org/your.site.org.crt
ssl_key: /etc/ssl/caddy/acme/acme-v01.api.letsencrypt.org/sites/your.site.org/your.site.org.key
Lastly for port forwarding do you forward 80 --> 80 and 443 --> 8123?
Thanks
Yes, and yes, and no.
The only thing I see wrong is forwarding 443 to 8123. 443 on your router should forward to 443 on your pi then caddy does the translation to 8123 and for any other services you add to your caddy file.
Thanks, I was able to get this working. I did end up pointing 443 --> 443 but my other issue is that for some reason, the IP of my Raspberry Pi ended up in the ip_bans.yaml. Cleaned that up and everything worked well.
I finally managed to make it work: on a pi3 dedicated to it. On a NUC I have a HASSIO installation
How you guys are doing with Mosquito , HASSIO and Caddy?