this post was submitted on 25 Sep 2023
24 points (92.9% liked)

Selfhosted

39964 readers
248 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'm setting up a jellyfin server, and want to access it on the internet. I created a xxxxxxx.duckdns.org address for it. I have installed caddy with duckdns addon (first installed regular caddy, then overwrote /usr/bin/caddy with this custom caddy). My caddy file is as follows

XXXXXX.duckdns.org:9091 {
    reverse_proxy 127.0.0.1:8096
    tls {
        dns duckdns     XXXXXXXXXXXXXXXXX
    }
}

Started caddy and here's my status. Doesn't show any errors:

● caddy.service - Caddy
     Loaded: loaded (/lib/systemd/system/caddy.service; enabled; preset: enabled)
     Active: active (running) since Sun 2023-09-24 22:45:57 EDT; 32min ago
       Docs: https://caddyserver.com/docs/
   Main PID: 2132 (caddy)
      Tasks: 9 (limit: 8907)
     Memory: 11.7M
        CPU: 313ms
     CGroup: /system.slice/caddy.service
             └─2132 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.1027205,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.1027687,"logger":"http","msg":"enabling HTTP/3 listener","addr":":9091"}
Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.1030562,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.103145,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.1031566,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["xxxxxx.duckdns.org"]}
Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.1034396,"logger":"tls","msg":"finished cleaning storage units"}
Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.104117,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Sep 24 22:45:57 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695609957.1041856,"msg":"serving initial configuration"}
Sep 24 22:45:57 mediaserver-wyse5070thinclient systemd[1]: Started caddy.service - Caddy.
Sep 24 22:49:54 mediaserver-wyse5070thinclient caddy[2132]: {"level":"info","ts":1695610194.0222473,"logger":"admin.api","msg":"received request","method":"GET","host":"localhost:2019","uri":"/config","remote_ip":"127.0.0.1","remote_port":"53888","headers":{"Accept":["*/*"],"User-Agent":["curl/7.88.1"]}}

However, my reverse proxy doesn't work. I can't ping it. Same thing happens when I ping my global ip

PING xxxxxx.duckdns.org (104.183.123.226) 56(84) bytes of data.
From 192.168.1.254 (192.168.1.254) icmp_seq=4 Destination Host Unreachable
From 192.168.1.254 (192.168.1.254) icmp_seq=7 Destination Host Unreachable

I have previously setup dynamic dns successfully on raspberry pi for jellyfin, but unfortunately I didn't document the steps.

I'm on ATT Fiber with BGW320-505, and have a Deco X5700. Please advise.

top 19 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

Have you port forwarded?

~~The ports are 80 for http, and 443 for https.~~ Oh, you're using 9091

[–] [email protected] 3 points 1 year ago (1 children)

Yeah I've port forwarded 9091, 443, 80, and 8096 for good measure.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

Do you have CGNAT?

If you run traceroute 1.1.1.1 the first hop should be your router, and if the second starts with 100, 10, 172, or 192, then you probably have CGNAT.

[–] [email protected] 2 points 1 year ago (1 children)

The second one is the ip I use to login to my modem settings. (192.168.1.254)

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

What's the first IP and third?

[–] [email protected] 2 points 1 year ago (1 children)
 1  _gateway (10.0.0.1)  0.443 ms  0.488 ms  0.557 ms
 2  192.168.1.254 (192.168.1.254)  1.977 ms  1.936 ms  2.006
 ms
 3  107-129-188-1.lightspeed.gnbonc.sbcglobal.net (107.129.1
88.1)  2.454 ms  2.412 ms  2.605 ms
[–] [email protected] 4 points 1 year ago (1 children)

Oh so you've got double NAT. You'll either have to put the modem into bridge mode, or port forward on both the router and modem.

[–] [email protected] 2 points 1 year ago (1 children)

That worked, thank you! I added all the ports at the modem level and after restart it's working now, thank you so much!

[–] [email protected] 2 points 1 year ago

No worries! I'd probably prefer bridge mode instead of double NAT, but I guess whatever works for you.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
CGNAT Carrier-Grade NAT
DNS Domain Name Service/System
IP Internet Protocol
NAT Network Address Translation

4 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.

[Thread #165 for this sub, first seen 25th Sep 2023, 09:15] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 2 points 1 year ago (2 children)

Not a solution to your actual problem, but a different way: have you tried using CloudFlare Zero Trust tunnel? With that you don't need any port forwarding or dynamic DNS and you get some extra protection. You can even add a login with your Google/Microsoft account, without getting to your devices first.

[–] [email protected] 2 points 1 year ago (1 children)

AFAIK they don't allow passing content through jellyfin, or running a vpn through a tunnel. General web services are fine tho

[–] [email protected] 2 points 1 year ago

Yes, you're right

[–] [email protected] 1 points 1 year ago

Or alternatively something like tailscale will also work without port forwarding.

[–] [email protected] 2 points 1 year ago (1 children)

Are you sure the IP address in duckdns is correct? Do you have a static or dynamic public IP, and if dynamic, how are you updating it?

[–] [email protected] 1 points 1 year ago (1 children)

Yeah duckdns has the right ip address. It says DHCP-fixed on my modem. I don't know if it's dynamic or not, but I think I've had this ip ever since I started the service. I have a duck.sh cron script, but I think the issue might be between the modem and the router. I don't see the public ip address from the modem settings. I only see a 192. address in it.

[–] [email protected] 2 points 1 year ago

Did you set the modem to bridge mode/DMZ, or alternatively set it to port forward to the router. The router should then port forward to the server.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Ping is not a good way to test http, because they are completely different protocols, and can be blocked separately or not. From what you have posted so far, I don't see a problem being demonstrated. Your caddy log here also shows one successful request. So: define "not working" better. Are you testing from a browser? Via curl? From where? To exactly what urls? What message do you get back from your browser/curl?

[–] [email protected] 1 points 1 year ago

That one request is me trying the admin endpoint using the internal ip address (10.0.0.96:2019). The server is up and available using the internal ip. I can access jellyfin fine from inside my home. The problem is that I cannot access the server via ddns reverse proxy. I'm thinking may be the issue is with the ip pass-through I setup on the fiber modem to my deco router. Is there a way to get the public ip address from the command line. The other comment asked me to do a traceroute, but I don't see the public ip in it.