Caddy as reverse proxy failed to serve nextcloudaio

afi4711 · July 25, 2025, 3:37pm

1. The problem I’m having:

Using caddy as reverse proxy on server1 failed to serve nextcloudaio on server2:
no connection to port 11000 on server2. Port 1880 (for node-red) on server1 is successfull. Docker installation is used for both services.

2. Error messages and/or full log output:

dial tcp 192.168.0.93:11000: connect: connection refused

[+] Running 1/1
 ✔ Container caddy-caddy-1  Created                                                                                                                                                                                                                                                      0.1s 
Attaching to caddy-1
caddy-1  | {"level":"info","ts":1753456389.5231357,"msg":"maxprocs: Leaving GOMAXPROCS=4: CPU quota undefined"}
caddy-1  | {"level":"info","ts":1753456389.5237172,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":3583704268,"previous":9223372036854775807}
caddy-1  | {"level":"info","ts":1753456389.523903,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
caddy-1  | {"level":"info","ts":1753456389.5268323,"msg":"adapted config to JSON","adapter":"caddyfile"}
caddy-1  | {"level":"info","ts":1753456389.530692,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
caddy-1  | {"level":"info","ts":1753456389.5312476,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy-1  | {"level":"info","ts":1753456389.5313275,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv1","https_port":443}
caddy-1  | {"level":"info","ts":1753456389.5313528,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv1"}
caddy-1  | {"level":"debug","ts":1753456389.5314608,"logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{}]}},"http":{"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{},{}]},"srv0":{"listen":[":1880"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.0.14:1880"}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}},"srv1":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.0.93:11000"}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
caddy-1  | {"level":"info","ts":1753456389.5350697,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x400060c380"}
caddy-1  | {"level":"debug","ts":1753456389.5459056,"logger":"http","msg":"starting server loop","address":"[::]:1880","tls":true,"http3":false}
caddy-1  | {"level":"info","ts":1753456389.5459957,"logger":"http","msg":"enabling HTTP/3 listener","addr":":1880"}
caddy-1  | {"level":"info","ts":1753456389.5477989,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
caddy-1  | {"level":"debug","ts":1753456389.5620995,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":false}
caddy-1  | {"level":"info","ts":1753456389.5621684,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
caddy-1  | {"level":"info","ts":1753456389.5630224,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
caddy-1  | {"level":"debug","ts":1753456389.5744505,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
caddy-1  | {"level":"warn","ts":1753456389.5745242,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":80"}
caddy-1  | {"level":"warn","ts":1753456389.574535,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"}
caddy-1  | {"level":"info","ts":1753456389.5745435,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
caddy-1  | {"level":"info","ts":1753456389.574558,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["mydomain.ddns.net"]}
caddy-1  | {"level":"warn","ts":1753456389.5763597,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [mydomain.ddns.net]: no OCSP server specified in certificate","identifiers":["mydomain.ddns.net"]}
caddy-1  | {"level":"debug","ts":1753456389.5766845,"logger":"tls.cache","msg":"added certificate to cache","subjects":["mydomain.ddns.net"],"expiration":1761206189,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"213ad28d29977852438b5c0bd92554da4f0f7822bc1dad1ff9deb983d3b5d64f","cache_size":1,"cache_capacity":10000}
caddy-1  | {"level":"debug","ts":1753456389.576764,"logger":"events","msg":"event","name":"cached_managed_cert","id":"7fabba8e-395d-4dca-b3c2-02a6f7b0939e","origin":"tls","data":{"sans":["mydomain.ddns.net"]}}
caddy-1  | {"level":"debug","ts":1753456389.5769715,"logger":"events","msg":"event","name":"started","id":"7c73ad3c-e55a-46f0-9c27-42157eb8e621","origin":"","data":null}
caddy-1  | {"level":"info","ts":1753456389.5782452,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
caddy-1  | {"level":"info","ts":1753456389.5784826,"msg":"serving initial configuration"}
caddy-1  | {"level":"info","ts":1753456389.5842605,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"02250a9c-3d83-4b7b-9a82-6438972013bf","try_again":1753542789.5842545,"try_again_in":86399.999997703}
caddy-1  | {"level":"info","ts":1753456389.5845222,"logger":"tls","msg":"finished cleaning storage units"}
caddy-1  | {"level":"debug","ts":1753456390.333207,"logger":"events","msg":"event","name":"tls_get_certificate","id":"4868632b-a947-4285-b683-698cf90393b9","origin":"tls","data":{"client_hello":{"CipherSuites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,173,171,52398,52397,52396,157,169,52395,172,170,156,168,61,60,49208,49206,183,179,149,145,53,175,141,49207,49205,182,178,148,144,47,174,140],"ServerName":"mydomain.ddns.net","SupportedCurves":[29,23,30,25,24,256,257,258,259,260],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2074,2075,2076,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,769,770,1026,1282,1538],"SupportedProtos":null,"SupportedVersions":[772,771],"RemoteAddr":{"IP":"82.212.15.135","Port":53140,"Zone":""},"LocalAddr":{"IP":"172.23.0.2","Port":443,"Zone":""}}}}
caddy-1  | {"level":"debug","ts":1753456390.333464,"logger":"tls.handshake","msg":"choosing certificate","identifier":"mydomain.ddns.net","num_choices":1}
caddy-1  | {"level":"debug","ts":1753456390.3334796,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"mydomain.ddns.net","subjects":["mydomain.ddns.net"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"213ad28d29977852438b5c0bd92554da4f0f7822bc1dad1ff9deb983d3b5d64f"}
caddy-1  | {"level":"debug","ts":1753456390.3334992,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"82.212.15.135","remote_port":"53140","subjects":["mydomain.ddns.net"],"managed":true,"expiration":1761206189,"hash":"213ad28d29977852438b5c0bd92554da4f0f7822bc1dad1ff9deb983d3b5d64f"}
caddy-1  | {"level":"debug","ts":1753456390.3972504,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.0.93:11000","total_upstreams":1}
caddy-1  | {"level":"debug","ts":1753456390.4519954,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.0.93:11000","duration":0.05457977,"request":{"remote_ip":"82.212.15.135","remote_port":"53140","client_ip":"82.212.15.135","proto":"HTTP/1.1","method":"GET","host":"mydomain.ddns.net","uri":"/index.php/204","headers":{"X-Forwarded-For":["82.212.15.135"],"Accept-Encoding":["zstd, gzip, deflate"],"Accept-Language":["de-DE,en,*"],"Accept":["*/*"],"X-Forwarded-Host":["mydomain.ddns.net"],"Via":["1.1 Caddy"],"X-Request-Id":["ed85486f-3095-4e08-8bc7-1714788ffc8e"],"User-Agent":["Mozilla/5.0 (Linux) mirall/3.16.6 (build 31593) (Nextcloud, linuxmint-6.8.0-64-generic ClientArchitecture: x86_64 OsArchitecture: x86_64)"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"","server_name":"mydomain.ddns.net"}},"error":"dial tcp 192.168.0.93:11000: connect: connection refused"}
caddy-1  | {"level":"error","ts":1753456390.4521844,"logger":"http.log.error","msg":"dial tcp 192.168.0.93:11000: connect: connection refused","request":{"remote_ip":"82.212.15.135","remote_port":"53140","client_ip":"82.212.15.135","proto":"HTTP/1.1","method":"GET","host":"mydomain.ddns.net","uri":"/index.php/204","headers":{"Accept-Encoding":["zstd, gzip, deflate"],"Accept-Language":["de-DE,en,*"],"User-Agent":["Mozilla/5.0 (Linux) mirall/3.16.6 (build 31593) (Nextcloud, linuxmint-6.8.0-64-generic ClientArchitecture: x86_64 OsArchitecture: x86_64)"],"Accept":["*/*"],"X-Request-Id":["ed85486f-3095-4e08-8bc7-1714788ffc8e"],"Connection":["Keep-Alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"","server_name":"mydomain.ddns.net"}},"duration":0.054950284,"status":502,"err_id":"p42wvje1q","err_trace":"reverseproxy.statusError (reverseproxy.go:1390)"}

caddy-1  | {"level":"debug","ts":1753456396.0087905,"logger":"events","msg":"event","name":"tls_get_certificate","id":"1f703030-8e77-4060-9831-8b848d602a87","origin":"tls","data":{"client_hello":{"CipherSuites":[4866,4867,4865,4868,49196,52393,49325,49162,49195,49324,49161,49200,52392,49172,49199,49171,157,49309,53,156,49308,47,159,52394,49311,57,158,49310,51],"ServerName":"mydomain.ddns.net","SupportedCurves":[23,24,25,29,30,256,257,258,259,260],"SupportedPoints":"AA==","SignatureSchemes":[1025,2057,2052,1027,2055,1281,2058,2053,1283,2056,1537,2059,2054,1539,513,515],"SupportedProtos":["h2","http/1.1","http/1.0"],"SupportedVersions":[772,771,770,769],"RemoteAddr":{"IP":"82.212.15.135","Port":53146,"Zone":""},"LocalAddr":{"IP":"172.23.0.2","Port":443,"Zone":""}}}}
caddy-1  | {"level":"debug","ts":1753456396.0090222,"logger":"tls.handshake","msg":"choosing certificate","identifier":"mydomain.ddns.net","num_choices":1}
caddy-1  | {"level":"debug","ts":1753456396.0090728,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"mydomain.ddns.net","subjects":["mydomain.ddns.net"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"213ad28d29977852438b5c0bd92554da4f0f7822bc1dad1ff9deb983d3b5d64f"}
caddy-1  | {"level":"debug","ts":1753456396.0091124,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"82.212.15.135","remote_port":"53146","subjects":["mydomain.ddns.net"],"managed":true,"expiration":1761206189,"hash":"213ad28d29977852438b5c0bd92554da4f0f7822bc1dad1ff9deb983d3b5d64f"}
caddy-1  | {"level":"debug","ts":1753456396.0408027,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.0.93:11000","total_upstreams":1}
caddy-1  | {"level":"debug","ts":1753456396.0559578,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.0.93:11000","duration":0.014777333,"request":{"remote_ip":"82.212.15.135","remote_port":"53146","client_ip":"82.212.15.135","proto":"HTTP/2.0","method":"REPORT","host":"mydomain.ddns.net","uri":"/remote.php/dav/calendars/andi/testaio/","headers":{"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["de-de, de;q=0.9"],"Depth":["1"],"User-Agent":["Evolution/3.56.2"],"Cache-Control":["no-cache"],"Pragma":["no-cache"],"X-Forwarded-For":["82.212.15.135"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["mydomain.ddns.net"],"Via":["2.0 Caddy"],"Content-Type":["application/xml; charset=\"utf-8\""],"Content-Length":["318"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"mydomain.ddns.net"}},"error":"dial tcp 192.168.0.93:11000: connect: connection refused"}
caddy-1  | {"level":"error","ts":1753456396.0565417,"logger":"http.log.error","msg":"dial tcp 192.168.0.93:11000: connect: connection refused","request":{"remote_ip":"82.212.15.135","remote_port":"53146","client_ip":"82.212.15.135","proto":"HTTP/2.0","method":"REPORT","host":"mydomain.ddns.net","uri":"/remote.php/dav/calendars/andi/testaio/","headers":{"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["de-de, de;q=0.9"],"Depth":["1"],"User-Agent":["Evolution/3.56.2"],"Cache-Control":["no-cache"],"Pragma":["no-cache"],"Content-Type":["application/xml; charset=\"utf-8\""],"Content-Length":["318"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"mydomain.ddns.net"}},"duration":0.015549732,"status":502,"err_id":"cgrafpg0g","err_trace":"reverseproxy.statusError (reverseproxy.go:1390)"}

caddy-1  | {"level":"debug","ts":1753456452.387643,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.0.93:11000","total_upstreams":1}
caddy-1  | {"level":"debug","ts":1753456452.397915,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.0.93:11000","duration":0.010132355,"request":{"remote_ip":"82.212.15.135","remote_port":"53140","client_ip":"82.212.15.135","proto":"HTTP/1.1","method":"GET","host":"mydomain.ddns.net","uri":"/index.php/204","headers":{"User-Agent":["Mozilla/5.0 (Linux) mirall/3.16.6 (build 31593) (Nextcloud, linuxmint-6.8.0-64-generic ClientArchitecture: x86_64 OsArchitecture: x86_64)"],"Accept":["*/*"],"X-Request-Id":["fa6ade79-b46d-4e9a-bb80-d83f6c7fd687"],"X-Forwarded-For":["82.212.15.135"],"Accept-Encoding":["zstd, gzip, deflate"],"Accept-Language":["de-DE,en,*"],"X-Forwarded-Host":["mydomain.ddns.net"],"Via":["1.1 Caddy"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"","server_name":"mydomain.ddns.net"}},"error":"dial tcp 192.168.0.93:11000: connect: connection refused"}
caddy-1  | {"level":"error","ts":1753456452.398081,"logger":"http.log.error","msg":"dial tcp 192.168.0.93:11000: connect: connection refused","request":{"remote_ip":"82.212.15.135","remote_port":"53140","client_ip":"82.212.15.135","proto":"HTTP/1.1","method":"GET","host":"mydomain.ddns.net","uri":"/index.php/204","headers":{"User-Agent":["Mozilla/5.0 (Linux) mirall/3.16.6 (build 31593) (Nextcloud, linuxmint-6.8.0-64-generic ClientArchitecture: x86_64 OsArchitecture: x86_64)"],"Accept":["*/*"],"X-Request-Id":["fa6ade79-b46d-4e9a-bb80-d83f6c7fd687"],"Connection":["Keep-Alive"],"Accept-Encoding":["zstd, gzip, deflate"],"Accept-Language":["de-DE,en,*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"","server_name":"mydomain.ddns.net"}},"duration":0.010465536,"status":502,"err_id":"mmsmy58e3","err_trace":"reverseproxy.statusError (reverseproxy.go:1390)"}

3. Caddy version:

v2.10.0 h1

4. How I installed and ran Caddy:

Caddy run with docker:

a. System environment:

Docker version 28.3.2 running on raspberrypi (Linux smarthome4 6.12.25+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.12.25-1+rpt1 (2025-04-30) aarch64 GNU/Linux)

b. Command:

docker compose up

c. Service/unit/compose file:

caddy:

services:
  caddy:
    image: caddy:latest
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./conf:/etc/caddy
      - ./certs:/certs
      - ./site:/srv
      - caddy_data:/data
      - caddy_config:/config

volumes:
  caddy_data:
  caddy_config:

nextcloudaio:

services:
  nextcloud-aio-mastercontainer:
    image: ghcr.io/nextcloud-releases/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
    network_mode: bridge # add to the same network as docker run would do
    ports:
    # - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
      - 8080:8080
      - 11000:11000
    # - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
    environment:
      NEXTCLOUD_DATADIR: /media/docker/nextcloud/data_dir
      SKIP_DOMAIN_VALIDATION: true
      APACHE_PORT: 11000
      APACHE_IP_BINDING: 0.0.0.0
      APACHE_ADDITIONAL_NETWORK=""

volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work

d. My complete Caddy config:

{
	debug
}
mydomain.ddns.net:1880 {
	reverse_proxy 192.168.0.14:1880
}
mydomain.ddns.net:443 {
	reverse_proxy 192.168.0.93:11000
}

5. Links to relevant resources:

timelordx · July 25, 2025, 4:10pm

That’s a terrible title!

On server1, where you have Caddy, run:

curl -v http://192.168.0.93:11000

and share the result.

afi4711 · July 26, 2025, 8:44am

server1 (192.168.0.14):

curl -v http://192.168.0.93:11000
*   Trying 192.168.0.93:11000...
* connect to 192.168.0.93 port 11000 failed: Verbindungsaufbau abgelehnt
* Failed to connect to 192.168.0.93 port 11000 after 15 ms: Couldn't connect to server
* Closing connection 0
curl: (7) Failed to connect to 192.168.0.93 port 11000 after 15 ms: Couldn't connect to server

Port 80 and 443 connect successfully.
Although port 11000 has been configured in nextcloud, it does not appear in the container list:

server2 (192.168.0.93):

docker ps
CONTAINER ID   IMAGE                                               COMMAND                  CREATED         STATUS                   PORTS                                                                                                                                     NAMES
ef512a9686bb   ghcr.io/nextcloud-releases/aio-apache:latest        "/start.sh /usr/bin/…"   2 minutes ago   Up 2 minutes (healthy)   80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:443->443/udp, [::]:443->443/tcp, [::]:443->443/udp                                                  nextcloud-aio-apache
f273be7ffc10   ghcr.io/nextcloud-releases/aio-whiteboard:latest    "/start.sh"              2 minutes ago   Up 2 minutes (healthy)   3002/tcp                                                                                                                                  nextcloud-aio-whiteboard
11d45a910650   ghcr.io/nextcloud-releases/aio-notify-push:latest   "/start.sh"              2 minutes ago   Up 2 minutes (healthy)                                                                                                                                             nextcloud-aio-notify-push
b19a2855a88b   ghcr.io/nextcloud-releases/aio-nextcloud:latest     "/start.sh /usr/bin/…"   2 minutes ago   Up 2 minutes (healthy)   9000/tcp                                                                                                                                  nextcloud-aio-nextcloud
dca0412f50fa   ghcr.io/nextcloud-releases/aio-imaginary:latest     "/start.sh"              2 minutes ago   Up 2 minutes (healthy)                                                                                                                                             nextcloud-aio-imaginary
12e3f3221c3a   ghcr.io/nextcloud-releases/aio-redis:latest         "/start.sh"              2 minutes ago   Up 2 minutes (healthy)   6379/tcp                                                                                                                                  nextcloud-aio-redis
d0705dc2a01c   ghcr.io/nextcloud-releases/aio-postgresql:latest    "/start.sh"              2 minutes ago   Up 2 minutes (healthy)   5432/tcp                                                                                                                                  nextcloud-aio-database
b2fff0e72cda   ghcr.io/nextcloud-releases/all-in-one:latest        "/start.sh"              8 days ago      Up 8 days (healthy)      0.0.0.0:80->80/tcp, [::]:80->80/tcp, 0.0.0.0:8080->8080/tcp, [::]:8080->8080/tcp, 0.0.0.0:8443->8443/tcp, [::]:8443->8443/tcp, 9000/tcp   nextcloud-aio-mastercontainer

timelordx · July 26, 2025, 8:56am

This is not Caddy’s problem. There’s nothing listening on the other side for Caddy to connect to. The title is a bit misleading, I’d say.

afi4711 · July 26, 2025, 10:08am

OK. Thank you very much.
Then I will look for the solution in the Nextcloud community.

Forza · August 3, 2025, 10:21am

Not sure how Nextcloud AIO works, however a normal install uses php-fpm, so you’d use the `php_fastcgi` directive instead of `reverse_proxy`. If the AIO uses nginx or apache or the like, then a normal reverse_proxy is appropriate.

But as others have said, you need to solve the docker listening port. You can use `netstat -npl` to list all listening sockets on the host.