Thank you @matt, everything works like it’s supposed to be now.
Here is my latest Caddyfile v2 for NextCloud provided as a reference (it’s only working with @francislavoie fix which hopefully will be merged into v2 release) :
mydomain.com {
root * /usr/local/www/nextcloud
file_server
log {
output file /var/log/mydomain.com.log
format single_field common_log
}
php_fastcgi 127.0.0.1:9000
header {
# enable HSTS
Strict-Transport-Security max-age=31536000;
}
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
respond @forbidden 404
}