#caddyserver — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #caddyserver, aggregated by home.social.
-
Small #psa: #caddy has a #journald friendly log format now 🥳
-
Small #psa: #caddy has a #journald friendly log format now 🥳
-
Small #psa: #caddy has a #journald friendly log format now 🥳
-
Small #psa: #caddy has a #journald friendly log format now 🥳
-
Small #psa: #caddy has a #journald friendly log format now 🥳
-
v2.11.3
This release improves several aspects of Caddy with minor features, bug fixes, and security patches. Thank you to everyone and their bots who contributed to help make this release the best one yet! Security patches: fastcgi: Carrying over a patch...
-
🚨 Help Needed: #CORS and #Cloudflare Access Issues with #Nextflux + #MiniFlux Setup 🚨
Hi everyone! I’m struggling with a #SelfHosted setup and could really use some advice from the self-hosting community. Lol I've been trying to figure this out for hours with no luck. Here’s my situation:
Setup
- MiniFlux: Running in #Docker on a #RaspberryPi500 (#Stormux, based on #ArchLinuxARM).
- Nextflux: Hosted on Cloudflare Pages.
- Reverse Proxy: #Caddy (installed via AUR).
- Cloudflare Access: Enabled for security and SSO.
- Cloudflared: Also installed via AUR.
- CORS Settings in Cloudflare Access: Configured to allow all origins, methods, and headers.
What’s Working
- MiniFlux is accessible from my home network after removing restrictive CORS settings in both Caddy and MiniFlux.
- Nextflux is properly deployed on Cloudflare Pages.
The Problem
Nextflux cannot connect to MiniFlux due to persistent CORS errors and authentication issues with Cloudflare Access. Here are the errors I’m seeing in the browser console:
- CORS Error:
Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' from origin 'https://nextflux.laniecarmelo.tech' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Cloudflare Access Redirection:
Request redirected to 'https://lifeofararebird.cloudflareaccess.com/cdn-cgi/access/login/rss.laniecarmelo.tech'.Failed to Fetch:
Failed to fetch: TypeError: Failed to fetch.
What I’ve Tried
Service Token Authentication:
- Generated a service token in Cloudflare Access for Nextflux.
- Added
CF-Access-Client-IdandCF-Access-Client-Secretheaders in Caddy forrss.laniecarmelo.tech. - Updated Cloudflare Access policies to include a bypass rule for this service token.
CORS Configuration:
- Tried permissive settings (
Access-Control-Allow-Origin: *) in both Caddy and MiniFlux. - Configured Cloudflare Access CORS settings to allow all origins, methods, and headers.
- Tried permissive settings (
Policy Adjustments:
- Created a bypass policy for my home IP range and public IP.
- Added an "Allow" policy for authenticated users via email/login methods.
Debugging Logs:
- Checked Cloudflared logs, which show requests being blocked due to missing access tokens (
AccessJWTValidatorerrors).
- Checked Cloudflared logs, which show requests being blocked due to missing access tokens (
Current State
Despite these efforts:
- Requests from Nextflux are still being blocked by Cloudflare Access or failing due to CORS issues.
- The browser console consistently shows "No 'Access-Control-Allow-Origin' header" errors.
Goals
- Allow Nextflux (hosted on Cloudflare Pages) to connect seamlessly to MiniFlux (behind Cloudflare Access).
- Maintain secure access to MiniFlux for other devices (e.g., my home network or mobile devices).
My Environment
- Raspberry Pi 500 running Arch Linux ARM.
- Both Caddy and Cloudflared are installed via AUR packages.
- MiniFlux is running in Docker with the following environment variables:
CLOUDFLARE_SERVICE_AUTH_ENABLED=trueCLOUDFLARE_CLIENT_ID=<client-id>CLOUDFLARE_CLIENT_SECRET=<client-secret>
Relevant Logs
From
cloudflared:ERR error="request filtered by middleware handler (AccessJWTValidator) due to: no access token in request"From the browser console:
Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' has been blocked by CORS policy.Questions
- Is there a better way to configure CORS for this setup?
- Should I be handling authentication differently between Nextflux and MiniFlux?
- How can I ensure that requests from Nextflux include valid access tokens?
Any help or advice would be greatly appreciated! 🙏
#SelfHosting #Cloudflare #CaddyServer #Docker #RSS #CORS #Linux #ArchLinuxARM #CloudflarePages #tech #technology
-
Made my personal website get the maximum amount of points of Mozilla's HTTP Observatory. Now, my static site delivers content as securely as it possibly can. I highly recommend anyone with a personal website to tweak it along with their webserver so that it gets at least a hundred points on HTTP Observatory.
https://developer.mozilla.org/en-US/observatory
The least you can do is add your site to the HSTS Preload list (https://hstspreload.org/).#blog #personalwebsite #mozilla #mdn #http #caddyserver #hsts #webdev
-
Because the excellent (and beloved for a decade or so) #reeder by @rizzi does not support #TLSClientAuth for feeds* I spent a few hours on Yak-Shaving and on learning about #caddyserver #systemd-#resolved and - in the end - about #iCloudPrivateRelay.
If a local request is handled like an external request it may be because ... it's coming in as an external request.
___
* I’m sure I’m the only one left on the planet who has rss feeds with Client Certificates, so this is fine! -
After a lot of trial and error, I finally got object storage configured for this instance. I had originally planned to use Backblaze, but ended up going with Linode Object Storage. Unfortunately, the guides I found online didn't work for me, and I also had to make the switch from Caddy to Nginx. I'm thinking about writing a blog post to share my experience.
#mastoadmin #fedimin #fediadmin #s3 #linode #backblaze #nginx #caddyserver #mastodon