1. My Caddy version (caddy -version
):
1.0.4
2. How I run Caddy:
a. System environment:
Debian 10 Buster
(RaspberryPi 4 4GB)
b. Command:
caddy -ca https://acme-staging-v02.api.letsencrypt.org/directory --conf /etc/caddy/Caddyfile
Info: letsencrypt Staging used for testing purposes till it works.
c. Service/unit/compose file:
paste full file contents here
d. My complete Caddyfile:
nextcloud.mydomain.com {
tls my@email.com
root /var/www/nextcloud
log /var/log/nextcloud_access.log
errors /var/log/nextcloud_errors.log
fastcgi / 127.0.0.1:9000 php {
env PATH /bin
env modHeadersAvailable true
env front_controller_active true
connect_timeout 60s
read_timeout 3600s
send_timeout 300s
}
header / {
Strict-Transport-Security "max-age=15768000;"
X-Content-Type-Options "nosniff"
X-XSS-Protection "1; mode=block"
X-Robots-Tag "none"
X-Download-Options "noopen"
X-Permitted-Cross-Domain-Policies "none"
Referrer-Policy "no-referrer"
}
header /core/fonts {
Cache-Control "max-age=604800"
}
# checks for images
rewrite {
ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map
r ^/index.php/.*$
to /{1} /index.php?{query}
}
rewrite {
r ^/\.well-known/host-meta$
to /public.php?service=host-meta&{query}
}
rewrite {
r ^/\.well-known/host-meta\.json$
to /public.php?service=host-meta-json&{query}
}
rewrite {
r ^/\.well-known/webfinger$
to /public.php?service=webfinger&{query}
}
rewrite {
r ^/index.php/.*$
to /index.php?{query}
}
rewrite / {
if {path} not_starts_with /remote.php
if {path} not_starts_with /public.php
ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map .html .ttf
r ^/(.*)$
to /{1} /index.php{uri}
}
rewrite / {
if {path} not /core/img/favicon.ico
if {path} not /core/img/manifest.json
if {path} not_starts_with /remote.php
if {path} not_starts_with /public.php
if {path} not_starts_with /cron.php
if {path} not_starts_with /core/ajax/update.php
if {path} not_starts_with /status.php
if {path} not_starts_with /ocs/v1.php
if {path} not_starts_with /ocs/v2.php
if {path} not /robots.txt
if {path} not_starts_with /updater/
if {path} not_starts_with /ocs-provider/
if {path} not_starts_with /ocm-provider/
if {path} not_starts_with /.well-known/
to /index.php{uri}
}
# client support (e.g. os x calendar / contacts)
redir /.well-known/carddav /remote.php/carddav 301
redir /.well-known/caldav /remote.php/caldav 301
# remove trailing / as it causes errors with php-fpm
rewrite {
r ^/remote.php/(webdav|caldav|carddav|dav)(\/?)(\/?)$
to /remote.php/{1}
}
rewrite {
r ^/remote.php/(webdav|caldav|carddav|dav)/(.+?)(\/?)(\/?)$
to /remote.php/{1}/{2}
}
rewrite {
r ^/public.php/(dav|webdav|caldav|carddav)(\/?)(\/?)$
to /public.php/{1}
}
rewrite {
r ^/public.php/(dav|webdav|caldav|carddav)/(.+)(\/?)(\/?)$
to /public.php/{1}/{2}
}
# .htaccess / data / config / ... shouldn't be accessible from outside
status 404 {
/.htaccess
/data
/config
/db_structure
/.xml
/README
/3rdparty
/lib
/templates
/occ
/console.php
}
}
3. The problem I’m having:
Hi there caddy community.
I’m in the process of setting up some services on my Server where some of them should be offered to the “interwebs”.
For the sake of Security I want to run a reverse Proxy in front of all services running on the same machine where all the services (natively and also in docker containers) are running.
I am running nextcloud over nginx at port 8080 because the reverse proxy, in this case caddy, needs the port 80 and 443. Nextcloud is accessed internally through http://192.168.1.100:8080/nextcloud. On the system nextcloud is installed under /var/www/nextcloud/ .
Now I want the following:
Accessing the internal nextcloud over nextcloud.mydomain.com .
I installed the caddy service with following command:
curl https://getcaddy.com | bash -s personal http.cache,http.cgi,http.forwardproxy,http.ipfilter,http.nobots,http.permission,http.realip
I have found a nextcloud Caddyfile Configuration example here:
https://github.com/caddyserver/examples/tree/master/nextcloud
So my Caddyfile looks like shown above.
I then run caddy with the Caddyfile but then when I access nextcloud.mydomain.com I always get 502 Bad Gateway .
Other services accessed directly by a Port (and no “subfolder/path” because they are running their own webserver) are accessible through caddy through the various subdomains I’ve set up.
I also tried it with traefik, had gone through many tutorials and configuration iterations but traefik isn’t routing propperly and it didn’t gave me consistent results. So thats because I searched for an alternative which handles also the LetsEncrypt certificates and that lead me to caddy.
I am running caddy 1.0.4.
I browsed here in the Forums for any hints which could lead to resolve my issue but nothing found wich could have helped.
Would be really glad to get it going. Any help is welcome.
Thank you very much in advance and have a nice weekend!
4. Error messages and/or full log output:
502 Bad Gateway (when trying to load nextcloud.mydomain.com)
5. What I already tried:
I tried to formward/route to othe services which are running on the server baremetal and also in docker containers accessed directly over the corresponding Port (without any subfolder like with nextcloud) of the services and they are routed correctly over caddy. Only nextcloud with its subfolder is not running propperly.
6. Links to relevant resources:
Nextcloud Caddyfile Example: https://github.com/caddyserver/examples/tree/master/nextcloud
Tutorial I’ve followed: https://www.addictivetips.com/ubuntu-linux-tips/install-the-caddy-web-server-on-linux/
Installation Comand: curl https://getcaddy.com | bash -s personal http.cache,http.cgi,http.forwardproxy,http.ipfilter,http.nobots,http.permission,http.realip
Run Command:caddy -ca https://acme-staging-v02.api.letsencrypt.org/directory --conf /etc/caddy/Caddyfile