Can't get my Nextcloud AIO working with caddy reverse proxy (Docker)

mrhexagon · February 25, 2025, 10:39am

Hi all, I’m having this issue while trying to set up Nextcloud AIO behind caddy. I’m stuck here for hours, which is driving me nuts. Any help is greatly appreciated!

1. The problem I’m having:

After successfully setting up Nextcloud AIO in reverse proxy mode on my QNAP NAS (using Docker and Portainer), I’m encountering a redirect loop when I access my Nextcloud instance via https://cloud.riemer.digital/. The browser (Firefox) shows “The page isn’t redirecting properly” with an endless redirect loop. I’ve followed multiple troubleshooting steps—including adjusting Nextcloud’s config.php and tweaking my Caddyfile—but the issue persists.

2. Error messages and/or full log output:

Below is an excerpt from the HAR log showing repeated 308 redirects with a Location header pointing to https://cloud.riemer.digital/:

HTTP/2 308
Location: https://cloud.riemer.digital/
Content-Length: 0

There are no additional error messages from Caddy beyond these repeated redirects.

3. Caddy version:

v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=

4. How I installed and ran Caddy:

a. System environment:

• OS: QNAP NAS (Linux-based)

• Docker/Portainer: Used to manage containers.

• Networking: Containers are attached to an external Docker network (networking_app_net with subnet 172.29.8.0/22).

• TLS: Using Cloudflare DNS challenge for automatic certificate issuance.

• Local DNS: AdGuard Home is running as my local DNS server with a wildcard rewrite for *.riemer.digital.

b. Command:

I deploy Caddy using Portainer via a Compose stack.

c. Service/unit/compose file:

networks: # **CRITICAL: Define networks FIRST, before services**
  app_net:
    driver: bridge

volumes: # Define volumes next (good practice)
  caddy_data:
    driver: local
    driver_opts:
      o: bind
      type: none
      device: /share/Media/config/caddy/data
  caddy_config:
    driver: local
    driver_opts:
      o: bind
      type: none
      device: /share/Media/config/caddy/config

services:
  caddy:
    image: caddybuilds/caddy-cloudflare:latest
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - /share/Media/config/caddy/data:/data
      - /share/Media/config/caddy/config:/config
      - /share/Media/config/caddy/config/Caddyfile:/etc/caddy/Caddyfile
      - /share/Public/tailscale-certs:/etc/tailscale-certs:ro
    networks:
      - app_net
    environment:
      - CADDY_EMAIL=my@mail.com
      - CLOUDFLARE_API_TOKEN={CLOUDFLARE_API_TOKEN}

d. My complete Caddy config:

{
  email pascal@riemer.digital
}

cloud.riemer.digital {
  reverse_proxy http://nextcloud-aio-apache:11000 {
    header_up Host {host}
    header_up X-Forwarded-Proto "https"
    header_up X-Forwarded-Host {host}
    header_up X-Forwarded-For {remote_host}
  }
  tls {
    dns cloudflare {env.CLOUDFLARE_API_TOKEN}
  }
}

cloudconfig.riemer.digital {
  reverse_proxy https://nextcloud:8080 {
    transport http {
      tls_insecure_skip_verify
    }
  }
  tls {
    dns cloudflare {env.CLOUDFLARE_API_TOKEN}
  }
}

5. Links to relevant resources:

https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md

https://caddyserver.com/docs/modules/tls.dns/cloudflare

Additional Information:

Nextcloud config.php (located at /mnt/docker-aio-config/config.php):

'trusted_domains'      => ['cloud.riemer.digital'],
'trusted_proxies'      => ['172.29.8.7'],  // caddy container IP
'overwriteprotocol'    => 'https',
'overwrite.cli.url'    => 'https://cloud.riemer.digital',
'overwritewebroot'     => '/',
// 'overwritehost'      => 'cloud.riemer.digital',  // Removed to avoid conflicts
'forwarded_for_headers'=> ['HTTP_X_FORWARDED_FOR'],

Nextcloud AIO Docker Compose snippet:

services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    container_name: nextcloud-aio-mastercontainer
    restart: always
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    ports:
      - "8081:8080"  # AIO interface – use an available host port if needed
    environment:
      - APACHE_PORT=11000
      - APACHE_IP_BINDING=0.0.0.0
      - APACHE_ADDITIONAL_NETWORK=networking_app_net
      - SKIP_DOMAIN_VALIDATION=false
    networks:
      networking_app_net:
        aliases:
          - nextcloud

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

networks:
  networking_app_net:
    external: true

Despite configuring these settings and ensuring that the Nextcloud containers (both master and Apache) and Caddy are on the same Docker network, I still get the redirect loop error (“The page isn’t redirecting properly”). I’ve followed suggestions from ChatGPT and various forum posts (for example, see below):

https://github.com/nextcloud/all-in-one/discussions/6084

I’m at my wit’s end and any help is greatly appreciated!

TheRettom · February 26, 2025, 3:57am

    header_up Host {host}
    header_up X-Forwarded-Proto "https"
    header_up X-Forwarded-Host {host}
    header_up X-Forwarded-For {remote_host}

Just so you know, these are not necessary. Caddy does a lot of smart things by default.

I’ve never seen the need to manually configure a config.php and bind it as a volume. Regardless of that, you have APACHE_ADDITIONAL_NETWORK= set with the same network that the container is already connected to. The Caddy container network is app_net. You need to change the environmental variable to just app_net.

system · March 28, 2025, 3:57am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.