Caddy2 json config for Nextcloud caldav and carddav

1. Caddy version (caddy version): Caddy 2

2. How I run Caddy: using a systemd service file

a. System environment:

Proxmox LXC container

b. Command:

none

c. Service/unit/compose file:

[Unit]
Description=Caddy Web Server
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=http
Group=http
ExecStart=/usr/bin/caddy run --config /etc/caddy/caddy.json --environ
ExecReload=/usr/bin/caddy reload --config /etc/caddy/caddy.json
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512

# Hardening options
PrivateTmp=true
ProtectSystem=strict
PrivateDevices=true
ProtectHome=true
ReadWritePaths=/var/lib/caddy /var/log/caddy
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
LockPersonality=true


[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config: nextcloud related config

{
              "handle": [
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "handle": [
                        {
                          "handler": "reverse_proxy",
                          "upstreams": [
                            {
                              "dial": "10.10.10.230:80"
                            }
                          ]
                        }
                      ]
                    }
                  ]
                }
              ],
              "match": [
                {
                  "host": [
                    "cloud.myshinydomain.com"
                  ]
                }
              ],
              "terminal": true
            },

3. The problem I’m having:

I use caddy2 as a reverse proxy to various services including my nextcloud container. My nextcloud instance is giving warnings about caldav and carddav. For some reason I was never able to setup caddy2 as a reverse proxy using a Caddyfile. I am able to do that with the JSON config that I have. I would like to know how to add the correct entries in the caddy2 reverse proxy json config file.

4. Error messages and/or full log output:

none

5. What I already tried:

I found that using the regular Caddyfile, we can do

redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301

but how would we do this in the json config

6. Links to relevant resources:

I’m not sure what trouble you had with the Caddyfile, because what you posted would just be this:

cloud.myshinydomain.com {
    reverse_proxy http://10.10.10.230
}

That said, best way to see the JSON representation of a Caddyfile config is to just use the caddy adapt --pretty command. Just write a super simple Caddyfile with the handler you want to see the JSON for, then adapt it.

1 Like

Sorry, yeah… the trouble I had with the Caddyfile was mainly with the integration with Cloudflare dns for LE certs. I adopted Caddy2 very early and so the translation to v2 files were not readily available. It was obviously me doing something incorrect. But I found a resource online who was using JSON file and now I am too with a bunch of other services.

I thought the recommended way was still JSON. Is it not?

I now have the proxying set up correctly. I just need to put in additional redirects for caldav and carddav… but couldn’t find any examples to do that in JSON config.

I will try the adapt flag and see if it helps me out. Thanks. Maybe as an exercise, I might try to move all my config to Caddyfile-- just for shits and giggles.

Well, it depends what you need. If you care about ease of use, the Caddyfile wins. If you need fine grained control, JSON wins.

You can do most things with the Caddyfile, but there are a few limitations, but likely nothing that will hinder you for this type of usecase.

Configuring the DNS challenge is easy now from the Caddyfile, but it’s true that it probably wasn’t in early v2 releases.

This topic was automatically closed after 30 days. New replies are no longer allowed.