Jellyfin and Caddy with domain name setup

Hello,

I am having a lot of trouble setting up Caddy and Jellyfin with a domain name. I currently bought nervhq.space but am having difficulty configuring the domain name to my raspberry pi’s address.

I have port forwarded ports 80,443,8096,8920 from the Modem/router combo I have. I have the pi connected to my router with a static IP address of 192.168.1.8. I have so far been able to google/troubleshoot everything with installing dietpi then jellyfin and have even been able to access jellyfin from my external IP address _______:8096.

So I believe I have done at least the beginning parts of connecting my domain name, nervhq.space, to my server correctly. The registrar I bought my domain name from, domain.com has a section which allows me to change the DNS record and I am vaguely aware that I will have to update some settings in there but am unsure of what exactly. If anyone has a clear step by step guide that I could follow from changing my settings in jellyfin to configuring caddy to point my pi to my domain name and having my domain name point to my pi, or doesn’t mind me bothering them with a bunch of questions I would really appreciate it.

Thank you for reading!

Images

If anyone has a caddy file that i could look at i would also appreciate that.

  • What version of Jellyfin you are using
    Server: NervHq

Version: 10.5.5

Operating System: Linux

Architecture: Arm

  • How did you install Jellyfin (Linux, macOS, Windows, Docker, etc.)

installed on dietpi os

Hi there. I replied in the caddy setup thread but this has more specific questions.

Have you created an ‘A Record’ at your registrar that points to the IP address of your home connection?

Also if that’s your real IP address and domain I would remove it from the post.

Hello,

Thank you for your help, so yes i have created a A record pointing from the domain Nervhq.space to my public IP address. But when trying to ping my domain name it does not return my public IP address.

(screenshot of ping to domain timing out)

Is there something that i am missing here?

Under normal circumstances (i.e., unless you’re using an enterprise-grade router and have configured it appropriately), you won’t be able to ping your public IP from within your local network. Further, unless you’ve explicitly enabled the receipt of unsolicited ICMP packets at your router, it won’t acknowledge ping requests from the outside world (though this is not a problem; it’s actually advantageous for security if your local network remains silent to the general outside world).

From your ping attempt, it’s obvious that your domain name is properly resolving;
nervhq.space -> (IP address removed for security)

Doing a check of your ports, I can see that both ports 80 (HTTP) and 443 (HTTPS) are open, which indicates that you do in fact have Caddy running.

Trying to connect via HTTPS though returns the following certificate error;
The certificate is only valid for the following names: *.domain.com, domain.com

This suggests that you haven’t configured Caddyfile properly.

I would suggest that you…

  1. Edit your previous post to remove your IP address from public view (delete the image from the post) - this is important for your security!

  2. Post the contents of your Caddyfile so we can see where the problem is.

I have edited the posts to remove IP addresses, and hidden the revision from history. If anything comes up, don’t be afraid to flag a post to mods - that lets us see it quicker :slight_smile:

1 Like

Hey thank a lot guys for posting in this topic I really appreciate it.

As for my ip address showing I also appreciate you censoring it and will be doing that in my future posts. I am still very new to this and definitely didn’t realize how open it was.

For my caddy configuration I am using this command:

caddy reverse-proxy --from nervhq.space --to 127.0.0.1:8096

When doing this it returns this error:

> 2020/06/21 17:10:48.845	WARN	admin	admin endpoint disabled
> 2020/06/21 17:10:48.846	INFO	http	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "proxy", "https_port": 443}
> 2020/06/21 17:10:48.846	INFO	http	enabling automatic HTTP->HTTPS redirects	{"server_name": "proxy"}
> 2020/06/21 17:10:48.847	INFO	tls	cleaned up storage units
> 2020/06/21 11:10:48 [INFO][cache:0x2722d00] Started certificate maintenance routine
> reverse-proxy: loading new config: http app module: start: tcp: listening on :80: listen tcp :80: bind: address already in use

Using
sudo iptables -L

I receive this :

> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination         
> ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
> ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
> ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8096
> 
> Chain FORWARD (policy DROP)
> target     prot opt source               destination         
> DOCKER-USER  all  --  anywhere             anywhere            
> DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
> ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
> DOCKER     all  --  anywhere             anywhere            
> ACCEPT     all  --  anywhere             anywhere            
> ACCEPT     all  --  anywhere             anywhere            
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination         
> ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8096
> ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
> ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https

When using

sudo lsof -i -P -n | grep 80

I receive this output:

> jellyfin    502    jellyfin  282u  IPv4  18093      0t0  UDP *:1900 
> sshd        584        root    4u  IPv6  17080      0t0  TCP *:22 (LISTEN)
> lighttpd    840    www-data    4u  IPv4  16288      0t0  TCP *:80 (LISTEN)
> lighttpd    840    www-data    5u  IPv6  16289      0t0  TCP *:80 (LISTEN)
> lighttpd    840    www-data   10u  IPv4 156115      0t0  TCP 192.168.1.4:80->192.168.1.5:53393 (ESTABLISHED)
> jellyfin   3253          pi  275u  IPv6  29304      0t0  TCP *:8096 (LISTEN)
> jellyfin   3253          pi  316u  IPv6 148202      0t0  TCP 192.168.1.4:8096->192.168.1.5:52066 (ESTABLISHED)
> jellyfin   3253          pi  318u  IPv6 143259      0t0  TCP 192.168.1.4:8096->192.168.1.5:64118 (ESTABLISHED)

Here is my networking page in Jellyfin

I don’t understand where the disconnect is. What am i missing here?

Something is running on port 80:
lighttpd ... TCP *:80 (LISTEN)

In a default setup, Caddy needs to have ports 80 and 443 for itself. This is a hard requirement for the “easy” TLS setup. Find out what’s running with lighthttpd, and you’ll need to stop it, or serve it through Caddy :slight_smile:. If this is a Raspberry Pi, most Linux distributions include a built in web server that just holds a “hello” page. You can likely disable it (sudo systemctl stop lighttpd, sudo systemctl disable lighttpd).

Also for the networking page, do not put the address there. That will break your config, and that’s not what that field is for.

Once you’ve got the port 80 business sorted out, start Caddy up. Since the ports are “protected” (anything below 1024), you’ll need to do so as an admin or sudo (depending how you have it installed). Once that works, you don’t need to have the port forward for 8096 on your router. Just 80 and 443.