Reverse proxy not working for new PC?

[4r5hw45twh]

So, I bought a new BeeLink N100 mini PC. My entire setup worked just fine, except now I have a different IP on this device, and I now cannot access it from the Internet. I have my own domain name pointing to a VPS IP. From there, it uses Caddyfile on Linux to point to my actual home public IP. So, none of that would've changed (right?). What did change was my device IP, so I added the new IP to my port forwarding on my router and saved, but no luck. I can access JF within the same network, but now I can't through my domain name/reverse proxy. Please help. I've checked everything like 7 times and I cannot see what would be wrong. The mini PC is *not* on a VPN or anything either. Mini PC is on Windows 10.

[TheDreadPirate]

Did you open the firewall on the mini PC? Set the network type to private?

[4r5hw45twh]

Did you open the firewall on the mini PC?  Set the network type to private?

Hey, so I figured out the initial question of my own reverse proxy, but now I am dabbling with CloudFlare.

I pointed my domain's name servers to CloudFlare. It's now active. I added my subdomain to the DNS record and pointed it to my home public IP. Left Caddyfile the same by using my own domain name and keeping the IP as 127.0.0.1:8096 since I'm self-hosting all of it now.

Is this correctly done? Because I cannot connect to JF from outside network again now. And yes, I know about the TOS.

[TheDreadPirate]

You can use cloudflare as long as you turn off proxying and set it to DNS only. There is nothing gained with proxying. No one is going to DDoS a random person's Jellyfin server. CF proxying and tunneling just adds a lot of headache.

[4r5hw45twh]

You can use cloudflare as long as you turn off proxying and set it to DNS only.  There is nothing gained with proxying.  No one is going to DDoS a random person's Jellyfin server.  CF proxying and tunneling just adds a lot of headache.

I mean, maybe not. But I will be using my server for hosting multiple things on subdomains. If I just reverse proxy on the server, my public home IP is exposed, which I don't want. Hence, why I am trying CloudFlare.

[TheDreadPirate]

You can proxy the other services, no problem. It's Jellyfin that's the issue. Serving video through their proxy is against their ToS and you risk losing your account and domain.

Setup fail2ban, use https, keep everything up-to-date, use wildcard certs. I regularly look through my fail2ban and nginx logs and everything is just script kiddies looking for unpatched windows machines and unpatched routers.

[4r5hw45twh]

You can proxy the other services, no problem.  It's Jellyfin that's the issue.  Serving video through their proxy is against their ToS and you risk losing your account and domain.

Setup fail2ban, use https, keep everything up-to-date, use wildcard certs.  I regularly look through my fail2ban and nginx logs and everything is just script kiddies looking for unpatched windows machines and unpatched routers.

Hmm. Ok, so what is the best way to go about having everything be proxied via reverse proxy + Cloudflare while ignoring JF for that? For what it's worth, I'm fine losing the domain (registered with another company) and account terminated on CF. This is all just to test and whatnot anyway. In fact, just purchased a new domain name for this.

[TheDreadPirate]

You can have separate subdomains in cloudflare with different settings for each subdomain.

You'd have an A and/or AAAA record that point to your domain and public IP. Then a bunch of cnames for each subdomain that point to your domain.

[4r5hw45twh]

You can have separate subdomains in cloudflare with different settings for each subdomain.

You'd have an A and/or AAAA record that point to your domain and public IP.  Then a bunch of cnames for each subdomain that point to your domain.

"...that point to your domain." Do you mean from my domain? Like, an A record from my subdomain that points to my public home IP?

On CloudFlare, I setup a tunnel for JF and it auto-added the subdomain I picked for it as a CNAME. My 2 A records currently are: "mydomain.com" and "www" and those hostnames are pointed to my domain registrar's DNS IP (I saw the URL they were set to on my domain host before activating CloudFlare with it and then used Dig to get the actual ipv4 of those). All 3 show as Proxied.

When testing a test subdomain that is NOT being proxied by CF, I have the A record of "test.domain.com" with it pointed to my home public IP and then I launch Caddy in PowerShell, but I can't connect from outside the network. My Caddyfile is:

Code:

test4.mydomain.com
reverse_proxy 127.0.0.1:8096

I run "caddy run" and my Caddy PowerShell window then says:

Code:

PS C:\Program Files\caddy> caddy run
2024/09/28 20:27:08.056 ←[34mINFO←[0m   using adjacent Caddyfile
2024/09/28 20:27:08.058 ←[34mINFO←[0m   adapted config to JSON  {"adapter": "caddyfile"}
2024/09/28 20:27:08.058 ←[33mWARN←[0m   Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies    {"adapter": "caddyfile", "file": "Caddyfile", "line": 3}
2024/09/28 20:27:08.067 ←[34mINFO←[0m   admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/09/28 20:27:08.067 ←[34mINFO←[0m   tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00051b580"}
2024/09/28 20:27:08.067 ←[34mINFO←[0m   http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2024/09/28 20:27:08.067 ←[34mINFO←[0m   http.auto_https enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2024/09/28 20:27:08.068 ←[34mINFO←[0m   http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/09/28 20:27:08.068 ←[34mINFO←[0m   http    enabling HTTP/3 listener        {"addr": ":443"}
2024/09/28 20:27:08.069 ←[34mINFO←[0m   http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/09/28 20:27:08.069 ←[34mINFO←[0m   http    enabling automatic TLS certificate management   {"domains": ["test4.mydomain.com"]}
2024/09/28 20:27:08.070 ←[34mINFO←[0m   tls     storage cleaning happened too recently; skipping for now        {"storage": "FileStorage:C:\\Users\\User\\AppData\\Roaming\\Caddy", "instance": "e6987cf2-53af-4c05-af72-8246f1a18f9b", "try_again": "2024/09/29 20:27:08.070", "try_again_in": 86400}
2024/09/28 20:27:08.070 ←[34mINFO←[0m   tls     finished cleaning storage units
2024/09/28 20:27:08.071 ←[34mINFO←[0m   autosaved config (load with --resume flag)      {"file": "C:\\Users\\User\\AppData\\Roaming\\Caddy\\autosave.json"}
2024/09/28 20:27:08.071 ←[34mINFO←[0m   serving initial configuration

[TheDreadPirate]

Negatory.  Subdomain CNAMEs can point to domain names. They can also be a completely different IPs.

   

"jellyfin" is a cname that points to my domain.  So jellyfin.domain.tld would resolve to my public IP. This allows you to have multiple services listening on the same port since the reverse proxy would direct traffic to the proper destination based on the subdomain used.  This also allows you to change how Cloudflare handles each subdomain.  Whether DNS only or proxying.  If you used subPATHs you wouldn't be able to do this.  Like domain.tld/jellyfin.