502 Bad Gateway

[babatremblay]

I'm using Cloudflare tunnels to connect babamovies.com with my local Jellyfin instance, but I'm encountering a connection refused error. Here’s the  error message from my wsl cmd line:
ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp <jellyfin WAN IP>:8096: connect: connection refused" connIndex=3 dest=https://babamovies.com/favicon.ico event=0 ip=198.41.200.113 type=http

here is my docker-compose.yml:

Code:

version: '3.8'

services:
  jellyfin:
    image: jellyfin/jellyfin
    container_name: jellyfin
    network_mode: 'host'
    volumes:
      - ./config:/config
      - ./cache:/cache
      - type: bind
        source: ./Movies
        target: /media/movies
        read_only: true
    restart: unless-stopped
    environment:
      - JELLYFIN_PublishedServerUrl=https://babamovies.com
    extra_hosts:
      - 'host.docker.internal:host-gateway'
  caddy:
    image: iarekylew00t/caddy-cloudflare:latest
    container_name: caddy
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
    restart: 'unless-stopped'
    depends_on:
      - jellyfin
    environment:
      - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}

volumes:
  caddy_data:
  caddy_config:

and here is my caddyfile:

Code:

babamovies.com {
    reverse_proxy <jellyfin WAN IP>:8096
    tls {
        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
    }
}

I have verified that my jellyfin server is accessible locally and that the CLOUDFLARE_API_TOKEN is correct, but can't access it via babamovies.com (it's showing a 502 gateway error). 
Any suggestions for debbugging this issue?

[pcm]

can you share caddy logs ?

[babatremblay]

caddy | {"level":"info","ts":1718139204.570811,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
caddy | {"level":"info","ts":1718139204.5721734,"msg":"adapted config to JSON","adapter":"caddyfile"}
caddy | {"level":"warn","ts":1718139204.5722158,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
caddy | {"level":"info","ts":1718139204.5731251,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//[::1]:2019","//127.0.0.1:2019","//localhost:2019"]}
caddy | {"level":"info","ts":1718139204.5734162,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy | {"level":"info","ts":1718139204.5734646,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy | {"level":"info","ts":1718139204.5735037,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00051fa80"}
caddy | {"level":"info","ts":1718139204.5737722,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
caddy | {"level":"info","ts":1718139204.5739017,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/...ffer-Sizes for details."}
caddy | {"level":"info","ts":1718139204.5741494,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
caddy | {"level":"info","ts":1718139204.5742302,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
caddy | {"level":"info","ts":1718139204.5742462,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["babamovies.com"]}
caddy | {"level":"info","ts":1718139204.5750124,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
caddy | {"level":"info","ts":1718139204.575049,"msg":"serving initial configuration"}
caddy | {"level":"info","ts":1718139204.5783055,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStoragedata/caddy","instance":"6f9a5f4d-0142-4be6-be6e-c4fef023521c","try_again":1718225604.578302,"try_again_in":86399.99999957}
caddy | {"level":"info","ts":1718139204.5784318,"logger":"tls","msg":"finished cleaning storage units"}

[TheDreadPirate]

What happens when you turn off cloudflared?

FYI, using cloudflare tunnels or proxies for serving video is against their TOS.

[babatremblay]

I get an ERR_NAME_NOT_RESOLVED. Btw my provider is squarespace, should I try to add domain forwarding to my public ip address?

[TheDreadPirate]

Yes. Your domain should be pointing to your public IP.

[babatremblay]

but isnt my caddy file already doing that?

[TheDreadPirate]

Can you describe your setup? Is Caddy on the same box as Jellyfin? Or is it running on a VPS or something?