Getting 502 error when proxying to Matomo (apache)

1. The problem I’m having:

I’m trying to reverse proxy a domain to a local host port. The service on the backend is Matomo which I believe uses Apache as its front end. When I access that port directly, I have no problem, but when it’s reverse proxy through Caddy, I get a 502 error.

2. Error messages and/or full log output:

caddy-1  | {"level":"error","ts":1708413672.2528512,"logger":"http.log.error","msg":"dial tcp 192.168.96.4:8080: connect: connection refused","request":{"remote_ip":"x.x.x.x","remote_port":"41298","client_ip":"x.x.x.x","proto":"HTTP/3.0","method":"GET","host":"DOMAIN_HERE","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"],"Sec-Ch-Ua-Mobile":["?0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Site":["none"],"Accept-Language":["en-US,en;q=0.9"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Platform":["\"macOS\""],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":[],"Sec-Ch-Ua":["\"Not A(Brand\";v=\"99\", \"Google Chrome\";v=\"121\", \"Chromium\";v=\"121\""],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Upgrade-Insecure-Requests":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h3","server_name":"DOMAIN_HERE"}},"duration":0.000813218,"status":502,"err_id":"4a34jjneb","err_trace":"reverseproxy.statusError (reverseproxy.go:1267)"}

3. Caddy version:

Caddy: v2.7.6

4. How I installed and ran Caddy:

Ubuntu 22.04 LTS via Docker

a. System environment:

Ubuntu 22.04 LTS via Docker

b. Command:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

version: '3'
networks:
  default:  
    name: 'proxy_network'
services:
  uptime-kuma:
    image: louislam/uptime-kuma:1
    restart: unless-stopped
    volumes:  
      - /srv/uptime:/app/data
    labels:   
      caddy: NON-RELATED_DOMAIN_HERE
      caddy.reverse_proxy: "* {{upstreams 3001}}"
    ports: 
      - 3001:3001
  caddy:
    image: caddy:latest
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./site:/srv
      - ./caddy/data:/data
      - ./caddy/config:/config
    environment:
      - CADDY_INGRESS_NETWORKS=proxy_network
  db:
    image: mariadb:10.11
    command: --max-allowed-packet=64MB
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
    environment:
      - MYSQL_ROOT_PASSWORD=
      - MARIADB_AUTO_UPGRADE=1
      - MARIADB_DISABLE_UPGRADE_BACKUP=1
    env_file:
      - ./db.env
  app:
    image: matomo
    restart: unless-stopped
    volumes:
      - ./config:/var/www/html/config:z
      - ./logs:/var/www/html/logs:z
      - matomo:/var/www/html:z
    environment:
      - MATOMO_DATABASE_HOST=db
    env_file:
      - ./db.env
    ports:
      - 8080:80
    labels:   
      caddy: DOMAIN_HERE
      caddy.reverse_proxy: "* {{upstreams 8080}}"
volumes:
  db:
  matomo:

d. My complete Caddy config:

https://TROUBLE_DOMAIN_HERE {
        reverse_proxy app:8080
}
https://UNRELATED_DOMAIN_HERE {
        reverse_proxy 127.0.0.1:3001
}

5. Links to relevant resources:

Matomo config.ini.php See Here For Proxy Related Config

...
[General]
salt = "REDACTED"
enable_trusted_host_check = 0
force_ssl = 1
assume_secure_protocol = 1
proxy_client_headers[] = "HTTP_X_FORWARDED_FOR"
proxy_host_headers[] = "HTTP_X_FORWARDED_HOST"
proxy_uri_header = 1
...

Other Links:

Any Help Would be much appreciated

You need to proxy to the docker internal port, not the port you published to the host. So use app:80, not app:8080.

Also you can remove ports, since it should only be accessible through Caddy.

Hi @francislavoie,

I’ve done multiple variations of that as well:

  • 127.0.0.1:8080
  • app:8080
  • local:8080

All of them have yielded the same error.

Like I said, that’s all wrong. Don’t use port 8080 to connect.

Use port 80, that’s the port that the program is listening to inside the container.

Caddy is reaching the other container called app through the Docker network.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.