[Caddy + Nextcloud:FPM-ALPINE] Domain not working

Help
1

Hello,

I am setting a rootless environment with caddy for nextcloud:fpm-alpine, with podman, but when I setup the domain/subdomain in the Caddyfile, caddy won’t reach the nextcloud.

when I read the logs, appear empty, it become silent.

next will show how I do the setup:

  1. Prepare OS environment (Package, User, Lingering):
# Dependencies
zypper in -y podman systemd-container

# Name of the User
USER_NAME="cloud"

# If the User not Exists Create it
if ! id -u "${USER_NAME}" &>/dev/null; then
    useradd -Uc "${USER_NAME} Daemon" -m "${USER_NAME}"
    loginctl enable-linger "${USER_NAME}"
fi

# Access to the user, this command allow to login to the user with XDG_RUNTIME ready to allow use systemd commands and others. (Is like ssh direct to the user)
machinectl shell "${USER_NAME}"@
  1. Setup containers.conf to the user
## Container Setup Database
# shellcheck disable=SC2016
cp -R /usr/share/containers "${HOME}"/.config/
# Change the journal driver to a file, becuase i don't want to add the user to *systemd-journald* group
sed -i '0,/"journald"/s,,"k8s-file",' "${HOME}"/.config/containers/containers.conf
  1. Environment Setup for easy name
POD_NAME="podCloud"
DB_NAME="pg-cloud"
CLOUDDB_USER=ucloud
CLOUDDB_NAME=ncloud
REDIS_NAME="redis"
CLOUD_NAME="cloud"
CADDY_NAME="caddy"
DOMAIN="example.lan"
VOL="/opt/cloud"
NET="nextcloud"
  1. Secret Setup (Passwords)
mkdir -m 700 "${HOME}"/.enc

openssl rand -base64 32 | tr -d '\n' >"${HOME}"/.enc/"${DB_NAME}" && podman secret create "${DB_NAME}" "${HOME}"/.enc/"${DB_NAME}"
openssl rand -hex 32 | tr -d '\n' >"${HOME}"/.enc/"${CLOUDDB_USER}" && podman secret create "${CLOUDDB_USER}" "${HOME}"/.enc/"${CLOUDDB_USER}"
openssl rand -base64 128 | tr -d '\n' >"${HOME}"/.enc/"${REDIS_NAME}" && podman secret create "${REDIS_NAME}" "${HOME}"/.enc/"${REDIS_NAME}"

PG_SECRET=$(podman secret ls --format {{.ID}} -f NAME="${DB_NAME}")
CLOUDDB_SECRET=$(podman secret ls --format {{.ID}} -f NAME="${CLOUDDB_USER}")
REDIS_SECRET=$(podman secret ls --format {{.ID}} -f NAME="${REDIS_NAME}")
  1. Volume Management
# Cloud
folders=(
    "html"
    "config"
    "data"
)

paths="${VOL}/${CLOUD_NAME}"
for d in "${folders[@]}"; do
    if [ ! -d "${paths}/${d}" ]; then
        mkdir -p "${paths}/${d}"
    fi
    podman volume create \
        -o type=none \
        -o device="${paths}/${d}" \
        -o o=bind \
        "${CLOUD_NAME}_${d}"
done

# DB
folders=(
    "pgdata"
)

paths="${VOL}/${DB_NAME}"
for d in "${folders[@]}"; do
    if [ ! -d "${paths}/${d}" ]; then
        mkdir -p "${paths}/${d}"
    fi
    podman volume create \
        -o type=none \
        -o device="${paths}/${d}" \
        -o o=bind \
        "${DB_NAME}_${d}"
done

# Caddy
folders=(
    "data"
    "config"
    "etc"
    "log"
)

paths="${VOL}/${CADDY_NAME}"
for d in "${folders[@]}"; do
    if [ ! -d "${paths}/${d}" ]; then
        mkdir -p "${paths}/${d}"
    fi
    if ! podman volume inspect "${d}" &>/dev/null; then
        podman volume create \
            -o type=none \
            -o device="${paths}/${d}" \
            -o o=bind \
            "${CADDY_NAME}_${d}"
    fi
done
  1. Network
podman network create "${NET}" --subnet 10.0.2.0/24 --gateway 10.0.2.1
  1. POD Creation
podman pod create \
    --replace \
    --restart unless-stopped \
    --network "${NET}" \
    -n "${POD_NAME}" \
    -p 80:80 \
    -v "${DB_NAME}"_pgdata:/data/postgresql \
    -v "${CLOUD_NAME}"_html:/var/www/html \
    -v "${CLOUD_NAME}"_config:/var/www/html/config \
    -v "${CLOUD_NAME}"_data:/opt/data \
    -v "${CADDY_NAME}"_data:/data \
    -v "${CADDY_NAME}"_config:/config \
    -v "${CADDY_NAME}"_etc:/etc/caddy \
    -v "${CADDY_NAME}"_log:/var/log/caddy
  1. Database Container
podman run -d \
    --pod podCloud \
    --replace \
    --pull=newer \
    --label "io.containers.autoupdate=registry" \
    --restart unless-stopped \
    --name "${DB_NAME}" \
    --secret "${PG_SECRET}" \
    -e PGDATA=/data/postgresql \
    -e POSTGRES_PASSWORD_FILE=/run/secret/"$(podman secret inspect --format {{.Spec.Name}} "${PG_SECRET}" | grep -vE "^$")" \
    docker.io/postgres:latest
  1. Redis Container
podman run -d \
    --pod podCloud \
    --replace \
    --pull=newer \
    --label "io.containers.autoupdate=registry" \
    --restart unless-stopped \
    --name "${REDIS_NAME}" \
    docker.io/redis:alpine redis-server --requirepass "$(podman secret inspect --format {{.SecretData}} --showsecret "${REDIS_SECRET}" | grep -vE "^$")"
  1. Nextcloud Container
podman run -d \
    --pod podCloud \
    --replace \
    --pull newer \
    --label "io.containers.autoupdate=registry" \
    --restart unless-stopped \
    --name "${CLOUD_NAME}" \
    --secret "${PG_SECRET}" \
    -e NEXTCLOUD_DATA_DIR=/opt/data \
    -e NEXTCLOUD_INIT_HTACCESS=true \
    -e NEXTCLOUD_TRUSTED_DOMAINS="[cloud.${DOMAIN} 192.168.1.20 100.97.21.88 10.0.2.2]" \
    -e TRUSTED_PROXIES=10.0.2.0/24 \
    -e POSTGRES_DB=${CLOUDDB_NAME} \
    -e POSTGRES_USER=${CLOUDDB_USER} \
    -e POSTGRES_PASSWORD_FILE=/run/secrets/"$(podman secret inspect --format {{.Spec.Name}} "${PG_SECRET}" | grep -vE "^$")" \
    -e POSTGRES_HOST=localhost \
    -e REDIS_HOST=localhost \
    -e REDIS_HOST_PASSWORD="$(podman secret inspect --format {{.SecretData}} --showsecret "${REDIS_SECRET}" | grep -vE "^$")" \
    -e PHP_MEMORY_LIMIT=1024M \
    docker.io/nextcloud:fpm-alpine
  1. Caddy Container
podman run -d \
    --pod podCloud \
    --replace \
    --pull=newer \
    --restart unless-stopped \
    --label "io.containers.autoupdate=registry" \
    --cap-add=NET_ADMIN \
    --name "${CADDY_NAME}" \
    docker.io/caddy:latest
  1. Post-Container Setup
  • Create Cloud DB User
# ===CloudDB_USER User and DB=== #
podman exec -it -u postgres "${DB_NAME}" psql -c "CREATE USER ${CLOUDDB_USER} WITH PASSWORD '$(podman secret inspect --format {{.SecretData}} --showsecret "${CLOUDDB_SECRET}" | grep -vE "^$")';" &&
    podman exec -it -u postgres "${DB_NAME}" psql -c "CREATE DATABASE ${CLOUDDB_NAME} OWNER ${CLOUDDB_USER};" &&
    podman exec -it -u postgres "${DB_NAME}" psql -c "GRANT ALL PRIVILEGES ON DATABASE ${CLOUDDB_NAME} TO ${CLOUDDB_USER};"
  • CaddyFile
cat >"${paths}/${folders[2]}"/Caddyfile <<EOF
{
        auto_https off
        debug
        admin off
        log {
                format console
                level DEBUG
        }
        servers {
                protocols h1 h2
        }
}

:80 {
        root * /var/www/html
        file_server
        encode gzip zstd

        php_fastcgi cloud:9000
        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301

        # .htaccess / data / config / ... shouldn't be accessible from outside
        @forbidden {
                path /.htaccess
                path /data/*
                path /config/*
                path /db_structure
                path /.xml
                path /README
                path /3rdparty/*
                path /lib/*
                path /templates/*
                path /occ
                path /console.php
        }
        respond @forbidden 404
}
EOF

podman restart "${CADDY_NAME}"
  • Fix Permission folder
podman unshare chown -vR 82:82 /opt/cloud/cloud/data
2

I don’t see any domain in your config. Please show the actual config you’re having trouble with.

I don’t believe your logs are empty. Caddy emits lots of logs to stderr, please show your logs.

3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.