[Solved] Problem Reverse Proxy Caddy and Login Synology DSM with Yubikey

Started by Ronny1978, April 08, 2026, 06:13:29 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
April 16, 2026, 05:37:39 PM #15
Your backend did not provide a complete response - check the log files of your backend.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 16, 2026, 05:47:46 PM #16
Hello Patrick.

Thank you for helping me. May be this?

Code Select
[2026-04-16 14:03:34.284 +00:00] [INF] Sending ForceKeepAlive message to 1 inactive WebSockets.
[2026-04-16 14:03:46.284 +00:00] [INF] Lost 1 WebSockets.
[2026-04-16 14:30:56.131 +00:00] [WRN] WS "10.0.80.1" error receiving data: "The remote party closed the WebSocket connection without completing the close handshake."
[2026-04-16 14:30:56.142 +00:00] [INF] WS "10.0.80.1" closed
[2026-04-16 15:04:41.396 +00:00] [INF] WS "10.0.80.1" request
April 16, 2026, 07:50:48 PM #17
You configured the host header as linked by me and activated that host header in your handler configuration under "Transport"?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 16, 2026, 08:14:41 PM #18
Quote from: Ronny1978 on April 16, 2026, 11:39:18 AMDo you use 2 Reverse Proxys? Caddy AND HAProxy?
Not on the same OPNsense instance.
I use Caddy at home and HAproxy at the company.

Quote from: Ronny1978 on April 16, 2026, 05:20:18 PMI have seen in the protocoll of caddy another error. I'm not sure, what the error message means.

Code Select
"warn","ts":"2026-04-16T15:06:23Z","logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","upstream":"10.0.80.9:8096","duration":0.043666007,"request":{"remote_ip":"xxx.xxx.xx.xx","remote_port":"64698","client_ip":"xxx.xxx.xx.xx","proto":"HTTP/2.0","method":"GET","host":"jellyfin-nas01.xxxxxx","uri":"/Videos/d98dd6bf-5112-6253-69c2-3e678e867234/stream?container=mkv&static=true&tag=0fee8bb2a7d611d87a8b8fd6a2daf47f&mediaSourceId=d98dd6bf5112625369c23e678e867234&streamOptions=%7B%7D&enableAudioVbrEncoding=true","headers":{"X-Forwarded-For":["xxx.xxx.xx.xx"],"X-Forwarded-Proto":["https"],"Accept-Encoding":["identity"],"User-Agent":["okhttp/4.12.0"],"Icy-Metadata":["1"],"X-Forwarded-Host":["jellyfin-nas01.xxxxxx"],"Via":["2.0 Caddy"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"jellyfin-nas01.xxxxxx","ech":false}},"error":"writing: http2: stream closed"}
Seems that the logs show different things.
The Caddy log shows access to the backend using http, while the backend shows a websocket connection. I don't think, that Caddy upgrades the connection to ws.

Also this error might be specific to Jellyfin. So if you have trouble with streaming, maybe you have more luck to find a solution in Jellyfin forum.
April 16, 2026, 11:01:11 PM #19
Quote from: viragomann on April 16, 2026, 08:14:41 PMThe Caddy log shows access to the backend using http, while the backend shows a websocket connection. I don't think, that Caddy upgrades the connection to ws.

But Caddy does that. That's the beauty of the OPNsense plugin. Here in my network e.g. Apache Guacamole - which definitely needs WS.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 16, 2026, 11:12:54 PM #20
Automatically, without any specific setting?
I'm excited!

However, none of my services at home actually need ws.
April 16, 2026, 11:15:35 PM #21
Quote from: viragomann on April 16, 2026, 11:12:54 PMAutomatically, without any specific setting?

Yes! That's the point. Caddy comes with very reasonable defaults.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages 1 2
User actions