1. My Caddy version (caddy -version
):
1.0.4 (Both Public Caddy/Internal Caddy)
2. How I run Caddy:
Public Caddy (Ubuntu 18.0.4 install via bash) which runs on profile based default caddy.service but with added cloudflare credentials and have been running fine for about a year.
Internal (FreeBSD - Freenas Jail)
a. System environment:
OS, relevant versions, systemd? docker? etc.
Ubuntu 18.0.4 (Public)
Freenas 11.2 U7 (Internal)
b. Command:
paste command here
c. Service/unit/compose file:
paste full file contents here
d. My complete Caddyfile:
Public
*public domain* {
tls {
dns cloudflare
}
proxy / 192.168.100.6:1000 {
websocket
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-For {remote}
header_upstream X-Forwarded-Proto {scheme}
}
}
Internal
192.168.100.6:1000 {
root /usr/local/www/nextcloud
log /var/log/nextcloud_access.log
errors /var/log/nextcloud_errors.log
fastcgi / 127.0.0.1:9000 php {
env PATH /bin
env modHeadersAvailable true
env front_controller_active true
connect_timeout 60s
read_timeout 3600s
send_timeout 300s
}
header / {
Strict-Transport-Security "max-age=15768000;"
X-Content-Type-Options "nosniff"
X-XSS-Protection "1; mode=block"
X-Robots-Tag "none"
X-Download-Options "noopen"
X-Permitted-Cross-Domain-Policies "none"
Referrer-Policy "no-referrer"
}
header /core/fonts {
Cache-Control "max-age=604800"
}
# checks for images
rewrite {
ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map
r ^/index.php/.*$
to /{1} /index.php?{query}
}
rewrite {
r ^/\.well-known/host-meta$
to /public.php?service=host-meta&{query}
}
rewrite {
r ^/\.well-known/host-meta\.json$
to /public.php?service=host-meta-json&{query}
}
rewrite {
r ^/\.well-known/webfinger$
to /public.php?service=webfinger&{query}
}
rewrite {
r ^/index.php/.*$
to /index.php?{query}
}
rewrite / {
if {path} not_starts_with /remote.php
if {path} not_starts_with /public.php
ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map .html .ttf
r ^/(.*)$
to /{1} /index.php{uri}
}
rewrite / {
if {path} not /core/img/favicon.ico
if {path} not /core/img/manifest.json
if {path} not_starts_with /remote.php
if {path} not_starts_with /public.php
if {path} not_starts_with /cron.php
if {path} not_starts_with /core/ajax/update.php
if {path} not_starts_with /status.php
if {path} not_starts_with /ocs/v1.php
if {path} not_starts_with /ocs/v2.php
if {path} not /robots.txt
if {path} not_starts_with /updater/
if {path} not_starts_with /ocs-provider/
if {path} not_starts_with /ocm-provider/
if {path} not_starts_with /.well-known/
to /index.php{uri}
}
# client support (e.g. os x calendar / contacts)
redir /.well-known/carddav /remote.php/carddav 301
redir /.well-known/caldav /remote.php/caldav 301
# remove trailing / as it causes errors with php-fpm
rewrite {
r ^/remote.php/(webdav|caldav|carddav|dav)(\/?)(\/?)$
to /remote.php/{1}
}
rewrite {
r ^/remote.php/(webdav|caldav|carddav|dav)/(.+?)(\/?)(\/?)$
to /remote.php/{1}/{2}
}
rewrite {
r ^/public.php/(dav|webdav|caldav|carddav)(\/?)(\/?)$
to /public.php/{1}
}
rewrite {
r ^/public.php/(dav|webdav|caldav|carddav)/(.+)(\/?)(\/?)$
to /public.php/{1}/{2}
}
# .htaccess / data / config / ... shouldn't be accessible from outside
status 404 {
/.htaccess
/data
/config
/db_structure
/.xml
/README
/3rdparty
/lib
/templates
/occ
/console.php
}
}
3. The problem I’m having:
Essentially nextcloud was installed via a script which works fine when instance if public facing, so I was hoping to change to just internal http caddy and use my public instance to proxy to.
I can access the instance (nextcloud) completely fine through local network by local ip address but when I tired to access the public domain I am getting error: “404 Site public domain is not served on this interface”
This seem like internal caddy is not allowing access via domain name, is there a way to allow explicit access from a specific domain name? Or have I setup the public instance incorrectly?
The reason for the setup is because the public caddy instance is also running other reverse proxy for other services from different vlans/devices etc. It also allow me to modify the nextcloud system without interfering with other project which is being proxied and served by public instance.
Would it be easier to re-write using apache and my previous of nextcloud works flawless with caddy to proxy through.
4. Error messages and/or full log output:
I don’t see any error message on both the internal/public.
5. What I already tried:
I have tired removing header_upstreams which made the instance not reachable outside the network but for internal just redirect to local address.
6. Links to relevant resources:
The scrip I used to install nextcloud: