Need some help. Duckdns reverse proxy doesn't seem to be working.

I’m setting up a jellyfin server, and want to access it on the internet. I created a xxxxxxx.duckdns.org address for it. I have installed caddy with duckdns addon (first installed regular caddy, then overwrote /usr/bin/caddy with this custom caddy). My caddy file is as follows


<span style="color:#323232;">XXXXXX.duckdns.org:9091 {
</span><span style="color:#323232;">    reverse_proxy 127.0.0.1:8096
</span><span style="color:#323232;">    tls {
</span><span style="color:#323232;">        dns duckdns     XXXXXXXXXXXXXXXXX
</span><span style="color:#323232;">    }
</span><span style="color:#323232;">}
</span><span style="color:#323232;">
</span>

Started caddy and here’s my status. Doesn’t show any errors:


<span style="color:#323232;">● caddy.service - Caddy
</span><span style="color:#323232;">     Loaded: loaded (/lib/systemd/system/caddy.service; enabled; preset: enabled)
</span><span style="color:#323232;">     Active: active (running) since Sun 2023-09-24 22:45:57 EDT; 32min ago
</span><span style="color:#323232;">       Docs: https://caddyserver.com/docs/
</span><span style="color:#323232;">   Main PID: 2132 (caddy)
</span><span style="color:#323232;">      Tasks: 9 (limit: 8907)
</span><span style="color:#323232;">     Memory: 11.7M
</span><span style="color:#323232;">        CPU: 313ms
</span><span style="color:#323232;">     CGroup: /system.slice/caddy.service
</span><span style="color:#323232;">             └─2132 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
</span><span style="color:#323232;">
</span><span style="color:#323232;">Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.1027205,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
</span><span style="color:#323232;">Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.1027687,"logger":"http","msg":"enabling HTTP/3 listener","addr":":9091"}
</span><span style="color:#323232;">Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.1030562,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
</span><span style="color:#323232;">Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.103145,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
</span><span style="color:#323232;">Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.1031566,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["xxxxxx.duckdns.org"]}
</span><span style="color:#323232;">Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.1034396,"logger":"tls","msg":"finished cleaning storage units"}
</span><span style="color:#323232;">Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.104117,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
</span><span style="color:#323232;">Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.1041856,"msg":"serving initial configuration"}
</span><span style="color:#323232;">Sep 24 22:45:57 mediaserver-wyse5070thinclient systemd[1]: Started caddy.service - Caddy.
</span><span style="color:#323232;">Sep 24 22:49:54 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695610194.0222473,"logger":"admin.api","msg":"received request","method":"GET","host":"localhost:2019","uri":"/config","remote_ip":"127.0.0.1","remote_port":"53888","headers":{"Accept":["*/*"],"User-Agent":["curl/7.88.1"]}}
</span><span style="color:#323232;">
</span>

However, my reverse proxy doesn’t work. I can’t ping it. Same thing happens when I ping my global ip


<span style="color:#323232;">PING xxxxxx.duckdns.org (104.183.123.226) 56(84) bytes of data.
</span><span style="color:#323232;">From 192.168.1.254 (192.168.1.254) icmp_seq=4 Destination Host Unreachable
</span><span style="color:#323232;">From 192.168.1.254 (192.168.1.254) icmp_seq=7 Destination Host Unreachable
</span>

I have previously setup dynamic dns successfully on raspberry pi for jellyfin, but unfortunately I didn’t document the steps.

I’m on ATT Fiber with BGW320-505, and have a Deco X5700. Please advise.

forbiddenlake,
@forbiddenlake@lemmy.world avatar

Ping is not a good way to test http, because they are completely different protocols, and can be blocked separately or not. From what you have posted so far, I don’t see a problem being demonstrated. Your caddy log here also shows one successful request. So: define “not working” better. Are you testing from a browser? Via curl? From where? To exactly what urls? What message do you get back from your browser/curl?

nieceandtows,

That one request is me trying the admin endpoint using the internal ip address (10.0.0.96:2019). The server is up and available using the internal ip. I can access jellyfin fine from inside my home. The problem is that I cannot access the server via ddns reverse proxy. I’m thinking may be the issue is with the ip pass-through I setup on the fiber modem to my deco router. Is there a way to get the public ip address from the command line. The other comment asked me to do a traceroute, but I don’t see the public ip in it.

gratux,
@gratux@lemmy.blahaj.zone avatar

Are you sure the IP address in duckdns is correct? Do you have a static or dynamic public IP, and if dynamic, how are you updating it?

nieceandtows,

Yeah duckdns has the right ip address. It says DHCP-fixed on my modem. I don’t know if it’s dynamic or not, but I think I’ve had this ip ever since I started the service. I have a duck.sh cron script, but I think the issue might be between the modem and the router. I don’t see the public ip address from the modem settings. I only see a 192. address in it.

gratux,
@gratux@lemmy.blahaj.zone avatar

Did you set the modem to bridge mode/DMZ, or alternatively set it to port forward to the router. The router should then port forward to the server.

peregus,

Not a solution to your actual problem, but a different way: have you tried using CloudFlare Zero Trust tunnel? With that you don’t need any port forwarding or dynamic DNS and you get some extra protection. You can even add a login with your Google/Microsoft account, without getting to your devices first.

DecentM,
@DecentM@lemmy.ml avatar

AFAIK they don’t allow passing content through jellyfin, or running a vpn through a tunnel. General web services are fine tho

peregus,

Yes, you’re right

SteveTech,

Or alternatively something like tailscale will also work without port forwarding.

SteveTech,

Have you port forwarded?

The ports are 80 for http, and 443 for https. Oh, you’re using 9091

nieceandtows,

Yeah I’ve port forwarded 9091, 443, 80, and 8096 for good measure.

SteveTech,

Do you have CGNAT?

If you run traceroute 1.1.1.1 the first hop should be your router, and if the second starts with 100, 10, 172, or 192, then you probably have CGNAT.

nieceandtows,

The second one is the ip I use to login to my modem settings. (192.168.1.254)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • aaaaaaacccccccce
  • [email protected]
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • Socialism
  • KbinCafe
  • TheResearchGuardian
  • Ask_kbincafe
  • oklahoma
  • feritale
  • SuperSentai
  • KamenRider
  • All magazines
    •