Accessing the Hydrus API with Caddy, Duck DNS, and Tailscale
This guide will show you how to setup the Hydrus API to be served through Caddy with valid HTTPS and remote access through Tailscale for use with Hydrus Web. It is mostly for Windows at the moment.
Enable the Client API service in "manage services", it should look like this:
Ensure "do not run client api service" and "use https" are unchecked while "allow non-local connections" and "support CORS headers" are checked. Note the port selected here for later.
Next go to client API tab in "review services" and create an access key with all permissions. Record the access key for later.
Note: this step is optional. If you don't want to use Caddy use your machine's local IP address in the next steps instead of the address from Tailscale.
Sign up for a Tailscale account if you don't already have one. Download the client, install it, and sign in to Tailscale. Your machine will now have a special Tailscale IP (of the format 100.x.y.z) that you will be able to see in the web dashboard or in Tailscale on your machine. Note this IP for later.
You will also want to install Tailscale on the other devices you want to access Hydrus with.
Go to www.duckdns.org and sign up for an account. Once signed in, create a new new subdomain with whatever name you want, for example, floogulinc-hydrus.duckdns.org. When created it will be set to your public IP at first. Change this to your Tailscale IP from the last part (or your local IP if not using Tailscale).
Note the API token displayed on the page for later.
Download a build of Caddy with the caddy-dns/duckdns plugin. For Windows amd64, click here.
This will give you a file called caddy_windows_amd64_custom.exe. Make a new folder C:\caddy for example and put that exe in it. Rename the exe to caddy.exe.
Follow these instructions to set Caddy to run as a service. I recommend using WinSW on Windows rather than sc.exe.
At the step where you install the service, you will want to open a PowerShell window in the Caddy directory and run .\caddy-service.exe install. The service will be stopped at first, we will start it after configuring Caddy. Don't run caddy reload at this point.
Create a file named Caddyfile in your Caddy directory and paste this in:
https://YOUR_SUBDOMAIN.duckdns.org {
reverse_proxy localhost:45869
tls YOUR_EMAIL {
dns duckdns DUCKDNS_API_TOKEN
}
encode zstd gzip
}
Replace YOUR_SUBDOMAIN with the subdomain you set up earlier. Replace DUCKDNS_API_TOKEN with the API token from Duck DNS. Replace YOUR_EMAIL with your email address, it will be used for obtaining the HTTPS certificate. If the port you use for the Hydrus API is different, change localhost:45869 to the correct port.
If you want to use an environment variable for your Duck DNS API token, replace DUCKDNS_API_TOKEN with {env.DUCKDNS_API_TOKEN} or similar.
Now open the Windows Services viewer (services.msc) and start the Caddy service. If everything worked you should be able to go to your Duck DNS subdomain in the browser and see the default Hydrus API message.
Put your Duck DNS subdomain, eg https://YOUR_SUBDOMAIN.duckdns.org, into the "Hydrus API URL" field in the Hydrus Web settings and the access key you created for the API in the "Hydrus API Key" field. These settings should work on any device connected to your Tailscale network (or local network if not using Tailscale).
Hit the "Test API" button and if everything is working you should see something like this:
