Help with configuring Caddy to work with arr apps

submitted by
edited

Hi, I'm having trouble getting my Caddy reverse proxy to work with the arr apps I can access everything without the reverse proxy. I have set the basic login prompt (like this one) through the arr apps after I logge in to one of the arr apps I either get a blank page or I'm seeing this error page:

firefox

The page isn’t redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

This problem can sometimes be caused by disabling or refusing to accept cookies.

chromium

This page isn’t working
domain.com redirected you too many times.

Try deleting your cookies.
ERR_TOO_MANY_REDIRECTS

Caddyfile config (1.1.1.1 is a placeholder ip for my vps external ip) 

{
    email email@domain.com
}

domain.com {

    # qBittorrent
    redir /qbit /qbit/
    handle_path /qbit/* {
        reverse_proxy 1.1.1.1:8080 {
            header_up Host {host}
            header_up X-Real-IP {remote_host}
            header_up X-Forwarded-For {remote_host}
            header_up X-Forwarded-Proto {scheme}
        }
    }

    # Sonarr
    redir /sonarr /sonarr/
    handle_path /sonarr/* {
        reverse_proxy 1.1.1.1:8989 {
            header_up Host {host}
            header_up X-Real-IP {remote_host}
            header_up X-Forwarded-For {remote_host}
            header_up X-Forwarded-Proto {scheme}
        }
    }

    # Radarr
    redir /radarr /radarr/
    handle_path /radarr/* {
        reverse_proxy 1.1.1.1:7878 {
            header_up Host {host}
            header_up X-Real-IP {remote_host}
            header_up X-Forwarded-For {remote_host}
            header_up X-Forwarded-Proto {scheme}
        }
    }

    # Prowlarr
    redir /prowlarr /prowlarr/
    handle_path /prowlarr/* {
        reverse_proxy 1.1.1.1:9696 {
            header_up Host {host}
            header_up X-Real-IP {remote_host}
            header_up X-Forwarded-For {remote_host}
            header_up X-Forwarded-Proto {scheme}
        }
    }
}


I've tried setting the URL base to /the_name_of_the_arr_app, but it didn't work. I've attempted it with and without the redir /the_name_of_the_arr_app /the_name_of_the_arr_app/. I'm stuck and unsure of how to resolve the issue. It works fine with qBittorrent.

radarr debug log

2025-07-04 21:27:45.9|Info|Radarr.Http.Authentication.BasicAuthenticationHandler|Basic was not authenticated. Failure message: Authorization header missing.
2025-07-04 21:27:45.9|Info|Radarr.Http.Authentication.BasicAuthenticationHandler|AuthenticationScheme: Basic was challenged.
2025-07-04 21:27:54.1|Debug|Radarr.Http.Authentication.BasicAuthenticationHandler|AuthenticationScheme: Basic was successfully authenticated.
2025-07-04 21:27:54.8|Debug|Radarr.Http.Authentication.BasicAuthenticationHandler|AuthenticationScheme: Basic was successfully authenticated.
2025-07-04 21:27:55.0|Debug|Radarr.Http.Authentication.BasicAuthenticationHandler|AuthenticationScheme: Basic was successfully authenticated.

24

Log in to comment

Hot Top New Old

Is there a reason you’re trying to expose them to the internet? IMO you’re better off not doing that and using Overseer as the only exposed service that talks to everything else. Exposing the whole arr stack is just unwise and unnecessary.

 reply
6
OP edited

I will have a look at Overseer thanks.

 reply
1

If you use Cloudflare for DNS there is Zero Trust to protect your services.

It’s also possible to run a cloudflared container next to your arrs to tunnel traffic to ports on your other containers rather than needing a reverse proxy. But that’s more appropriate for something on your local network rather than a VPS.

 reply
1

Are all the *arr services aware that they are expected to have a certain basepath?

 reply
3
OP edited

Yes, I think so. I have configured it like this

 reply
1

Does it make a difference, if that setting uses a trailing slash? Might be it redirects you to the path without, which triggers caddy to redirect you again, and so on and so forth.

You could also, instead of redirecting, rewrite it. Then it is handled serverside without sending the client somewhere else.

 reply
2
OP edited

I can't set a trailing slash Radarr removes it. I am not quite sure what you mean, but I have tried rewriting it.

like this, and then visit, but it makes no difference (ingonr the spaces it just for formating on lemmy


You could also, instead of redirecting, rewrite it. Then it is handled serverside without sending the client somewhere else.
I am not quite sure what you mean

 reply
1
edited

Why are you proxying to your VPS external IP? Caddy listens to your external IP and your arr apps listen to ideally localhost, you should be reverse proxying to localhost. Your arr apps need to be told to only bond to localhost as well.

 reply
2