Help Getting Nextcloud/PHP to Work with Caddy

Help
1

Hi all! I am new to Caddy and making my first attempts at self-hosting apps on a local raspberry pi. I have been trying to get Nextcloud to work with Caddy, but it has not been working for me :slightly_frowning_face: I was unable to find tutorials on getting it to work with Caddy like I did with nginx or apache, but I would much rather use Caddy because I really enjoy it, so I hope someone here can help me! My setup info is below:

1. Caddy version (caddy version):

v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=

2. How I run Caddy:

a. System environment:

Raspberry Pi OS 05-27-2020 (previously called Raspbian) based on Debian 10 (Buster). I am running it on a Raspberry Pi. I followed the installation procedure on Caddy’s wesbsite.

using systemd.

b. Command:

sudo systemctl start caddy

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

:80 {
  root * /var/www/nextcloud
  file_server
  
  php_fastcgi 127.0.0.1:9000

  rewrite /index.php/* /index.php?{query}

	# client support (e.g. os x calendar / contacts)
	redir /.well-known/carddav /remote.php/dav 301
	redir /.well-known/caldav /remote.php/dav 301

  header {
    Strict-Transport-Security max-age=31536000;
  }

        @forbidden {
                path    /.htaccess
                path    /data/*
                path    /config/*
                path    /db_structure
                path    /.xml
                path    /README
                path    /3rdparty/*
                path    /lib/*
                path    /templates/*
                path    /occ
                path    /console.php
        }

        respond @forbidden 404
}

3. The problem I’m having:

When I try to access my server through its IP, it does not load anything. It only shows a blank white page. Error message below seems to show that connection refused and error dialing backend, but I am not sure what the problem is exactly.

I made sure the php7.3-fpm package is installed.

4. Error messages and/or full log output:

systemctl status caddy gives the following:

Jul 07 23:17:07 raspberrypi caddy[953]: {"level":"info","ts":1594160227.8399065,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Jul 07 23:17:07 raspberrypi caddy[953]: {"level":"info","ts":1594160227.8458982,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["127.0.0.1:2019","localhost:2019","[::1]:2019"]}
Jul 07 23:17:07 raspberrypi caddy[953]: {"level":"info","ts":1594160227.8469915,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
Jul 07 23:17:07 raspberrypi caddy[953]: 2020/07/07 23:17:07 [INFO][cache:0x3746c80] Started certificate maintenance routine
Jul 07 23:17:07 raspberrypi caddy[953]: {"level":"info","ts":1594160227.8501546,"logger":"tls","msg":"cleaned up storage units"}
Jul 07 23:17:07 raspberrypi caddy[953]: {"level":"info","ts":1594160227.8508477,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jul 07 23:17:07 raspberrypi caddy[953]: {"level":"info","ts":1594160227.85116,"msg":"serving initial configuration"}
Jul 07 23:17:13 raspberrypi caddy[953]: {"level":"error","ts":1594160233.9775906,"logger":"http.log.error","msg":"dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused","request":{"method":"GET","uri":"/","proto":"HTTP/1.1","remote_addr":"192.168.1.87:56256","host":"192.168.1.7","headers":{"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate"],"Dnt":["1"],"Connection":["keep-alive"],"Upgrade-Insecure-Requests":["1"]}},"duration":0.001773255,"status":502,"err_id":"nx19d94sy","err_trace":"reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:411)"}
Jul 07 23:18:23 raspberrypi caddy[953]: {"level":"error","ts":1594160303.7148628,"logger":"http.log.error","msg":"dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused","request":{"method":"GET","uri":"/","proto":"HTTP/1.1","remote_addr":"192.168.1.233:48866","host":"192.168.1.7","headers":{"Accept-Encoding":["gzip, deflate"],"Accept-Language":["en-US,en;q=0.9,ar;q=0.8"],"Connection":["keep-alive"],"Dnt":["1"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; HD1900) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"]}},"duration":0.002611223,"status":502,"err_id":"n74cwt57u","err_trace":"reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:411)"}
Jul 07 23:18:36 raspberrypi caddy[953]: {"level":"error","ts":1594160316.2470295,"logger":"http.log.error","msg":"dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused","request":{"method":"GET","uri":"/","proto":"HTTP/1.1","remote_addr":"192.168.1.233:48868","host":"192.168.1.7","headers":{"Connection":["keep-alive"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Accept-Encoding":["gzip, deflate"],"Accept-Language":["en-US,en;q=0.9,ar;q=0.8"],"Cache-Control":["max-age=0"],"Dnt":["1"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; HD1900) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36"]}},"duration":0.001932342,"status":502,"err_id":"w9kmueq2p","err_trace":"reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:411)"}

5. What I already tried:

I have tried many different forms of the config file. In fact, my start point was trying to put nextcloud in a subfolder. But throughout my debugging I chose to just serve it from root just to see if it will work, and tried to simplify it. I have tried to look online for others who included their Caddyfile with a next cloud configuration, and also tried to translate over nginx configs. Sadly none worked :slightly_frowning_face:

P.S. I have tried serving static html files just to see if they work, and indeed that works correctly.

Would really appreciate any help here! :slightly_smiling_face:

6. Links to relevant resources:

I tried following whatever was given in the Caddyfile of this comment, which is how I arrived at the Caddyfile I showed above.

2

php-fpm may be installed, but is it running? Is it configured to listen on port 9000? It may be configured by default to use a unix socket.

This sounds more like a PHP configuration issue than a Caddy issue.

1 Like
3

I just recently updated my nextcloud install from caddy v1 to v2.1.1 on an Odroid (which is an arm soc computer). I’m running Nextcloud 18.0.6. Here is what I would check.

My config file is basically the same as yours EXCEPT I don’t have this line in my config

rewrite /index.php/* /index.php?{query}

The second difference is my php_fastcgi section is like this:

php_fastcgi 127.0.0.1:9000 {
	 env PATH /bin
}

The other thing I would check is phpX.X-fpm settings. I’m running php7.4 so my config is in /etc/php/7.4/fpm/pool.d/www.conf
Assuming your running caddyserver as caddy be sure the following is in that config file:
user = caddy
group = caddy
listen = 127.0.0.1:9000

By default I believe this is set to www-data which might be causing your 502 rejection.

My setup is working so much better since going to caddy 2.1.1 and php 7.4.

Here is my full Caddyfile that works:

cloud.mydomain.com {
root * /var/www/nextcloud
file_server
tls hud@mydomain.com
log {
output file /var/www/logs/nextcloud/access.log
}

php_fastcgi 127.0.0.1:9000 {
	 env PATH /bin
}

header {
	 Strict-Transport-Security max-age=15768000;
}

# client support (e.g. os x calendar / contacts)
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301

# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
	path /.htaccess
	path /data/*
	path /config/*
	path /db_structure
	path /.xml
	path /README
	path /3rdparty/*
	path /lib/*
	path /templates/*
	path /occ
	path /console.php
}
respond @forbidden 404

}

Good luck!

Hud

1 Like
4

Thank you all for the help! I checked to see if php7.3-fpm was running. It was, but it was not configured to run on the correct port. I also had some issues with file permissions, but all is working now. Thanks to everyone!! :slightly_smiling_face:

1 Like
5

This topic was automatically closed after 30 days. New replies are no longer allowed.