FrankenPHP and Nextcloud

1. The problem I’m having:

How to setup FrankenPHP and Nextcloud natively?

2. Error messages and/or full log output:

3. Caddy version:

2.7.6

4. How I installed and ran Caddy:

a. System environment:

Almalinux 9, amd64, systemd; no docker; natively.

b. Command:

c. Service/unit/compose file:

d. My complete Caddy config:

5. Links to relevant resources:

What did you try? Please completely fill out the help topic template as per the forum rules.

Nothing yet, I don’t know how to set this up yet.
We assume that it’s just an standard Caddyfile as a starting point.

Follow the FrankenPHP docs FrankenPHP: the modern PHP app server

If you have any specific questions then let us (or the FrankenPHP team) know.

As I said, I dont know how to set it up and also I dont know how my Caddyfile has to look like :confused:

Read the docs. There are examples. Try it.

I thought we could make this a wiki Post with Instructions

Sure, you could make a wiki post once you have it working :+1:

I don’t use Nextcloud, so you’ll need to get to the point where you have something running (possibly with errors or w/e) then we can go from there.

Okay, now I am stuck. I have absoluetly no clue how to get the user/group working with frankenphp to match file permissions (user/group) fpm is using.

Remember: It is a native setup with other services as well.

I mean, :man_shrugging:

You haven’t shown us any evidence whatsoever of what you’re tried, or what errors you’re getting.

You need to show evidence, logs, config, etc. We can’t read your mind!

I’m sorry if I might sound rude, that’s not my intent here, but we can’t help without understanding where the problem lies.

Currently you can not change the user nor the group which the worker should run, so its not possible at the moment

What do you mean?

Once again, you haven’t posted any evidence, logs, config, etc. I’m not sure how you expect us to help without that.

Nextcloud Screenshot:


Caddyfile:

{
    frankenphp

    # Configure when the directive must be executed
    # https://caddyserver.com/docs/caddyfile/directives#sorting-algorithm
    order mercure after 
    order vulcain after reverse_proxy
    order php_server before file_server
    order php before file_server

}
nextclouddomain.com {

              file_server
              root * /var/www/html/nextcloud

              # Execute PHP files in the current directory and serve assets
              php_server

              # Redirects for DAV apps
              redir /.well-known/carddav /remote.php/dav 301
              redir /.well-known/caldav /remote.php/dav 301

              # redir /.well-known/* /index.php/.well-known/webfinger 301
              # redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301
              redir /.well-known/* /index.php{uri} 301

              respond /.well-known/pki-validation 404
              respond /.well-known/acme-challenge 404

              # .htaccess / data / config / ... shouldn't be accessible from outside
              @forbidden {
                      path /.htaccess
                      path /.xml
                      path /3rdparty/*
                      path /config/*
                      path /data/*
                      path /db_structure
                      path /README
                      path /lib/*
                      path /templates/*
                      path /occ
                      path /console.php
                      path /test.php
              }
              respond @forbidden "Access denied" 403 {
                      close
              }
}

Nextcloud directory permissions:


PHP-FPM Nextcloud Config:

xcaddy command:

xcaddy build master --with github.com/dunglas/frankenphp/caddy@main \ 
--with github.com/dunglas/mercure/caddy@main \ 
--with github.com/dunglas/vulcain/caddy@main \ 
--output /usr/bin/caddy

Thanks; here are my thoughts and followup questions:

  • You don’t need php-fpm if you’re using FrankenPHP, because FrankenPHP has PHP built in. It replaces php-fpm.
  • How are you running Caddy/FrankenPHP? Are you running it as a systemd service? If so, how did you set up the service?
  • What do you have in Caddy/FrankenPHP’s logs? Seeing the logs is important to see how it’s behaving.
  • Depending on how you installed it, the Nextcloud files should match the user/group that Caddy/FrankenPHP is running as. If you’re running it as a systemd service, then it should be owned by the caddy user, or have the www-data group at least.
1 Like

Yes, I know I don’t need that. It’s just for information purposes and to understand how it’s set up.

I am using a systemd config:

#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy Web Server
Documentation=https://caddyserver.com/docs/
After=network-online.target
Requires=network-online.target
StartLimitIntervalSec=14400
StartLimitBurst=10

[Service]
Type=notify
User=caddy
Group=caddy
ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force

# Do not allow the process to be restarted in a tight loop. If the
# process fails to start, something critical needs to be fixed.
Restart=on-abnormal

# Use graceful shutdown with a reasonable timeout
TimeoutStopSec=5s

LimitNOFILE=1048576
LimitNPROC=512

PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

As I said: You can not change the user nor the group of the FrankenPHP Worker. You can only change globally your user and give permission to everything instead of two users.
You can only use one user for everything.

The Problem here is I want to use a seperate user and group but also want to run a seperate user for the normal caddy(frankenphp) webserver

I’m not sure I understand your concern regarding users. Since FrankenPHP is Caddy+PHP in one binary, it doesn’t make sense to use two different users for that. They’re inherently tied together. What’s the actual problem here? Just make sure your Nextcloud files are usable by the caddy user.