Blank Page with reverse proxy

1. Caddy version (caddy version):

devel

# caddy version
(devel)

2. How I run Caddy:

a. System environment:

Proxmox VM < TrueNAS-12.0-U4 < Caddy in a jail iocage
auto-hosted nextcloud instance in a jail
jeedom home automation server on a debian 10 physical machine

b. Command:

service caddy start

c. Service/unit/compose file:

no clue

d. My complete Caddyfile or JSON config:

(logging) {
        log {
                output file /var/log/caddy/caddy.log {
                        roll_size 1gb
                        roll_keep 5
                }
        }
}


benlem.fr {
        import logging
        tls lemoalle.benoit@gmail.com

        route /jeedom* {
                reverse_proxy 192.168.0.XX
        }

        route /nextcloud* {
                 reverse_proxy 192.168.0.YY {
                        header_up Host {host}
                        header_up X-Forwarded-For {remote}
                        header_up X-Forwarded-Host {host}
                        header_up X-Forwarded-Port {server_port}
                        header_up X-Forwarded-Proto {scheme}
                        header_up X-Forwarded-Ssl on
                        header_up X-Real-IP {remote}
                        header_up X-Url-Scheme {scheme}
    }
}

3. The problem I’m having:

my domain name correctly points to my public IP.
Ports 80 and 443 are redirected to the jail Caddy.
When I type “benlem.fr/nextcloud” or “https://benlem.fr/nextcloud” in my browser, I get a blank page. However in the address bar I have the nextcloud home displayed “https://benlem.fr/index.php/apps/dashboard/”
When I type “benlem.fr/jeedom”, I have a 404 error.

4. Error messages and/or full log output:

the log file :

{"level":"info","ts":1625229925.634455,"msg":"using provided configuration","config_file":"/usr/local/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"info","ts":1625229925.6418839,"logger":"admin","msg":"admin endpoint
started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1625229925.6431477,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002d8000"}
{"level":"info","ts":1625229925.6435986,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable
TLS","server_name":"srv0","https_port":443} {"level":"info","ts":1625229925.6438537,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1625229925.646139,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["benlem.fr"]}
{"level":"info","ts":1625229925.6550736,"logger":"tls","msg":"cleaned up storage units"} {"level":"info","ts":1625229925.670017,"msg":"autosaved
config","file":"/var/db/caddy/config/caddy/autosave.json"} {"level":"info","ts":1625229925.670178,"msg":"serving initial configuration"} Successfully started Caddy (pid=24477) -
Caddy is running in the background {"level":"error","ts":1625229988.38903,"logger":"http.log.access.log0","msg":"handled
request","request":{"remote_addr":"192.168.0.254:53962","proto":"HTTP/2.0","method":"GET","host":"benlem.fr","uri":"/jeedom","headers":{"Te":["trailers"],"User-Agent":["Mozilla/5.0
(X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101
Firefox/89.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3"],"Accept-Encoding":["gzip,
deflate, br"],"Cookie":["nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; nc_username=ncadmin; nc_token=XXXXXX5hJdL%2BqCOIBu2UEXPP;
nc_session_id=qracvi1hjf6ds92fqevXXXXXX;
oc_sessionPassphrase=rtrpw%2XXXXXXztgnKzpC6MSIjFkl5%2BKhik1u6q757zzVSV%2Fl3UQ7vmOtVKKXKSyuJnwACbLWcdIvOtnNuOT;
ocqyum3fmkdz=qracvi1hjf6ds92fqev6e6aj3p"],"Upgrade-Insecure-Requests":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"benlem>
- - [02/Jul/2021:14:46:28 +0200] \"GET /jeedom HTTP/2.0\" 404 196","duration":0.022765306,"size":196,"status":404,"resp_headers":{"Server":["Caddy","Apache"],"Date":["Fri, 02 Jul
2021 12:46:28 GMT"],"Content-Length":["196"],"Content-Type":["text/html; charset=iso-8859-1"]}}
{"level":"info","ts":1625230030.2267888,"logger":"http.log.access.log0","msg":"handled
request","request":{"remote_addr":"192.168.0.254:53962","proto":"HTTP/2.0","method":"GET","host":"benlem.fr","uri":"/nextcloud","headers":{"User-Agent":["Mozilla/5.0 (X11; Ubuntu;
Linux x86_64; rv:89.0) Gecko/20100101
Firefox/89.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3"],"Accept-Encoding":["gzip,
deflate, br"],"Cookie":["nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; nc_username=ncadmin; nc_token=OdXXXXXXP;
nc_session_id=qracvi1hjXXXXXXXXXXXXXXX;
oc_sessionPassphrase=rtrpw%2Bm5x5TU3uZeNpbx%2BK6XtZXXXXXXXXXLWcdIvOtnNuOT;
ocqyum3fmkdz=qracvi1hjf6ds92fqev6e6aj3p"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"se>
- - [02/Jul/2021:14:47:10 +0200] \"GET /nextcloud HTTP/2.0\" 302 0","duration":1.053039821,"size":0,"status":302,"resp_headers":{"Expires":["Thu, 19 Nov 1981 08:52:00
GMT"],"X-Content-Type-Options":["nosniff"],"Content-Security-Policy":["default-src 'self'; script-src 'self'
'nonce-V1A2cjZZZ0d4cnErUjlvb3NGVWRQUi9yOW1WQUZBR3VMcGZoVVZPamovQT06RDdYVDM5RmM5by9QZHI5cDVXMHlUWE9abVRNNVpUamtZYTZIQ1JiUnlKZz0='; style-src 'self' 'unsafe-inline'; frame-src *;
img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri
'self';"],"Content-Length":["0"],"Pragma":["no-cache"],"Referrer-Policy":["no-referrer"],"X-Frame-Options":["SAMEORIGIN"],"Location":["http://benlem.fr/index.php/apps/dashboard/"],"Date":[>
02 Jul 2021 12:47:09 GMT"],"Cache-Control":["no-store, no-cache, must-revalidate"],"X-Robots-Tag":["none"],"Content-Type":["text/html;
charset=UTF-8"],"X-Download-Options":["noopen"],"X-Permitted-Cross-Domain-Policies":["none"],"X-Xss-Protection":["1;
mode=block"],"X-Powered-By":["PHP/7.4.20"],"Server":["Caddy","Apache/2.4.48 (FreeBSD)"]}} {"level":"info","ts":1625230030.2483644,"logger":"http.log.access.log0","msg":"handled
request","request":{"remote_addr":"192.168.0.254:53962","proto":"HTTP/2.0","method":"GET","host":"benlem.fr","uri":"/index.php/apps/dashboard/","headers":{"Accept":["text/html,application/>
deflate, br"],"Cookie":["nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; nc_username=ncadmin; nc_token=OXXXXXPP;
nc_session_id=qracvi1hXXXXXXX;
oc_sessionPassphrase=rtrpw%2Bm5x5TU3uZeNpbx%2BK6XXXXXXXXyuJnwACbLWcdIvOtnNuOT;
ocqyum3fmkdz=qracvi1hjf6ds92fqev6e6aj3p"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101
Firefox/89.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"benlem.fr"}},"common_log":"192.168.0.254 - -
[02/Jul/2021:14:47:10 +0200] \"GET /index.php/apps/dashboard/ HTTP/2.0\" 0 0","duration":0.00017138,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}

5. What I already tried:

I’ve been reading posts for 3 days!
I tried on different machines, different browsers, outside and inside my local network …
I modified the caddyfile

benlem.fr {
        route /jeedom* {
                reverse_proxy 192.168.0.XX
        }

        route /nextcloud* {
                reverse_proxy 192.168.0.YY
}

with or whithout “http://” and “https:://”

tried more simple

benlem.fr

reverse_proxy /nextcloud/* 192.168.0.XX

thanks for your Help!

6. Links to relevant resources:

I’m not sure why your logs are formatted so that the newlines don’t show up but it might have made it harder to debug the issue.

If you read them closely, you can see that nextcloud returned a 302 (redirect) to /index.php/apps/dashboard as you noticed in your initial post. If you look at your config, there is no route pointing /index.php/* at your nextcloud server so it returns nothing!

Googling around I see nextcloud has some config for setting it’s webroot so I would try that:
https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html#overwrite-parameters

Which version, exactly? How did you build Caddy? Please use one of the supported installation methods Install — Caddy Documentation, or make your custom build with xcaddy.

Remove all these lines. Where did you get them from? These are not useful, and often harmful. Caddy sets the appropriate proxy headers automatically.

You’re running into this:

I recommend using subdomains for each service instead of subpaths. Much easier to configure reliably.

the “caddy version” command return “(devel)”, that’s all.…
I’ve created a jail in Truenas and installed caddy with

pkg caddy install

after having updated and upgraded packages.

Already done.
I found the procedure on a French forum. I am not at home, I can provide the link later if it is of interest …

Thanks for the link, I’m leaning towards it as soon as possible. I’m going to do a clean reinstallation of caddy too… you never know.

@melink14 :

ok, I understand the problem. I will try this method after reinstallation. However I don’t know how to write the “overwritewebroot” command cleanly in the Caddyfile file. I couldn’t find an example for Caddy, only for Apache or Nginx… If you know how to do it…
Thank you for helping me anyway!

Bah. Looks like the way the FreeBSD package is being built is not retaining version information. I’ve reached out to Adam Weinberger, the maintainer of the package to get that updated for next time. But looking at caddy « www - ports - FreeBSD ports tree I’m going to assume you’re using v2.4.1 which is the latest version on there.

If you wouldn’t mind reaching out to whoever wrote that to point out that problem, that would be appreciated. We’re constantly fighting misinformed configurations from all over the internet that are incorrect.

Let us know how it goes next time you try some changes

I’m not sure what you mean by Apache or Nginx examples (I’m curious if you want to share a link) since this setting should be changed inside of your nextcloud config (or you can use subdomain as per the other reply). The nextcloud docs have information on how to change the config.

Unfortunately not. Caddy 2.3.0 is the current quarterly release for FreeBSD.

Well uh, distinfo « caddy « www - ports - FreeBSD ports tree this shows v2.4.1.

That’s in the latest release, which is not the default. The default is quarterly, which is considered stable. Just the way FreeBSD manages ports. See table here FreshPorts -- www/caddy: Fast, cross-platform HTTP/2 web server with automatic HTTPS.

@Coben Consider using @danb35’s Nextcloud resource, which uses Caddy to serve Nextcloud PHP files as well as as a reverse proxy. All the hard work is already done. No need to reinvent the wheel. Scripted installation of Nextcloud 23 in iocage jail | TrueNAS Community

I’ll try this and keep you informed

this is what I get by trying this procedure

JAIL_NAME:caddy: not found
JAIL_INTERFACES not set, defaulting to: vnet0:bridge0
caddy successfully created!

Stopped caddy due to VNET failure
Failed to create jail

the parameters I entered

JAIL_IP="192.168.1.192"
DEFAULT_GW_IP="192.168.0.254"
POOL_PATH="/mnt/Stockage"
JAIL_NAME:"caddy"

in general when I create jails in command line, this procedure works all the time

iocage create -n nextcloud -r 11.3-RELEASE ip4_addr="vnet0|192.168.0.10/24" defaultrouter="192.168.0.1" vnet="on" allow_raw_sockets="1" boot="on

@melink14

i tried that in the nextcloud config.php

  'overwrite.cli.url' => 'http://192.168.0.190',
  'overwritehost' => 'benlem.fr',
  'overwriteprotocol' => 'https',
  'overwritewebroot' => '/nextcloud',

and i get a

ERR_ADDRESS_UNREACHABLE

Just the error string isn’t enough to debug.

What URL is in your address bar and what shows up in caddy logs?

Please report issues you’re having in the discussion area for the resource. Scripted installation of Nextcloud 23 in iocage jail | TrueNAS Community

The solution is here :

What worked for me :

1. on my registrar:

• redirect with an A record of my domain name “example.fr” to the IP of my router. (on the router, ports 80 and 443 are redirected to the virtual machine hosting Caddy)

• create a CNAME entry with " * .example.fr " as source and FQDN “example.fr” as target. This allows all subdomains to be redirected to my router via my domain name.

  2. in the Caddyfile configuration file:

a configuration of the type:

nextcloud.exemple.fr {

         reverse_proxy  <NEXTCLOUD_IP>
}

machine2.exemple.fr {

         reverse_proxy  <MACHINE2_IP>
}

…

3. in the nextcloud config.php file, do not forget to add in “trusted_domain” your subdomain chooses ‘nextcloud.example.fr’ and in “trusted_proxy” the IP of the machine hosting Caddy.

And I reach my machines simply by typing in a browser “nextcloud.example.fr”, “machine2.example.fr” …
As simple as that after all!
By the way: sorry for my english

Once again a big thank you to the community and to the people who take the time to help others. By passing on your knowledge, you enrich the world. Thank you very much to you …

I do it ASAP

@francislavoie Caddy on FreeBSD is finally catching up with the rest of the universe. The stable release is now version 2.4.1. From here on out, it’s just easier to do a caddy upgrade to bring it up to whatever the current Caddy version is, which at the time of posting is 2.4.3.

This topic was automatically closed after 30 days. New replies are no longer allowed.