Case study: Variations in Caddyfile design for different Nextcloud builds

Showcase
1

screenshot.435

The graphic depicts three instances of Nextcloud that do not include encryption running behind a Caddy reverse proxy, which is providing encryption services. Each Nextcloud instance has been constructed somewhat differently:

a. Nextcloud in a FreeNAS jail

b. Nextcloud in a Docker container using the base apache image.

c. Nextcloud in a Docker container using the base fpm image.

Essentially, the end-user experience is identical in each case. The end-user is blissfully unaware of build variations behind the scene. This case study examines the subtle variations in Caddyfile design to accommodate each build.

a. Nextcloud in a FreeNAS jail

Caddyfile:

:80 {
        root * /usr/local/www/nextcloud
        file_server

        php_fastcgi 127.0.0.1:9000

        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301

        # .htaccess / data / config / ... shouldn't be accessible from outside
        @forbidden {
                path /.htaccess
                path /data/*
                path /config/*
                path /db_structure
                path /.xml
                path /README
                path /3rdparty/*
                path /lib/*
                path /templates/*
                path /occ
                path /console.php
        }

        respond @forbidden 404
}

Reference: To build a Nextcloud instance on FreeNAS using Caddy as the webserver, refer to @danb35’s Scripted installation of Nextcloud in an iocage jail on the FreeNAS Community Forum.

b. Nextcloud in a Docker container using the base apache image.

Caddyfile: N/A. However, using the apache image does impact on the related reverse proxy Caddyfile code block. Refer to section d.

Reference: For further details, refer to Dockerised Nextcloud+Apache web server behind a Caddy reverse proxy - #2 by jok

c. Nextcloud in a Docker container using the base fpm image.

:80 {

        root * /var/www/html
        file_server

        php_fastcgi app:9000

        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301

        # .htaccess / data / config / ... shouldn't be accessible from outside
        @forbidden {
                path    /.htaccess
                path    /data/*
                path    /config/*
                path    /db_structure
                path    /.xml
                path    /README
                path    /3rdparty/*
                path    /lib/*
                path    /templates/*
                path    /occ
                path    /console.php
        }

        respond @forbidden 404

}

Reference: For further details, refer to Example: Docker Nextcloud-FPM + Caddy v2 webserver

d. Caddy reverse proxy in a FreeNAS jail.

Caddyfile:

# Nextcloud+Caddy in a FreeNAS jail
a.mydomain.com {
  encode gzip
  reverse_proxy http://10.1.1.1
}

# Nextcloud+Apache in a Docker container
b.mydomain.com {
  encode gzip
  reverse_proxy http://10.1.1.2

  redir /.well-known/carddav /remote.php/carddav 301
  redir /.well-known/caldav /remote.php/caldav 301
}

# Nextcloud+Caddy in Docker containers
c.mydomain.com {
  encode gzip
  reverse_proxy http://10.1.1.3
}

Reference: To build a Caddy v2 reverse proxy on FreeNAS, refer to @danb35’s Reverse Proxy with Caddy (with optional automatic TLS) on the FreeNAS Community Forum.

3 Likes
2

This topic was automatically closed after 14 days. New replies are no longer allowed.