502 bad gateway on fresh install (NixOS), using caddy

Help
1

Bonjour, hello
I am trying to install freshrss on Nixos(unstable). I am struggling with caddy.
I tried to install with nginx and it works…
But with caddy, noway.
See my caddy config (generated by NixOS) below :

{
	acme_ca https://acme-v02.api.letsencrypt.org/directory
	log {
		level ERROR
	}
}

freshrss {
	log {
		output file /var/log/caddy/access-freshrss.log
	}

	root * /nix/store/nai5krbk1y51a8r4nhvcca039g5b90xl-FreshRSS-1.26.3/p
	php_fastcgi unix//run/phpfpm/freshrss.sock {
		env FRESHRSS_DATA_PATH /var/lib/freshrss_data
	}
	file_server
}

freshrss.localhost {
	log {
		output file /var/log/caddy/access-freshrss.localhost.log
	}

	reverse_proxy freshrss:80
}

Here is my NixOS freshrss module:

{ config, pkgs, ... }:

{
  services.caddy = {
    enable = true;
    acmeCA = "https://acme-v02.api.letsencrypt.org/directory";

    virtualHosts."freshrss.localhost".extraConfig = ''
      reverse_proxy freshrss:80
    '';
  };

  #https://github.com/NixOS/nixpkgs/issues/207728
  services.freshrss = {
    enable = true;
    package = pkgs.freshrss;
    language = "fr";
    defaultUser = "alain";
    passwordFile = "${pkgs.writeText "adminpass" "test123"}";
    dataDir = "/var/lib/freshrss_data";
    baseUrl = "https://freshrss.localhost/";
    webserver = "caddy";
    virtualHost = "freshrss";
  };

    systemd.services.freshrss-config.serviceConfig.ReadWritePaths = [ "/var/lib/freshrss_data" ];
    systemd.services.freshrss-updater.serviceConfig.ReadWritePaths = [ "/var/lib/freshrss_data" ];
}

And here the result (BAD) of:
curl -v -k https://freshrss.localhost/

* Host freshrss.localhost:443 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying [::1]:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: 
*  start date: Jul 16 12:16:07 2025 GMT
*  expire date: Jul 17 00:16:07 2025 GMT
*  issuer: CN=Caddy Local Authority - ECC Intermediate
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
*   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
* Connected to freshrss.localhost (::1) port 443
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://freshrss.localhost/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: freshrss.localhost]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.14.1]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: freshrss.localhost
> User-Agent: curl/8.14.1
> Accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Request completely sent off
< HTTP/2 502 
< alt-svc: h3=":443"; ma=2592000
< server: Caddy
< content-length: 0
< date: Wed, 16 Jul 2025 14:09:48 GMT
< 
* Connection #0 to host freshrss.localhost left intact

Here the result (GOOD) of:
journalctl -xeu freshrss-config.service below:

Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ The unit freshrss-config.service has successfully entered the 'dead' state.
juil. 16 16:04:26 ASUS systemd[1]: Stopped Set up the state directory for FreshRSS before use.
░░ Subject: L'unité (unit) freshrss-config.service a terminé son arrêt
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ L'unité (unit) freshrss-config.service a terminé son arrêt.
juil. 16 16:04:28 ASUS systemd[1]: Starting Set up the state directory for FreshRSS before use...
░░ Subject: L'unité (unit) freshrss-config.service a commencé à démarrer
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ L'unité (unit) freshrss-config.service a commencé à démarrer.
juil. 16 16:04:28 ASUS freshrss-config-start[16855]: Reconfiguring FreshRSS…
juil. 16 16:04:28 ASUS freshrss-config-start[16870]: FreshRSS updating user “alain”…
juil. 16 16:04:29 ASUS freshrss-config-start[16870]: ℹ️ Remember to re-apply the appropriate access rights, such as:  >
juil. 16 16:04:29 ASUS systemd[1]: Finished Set up the state directory for FreshRSS before use.
░░ Subject: L'unité (unit) freshrss-config.service a terminé son démarrage
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ L'unité (unit) freshrss-config.service a terminé son démarrage, avec le résultat done.

So the question is why HTTP/2 502 (bad gateway) ?
Is my caddy file ok?
Thx.