Can't get Nextcloud to work with Caddy v2 as reverse proxy

PopeRigby · 19 May 2020 15:58

I’ve got my LinuxServer image of Nextcloud setup, but I can’t seem to get it to work with Caddy v2 as my reverse proxy. I know it’s not a problem with Nextcloud, because it was working with nginx. I’m just getting a white screen when I navigate to my Nextcloud domain.

This is my docker-compose.yml:

  nextcloud:
    image: linuxserver/nextcloud
    container_name: nextcloud
    hostname: nextcloud
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=$TZ
    volumes:
      - /opt/docker/config/nextcloud:/config
      - /opt/docker/data/nextcloud:/data
    ports:
      - 8080:80
    depends_on:
      - nextcloud-db
    restart: unless-stopped
  nextcloud-db:
    image: linuxserver/mariadb
    container_name: nextcloud-db
    environment:
      - PUID=1001
      - PGID=1001
      - MYSQL_ROOT_PASSWORD=[REDACTED]
      - MYSQL_PASSWORD=[REDACTED]
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - TZ=$TZ
    volumes:
      - /opt/docker/config/mariadb:/config
    restart: unless-stopped

Here’s my Caddyfile:

cloud.{$DOMAIN} {
    reverse_proxy nextcloud:443 {
        transport http {
             tls_insecure_skip_verify
        }
    }
}

Here’s a seemingly relevant line I get in my Caddy log:

{"level":"error","ts":1589820896.1618576,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"method":"GET","uri":"/status.php","proto":"HTTP/1.1","remote_addr":"192.168.50.1:34210","host":"cloud.haddock.cc","headers":{"User-Agent":["Mozilla/5.0 (Linux) mirall/2.6.4git (Nextcloud)"],"Accept":["*/*"],"X-Request-Id":["f4842097-4648-499e-a7dc-3ee08298abec"],"Connection":["Keep-Alive"],"Accept-Encoding":["gzip, deflate"],"Accept-Language":["en-US,*"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"","proto_mutual":true,"server_name":"cloud.haddock.cc"}},"duration":0.001318633,"status":502,"err_id":"1dq4z2f2v","err_trace":"reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:380)"}

I also have this link from my discussion on the Caddy forum:

saarg · 19 May 2020 18:07

None of us use caddy, so you should ask caddy for support.

PopeRigby · 19 May 2020 18:19

I did and they told me to ask you. I also asked on the Nextcloud forum but got no response.

saarg · 19 May 2020 18:34

We can’t help you with configuring caddy and if it’s working to reverse proxy using nginx, you have an issue with your configuration for caddy.

Only thing I see is that you have map port 80 to 8080 on the host, but our container doesn’t default to http, but https on port 443. In caddy you have port 443.

PopeRigby · 19 May 2020 18:43

How are the letsencrypt nginx container and and the Nextcloud container both supposed to run on port 443?

j0nnymoe · 19 May 2020 18:47

The way it’s explained in our starter guide: https://blog.linuxserver.io/2019/04/25/letsencrypt-nginx-starter-guide/#nextcloudsubdomainreverseproxyexample

TheEagle13 · 29 July 2020 15:37

@PopeRigby

Not sure if you have figured it out yet, but you have to tell caddy to access your Nextcloud instance via HTTPS… This can be done via declaring tls in your config, or adding https:// to the frond of the proxy destination (or both)

Here is my config that works:

reverse_proxy https://192.168.1.2:443 {
        transport http {
            tls
            tls_insecure_skip_verify
            }
    }

PopeRigby · 29 July 2020 20:28

Thank you, I actually did manage to figure it out. This is what I ended up with:

cloud.{$DOMAIN} {
    reverse_proxy nextcloud:443 {
        transport http {
                tls_insecure_skip_verify
        }
    }
    header {
        Strict-Transport-Security max-age=31536000;
    }
    redir /.well-known/webfinger /public.php?service=webfinger 301
}

system · 3 August 2020 20:28

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.