# Caddy Integration for Kopia.jgitta.com - CT 202 **Date**: April 27, 2026 **Status**: Configuration Ready for CT 202 **Purpose**: Add kopia.jgitta.com reverse proxy to existing Caddy setup --- ## Quick Integration Caddy is already running on **CT 202**. To add kopia.jgitta.com reverse proxy: ### Step 1: Access CT 202 ```bash # SSH to CT 202 (adjust IP if needed) ssh root@[CT-202-IP] # Or via Proxmox container access pct enter 202 ``` ### Step 2: Find Caddy Configuration Location ```bash # Find Caddyfile location find /etc/caddy -name "Caddyfile" -o -name "*.caddy" 2>/dev/null # Or check docker/systemd ps aux | grep -i caddy ``` ### Step 3: Add Kopia Configuration Block Add this to your existing Caddyfile: ```caddy # Kopia Web UI Reverse Proxy kopia.jgitta.com { # Reverse proxy to Kopia on siklos reverse_proxy http://192.168.88.27:51515 { # WebSocket support for real-time updates header_upstream Connection {http.request.header.Connection} header_upstream Upgrade {http.request.header.Upgrade} # Long timeout for backup operations timeout 300s } # Security headers header { X-Content-Type-Options "nosniff" X-Frame-Options "SAMEORIGIN" X-XSS-Protection "1; mode=block" Strict-Transport-Security "max-age=31536000; includeSubDomains" } } # HTTP to HTTPS redirect http://kopia.jgitta.com { redir https://kopia.jgitta.com{uri} permanent } ``` ### Step 4: Reload Caddy ```bash # If running as systemd service sudo systemctl reload caddy # If running as Docker container docker-compose -f /path/to/docker-compose.yml restart caddy # or docker restart caddy # Verify configuration curl -k https://kopia.jgitta.com/ ``` ### Step 5: Verify DNS and Access ```bash # Check DNS resolution nslookup kopia.jgitta.com # Test from another machine curl -k https://kopia.jgitta.com/ # Access in browser # https://kopia.jgitta.com (ignore certificate warning for self-signed) ``` --- ## Expected Result After configuration: - ✅ `https://kopia.jgitta.com/` → Caddy (443) → Kopia Web UI (51515 on siklos) - ✅ `http://kopia.jgitta.com/` → Redirects to HTTPS - ✅ SSL/TLS encryption end-to-end - ✅ Security headers applied - ✅ WebSocket support for real-time Kopia updates --- ## Troubleshooting ### Can't connect to kopia.jgitta.com 1. **Verify Caddy is running on CT 202** ```bash ps aux | grep caddy docker ps | grep caddy ``` 2. **Check DNS resolution** ```bash nslookup kopia.jgitta.com # Should return 192.168.88.27 (pointing to CT 202 IP or Caddy host) ``` 3. **Verify kopia.jgitta.com points to Caddy** - On MikroTik: kopia.jgitta.com → [CT-202-IP] - Not to 192.168.88.27 directly (unless CT 202 is on that IP) 4. **Test Caddy directly** ```bash # From CT 202 curl http://localhost/ # From another host curl https://[CT-202-IP]/ -k ``` 5. **Check Caddy configuration syntax** ```bash caddy validate ``` ### Kopia backend unreachable 1. Verify Kopia is running on siklos: ```bash ssh jgitta@192.168.88.27 "docker ps | grep kopia" ``` 2. Test connectivity from Caddy to Kopia: ```bash curl http://192.168.88.27:51515/ (from CT 202) ``` 3. Check firewall allows port 51515 on siklos ### Certificate errors - For internal use, self-signed certificates are normal - Browser will show warning — click "Advanced" and "Proceed" - Or use `curl -k` to skip certificate verification - For production public access, configure Let's Encrypt in Caddy --- ## Complete Caddyfile Reference If you need the full Caddyfile structure, see: `caddy-kopia-reverse-proxy.md` --- **Status**: Ready for integration on CT 202 **Next**: Apply configuration to Caddy, verify HTTPS access, then push to Gitea