====== Caddy Must Proxy Coolify Directly, Not via Traefik ======

**Status:** Resolved\
**Date:** 2026-05-27\
**Affected service:** [[folkzone:services:caddy|Caddy]], [[folkzone:services:coolify|Coolify]]

===== Symptom =====

''deploy.folk.zone'' returned errors after GoToSocial was added to the stack and Caddy was restarted. All other services continued to work.

===== Misdiagnosis =====

The [[folkzone:troubleshooting:cloudflare_named_tunnel_remote_config|Cloudflare tunnel uses remote configuration from the dashboard]], not the local ''cloudflared/config.yml'' ingress rules. Several changes were made to the remote config that did not fix the issue and introduced new failures:

  - Routed ''deploy.folk.zone'' directly to ''http://172.18.0.1:8000'' (Coolify's host port, bypassing Caddy) — timed out due to firewall
  - Removed ''deploy.folk.zone'' from the tunnel entirely — 404
  - Put it back as ''http://caddy:80'' (correct) — deploy still broken due to the Caddyfile issue below

===== Root Cause =====

The Caddyfile ''@deploy'' handler was proxying to ''172.18.0.1:80'' — the Docker host gateway, where Coolify's Traefik proxy listens. However, Traefik has no route configured for ''deploy.folk.zone'', so it returned 404 for every request.

<code>
# Inside cafe-caddy-1 container — confirmed Traefik returns 404
wget -qO- --header 'Host: deploy.folk.zone' http://172.18.0.1:80
# → HTTP/1.1 404 Not Found
</code>

===== Key Architectural Fact =====

The ''coolify'' container is connected to **both** the ''coolify'' Docker network and ''cafe_cafe_net''. This means Caddy can reach Coolify directly by service name without going through Traefik at all.

<code>
# Confirmed — Coolify responds directly on cafe_cafe_net
docker inspect coolify --format '{{json .NetworkSettings.Networks}}'
# cafe_cafe_net: 172.18.0.7
# coolify:       172.19.0.5
</code>

===== Fix =====

Changed the ''@deploy'' handler in ''caddy/Caddyfile'' to proxy directly to ''coolify:8080'' instead of routing through Traefik:

<code caddy>
# Before (broken — Traefik has no route for deploy.folk.zone)
@deploy host deploy.folk.zone
handle @deploy {
    reverse_proxy 172.18.0.1:80
}

# After (working — proxy directly to Coolify container)
@deploy host deploy.folk.zone
handle @deploy {
    reverse_proxy coolify:8080
}
</code>

Reloaded Caddy config without a full restart:

<code bash>
docker exec cafe-caddy-1 caddy reload --config /etc/caddy/Caddyfile
</code>

===== Verification =====

<code bash>
# From inside the caddy container
docker exec cafe-caddy-1 wget -qO- --header 'Host: deploy.folk.zone' http://localhost:80
# → Returns Coolify HTML (dark theme login page)

# From the host
curl -s -o /dev/null -w '%{http_code}' -H 'Host: deploy.folk.zone' http://localhost:8082
# → 302 (Coolify login redirect — correct)
</code>

===== See Also =====
  * [[folkzone:troubleshooting:start|Homelab Troubleshooting Index]]
  * [[folkzone:troubleshooting:caddy_traefik_port_conflict|Caddy Port Conflict with Coolify Traefik]]
  * [[folkzone:troubleshooting:cloudflare_named_tunnel_remote_config|Named Tunnels Use Remote Configuration]]
  * [[folkzone:services:caddy|Caddy]]
  * [[folkzone:services:coolify|Coolify]]
  * [[start|Return to wiki home]]