Issues reaching a nextcloud instance of different host

Help
1

1. Caddy version (caddy version):

Caddy v1.0.3

2. How I run Caddy:

I am running it in Docker container; this is the run command:

docker run -d\
    --name caddy \
    --restart=always \
    -v /docker/config/caddy/Caddyfile:/etc/Caddyfile \
    -v /docker/config/caddy/log:/etc/log \
    -v /docker/config/caddy/.caddy:/root/.caddy \
    -v /media/daten/WEBSERVICEDATEN/caddy/www/:/srv \
    -p 80:80 \
    -p 443:443 \
    -p 2015:2015 \
    -e ACME_AGREE=true \
    abiosoft/caddy:php

a. System environment:

host: ubuntu 18.04

b. Command:

paste command here

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

#######################################
#FOLDERS

homer-s.my-wan.de {
  root /srv
  tls rudolf123@yahoo.de
  #tls off
  log    /etc/log/gcbilder-access.log
  errors /etc/log/gcbilder-errors.log
  gzip
}

############################################
#COPS AUF FILESERVER

ebooks.broehlis.de {
  proxy / 192.168.100.11:8030
  tls rudolf123@yahoo.de
  basicauth / a b
  basicauth / c d
  log    /etc/log/ebooks-access.log
  errors /etc/log/ebooks-errors.log
  gzip

}

############################################
#NEXTCLOUD AUF FILESERVER

nc.broehlis.de, nextcloud.broehlis.de {
  proxy / 192.168.100.11:8020 {
    transparent
    websocket
  }
  tls rudolf123@yahoo.de
  gzip
   # client support (e.g. os x calendar / contacts)
  redir /.well-known/carddav /remote.php/carddav 301
  redir /.well-known/caldav /remote.php/caldav 301
  header / {
    Referrer-Policy "no-referrer"
    Strict-Transport-Security "max-age=31536000; includeSubdomains"
    X-XSS-Protection "1; mode=block"
    X-Content-Type-Options "nosniff"
    X-Frame-Options "SAMEORIGIN"
    Referrer-Policy "same-origin"
  }
  log /etc/log/nextcloud-access.log
  errors /etc/log/nextcloud-errors.log
}

############################################
#bitwarden AUF FILESERVER

bw.broehlis.de {
  proxy / 192.168.100.11:8040 {
    transparent
    insecure_skip_verify
  }
  proxy /notifications/hub 192.168.100.11:3012 {
  websocket
 }
 proxy /notifications/hub/negotiate 192.168.100.11:8040 {
  transparent
  }
  log    /etc/log/bw-access.log
  errors /etc/log/bw-errors.log
  gzip
  tls rudolf123@yahoo.de
}

############################################
#wordpress 

broehlis.de {
  proxy / 192.168.100.11:8090 {
    transparent
  }
  header / {
    Referrer-Policy "no-referrer"
    Strict-Transport-Security "max-age=31536000; includeSubdomains"
    X-XSS-Protection "1; mode=block"
    X-Content-Type-Options "nosniff"
    X-Frame-Options "SAMEORIGIN"
    Referrer-Policy "same-origin"
  }
  log /etc/log/caddy.log
  errors /etc/log/caddy.errors
  tls rudolf123@yahoo.de
  gzip
}

############################################
#Syncthing AUF FILESERVER

sync.broehlis.de {
  proxy / http://192.168.100.11:8384 {
    transparent
  }
  basicauth / a b
  log    /etc/log/sync-access.log
  errors /etc/log/sync-errors.log
  gzip
  tls rudolf123@yahoo.de
  timeouts {
  read none
  write none
  header none
}
}

############################################
#firefox sync server

ffsyncserver.broehlis.de {
    proxy / http://192.168.100.11:5000/token/1.0/sync/1.5 {
        transparent
    }
}

############################################
#Guacamole Virtualbox

vm.broehlis.de {
  proxy / http://192.168.100.11:8080/guacamole {
      transparent
      websocket
  }
  tls rudolf123@yahoo.de
}


############################################
#NEXTCLOUD AUF RPI Nextcloud

daniel.broehlis.de {
  proxy / https://192.168.100.123:8432 {
    transparent
    websocket
  }
  tls rudolf123@yahoo.de
  gzip
   # client support (e.g. os x calendar / contacts)
  redir /.well-known/carddav /remote.php/carddav 301
  redir /.well-known/caldav /remote.php/caldav 301
  header / {
    Referrer-Policy "no-referrer"
    Strict-Transport-Security "max-age=31536000; includeSubdomains"
    X-XSS-Protection "1; mode=block"
    X-Content-Type-Options "nosniff"
    X-Frame-Options "SAMEORIGIN"
    Referrer-Policy "same-origin"
  }
  log /etc/log/nextcloud2-access.log
  errors /etc/log/nextcloud2-errors.log
}

3. The problem I’m having:

All my Caddyfile is working for month. I added the last chapter ############################################
#NEXTCLOUD AUF RPI Nextcloud

and I am receiving a 502 Bad Gateway error.
If I am navigating to https://192.168.100.123:8432 manually it is showing me nextcloud …

4. Error messages and/or full log output:

Actions

2020/12/05 11:08:21 [INFO] Serving http://vm.broehlis.de

2020/12/05 11:08:21 [INFO] Serving http://daniel.broehlis.de

2020/12/05 11:08:21 [WARNING] Sending telemetry (attempt 1): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 11:08:29 [WARNING] Sending telemetry (attempt 2): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 11:08:56 [WARNING] Sending telemetry (attempt 3): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 11:10:00 [ERROR] Sending telemetry: Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host

2020/12/05 11:16:15 http: TLS handshake error from 172.17.0.1:37470: EOF

2020/12/05 11:16:15 http: TLS handshake error from 172.17.0.1:37474: EOF

2020/12/05 11:16:16 http: TLS handshake error from 172.17.0.1:37478: EOF

2020/12/05 11:16:16 http: TLS handshake error from 172.17.0.1:37482: tls: no cipher suite supported by both client and server

2020/12/05 11:16:16 http: TLS handshake error from 172.17.0.1:37486: EOF

2020/12/05 11:16:16 http: TLS handshake error from 172.17.0.1:37490: tls: client offered only unsupported versions: [302 301 300]

2020/12/05 11:16:17 http: TLS handshake error from 172.17.0.1:37494: EOF

2020/12/05 11:16:17 http: TLS handshake error from 172.17.0.1:37498: EOF

2020/12/05 11:16:18 http: TLS handshake error from 172.17.0.1:37502: EOF

2020/12/05 11:16:18 http: TLS handshake error from 172.17.0.1:37506: EOF

2020/12/05 11:20:59 http: TLS handshake error from 172.17.0.1:38498: no certificate available for ‘’

2020/12/05 11:20:59 http: TLS handshake error from 172.17.0.1:38504: no certificate available for ‘82.165.67.61’

2020/12/05 11:21:00 http: TLS handshake error from 172.17.0.1:38508: no certificate available for ‘82.165.67.61’

2020/12/05 11:21:00 http: TLS handshake error from 172.17.0.1:38512: no certificate available for ‘82.165.67.61’

2020/12/05 11:21:00 http: TLS handshake error from 172.17.0.1:38516: no certificate available for ‘82.165.67.61’

2020/12/05 11:21:00 http: TLS handshake error from 172.17.0.1:38520: no certificate available for ‘82.165.67.61’

2020/12/05 11:21:01 http: TLS handshake error from 172.17.0.1:38524: tls: client offered only unsupported versions: [302 301 300]

2020/12/05 11:21:01 http: TLS handshake error from 172.17.0.1:38528: no certificate available for ‘82.165.67.61’

2020/12/05 11:21:01 http: TLS handshake error from 172.17.0.1:38532: no certificate available for ‘82.165.67.61’

2020/12/05 11:21:01 http: TLS handshake error from 172.17.0.1:38536: no certificate available for ‘82.165.67.61’

2020/12/05 11:21:02 http: TLS handshake error from 172.17.0.1:38540: no certificate available for ‘82.165.67.61’

2020/12/05 11:34:24 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 11:59:05 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 12:08:12 [INFO][cache:0xc0000333b0] Scanning for stale OCSP staples

2020/12/05 12:08:12 [INFO][cache:0xc0000333b0] Done checking OCSP staples

2020/12/05 12:10:41 [WARNING] Sending telemetry (attempt 1): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 12:10:49 [WARNING] Sending telemetry (attempt 2): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 12:11:16 [WARNING] Sending telemetry (attempt 3): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 12:12:20 [ERROR] Sending telemetry: Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host

2020/12/05 12:53:40 [INFO] 127.0.0.1 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 13:08:12 [INFO][cache:0xc0000333b0] Scanning for stale OCSP staples

2020/12/05 13:08:12 [INFO][cache:0xc0000333b0] Done checking OCSP staples

2020/12/05 13:13:02 [WARNING] Sending telemetry (attempt 1): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 13:13:10 [WARNING] Sending telemetry (attempt 2): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 13:13:37 [WARNING] Sending telemetry (attempt 3): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 13:14:41 [ERROR] Sending telemetry: Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host

2020/12/05 13:16:52 [INFO] 192.168.100.11 - No such site at :80 (Remote: 192.168.100.190, Referer: )

2020/12/05 13:16:52 [INFO] 192.168.100.11 - No such site at :80 (Remote: 192.168.100.190, Referer: http://192.168.100.11/)

2020/12/05 13:26:37 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 13:33:06 [ERROR] failed to copy buffer: context canceled

2020/12/05 13:33:29 [INFO] 127.0.0.1 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 13:41:55 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 14:08:12 [INFO][cache:0xc0000333b0] Scanning for stale OCSP staples

2020/12/05 14:08:12 [INFO][cache:0xc0000333b0] Done checking OCSP staples

2020/12/05 14:14:51 [WARNING] Sending telemetry (attempt 1): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 14:14:59 [WARNING] Sending telemetry (attempt 2): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 14:15:26 [WARNING] Sending telemetry (attempt 3): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 14:16:30 [ERROR] Sending telemetry: Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host

2020/12/05 14:38:06 http: TLS handshake error from 172.17.0.1:51286: no certificate available for ‘netdata.homer-s.my-wan.de

2020/12/05 14:58:34 http: TLS handshake error from 172.17.0.1:55398: EOF

2020/12/05 15:08:12 [INFO][cache:0xc0000333b0] Scanning for stale OCSP staples

2020/12/05 15:08:12 [INFO][cache:0xc0000333b0] Done checking OCSP staples

2020/12/05 15:17:26 [WARNING] Sending telemetry (attempt 1): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 15:17:34 [WARNING] Sending telemetry (attempt 2): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 15:18:01 [WARNING] Sending telemetry (attempt 3): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 15:19:05 [ERROR] Sending telemetry: Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host

2020/12/05 15:23:27 http: TLS handshake error from 172.17.0.1:60044: EOF

2020/12/05 15:43:45 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: http://82.165.67.61:80/admin/login.asp)

2020/12/05 15:48:51 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 16:08:12 [INFO][cache:0xc0000333b0] Scanning for stale OCSP staples

2020/12/05 16:08:12 [INFO][cache:0xc0000333b0] Done checking OCSP staples

2020/12/05 16:18:47 [INFO] 127.0.0.1 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 16:19:17 [WARNING] Sending telemetry (attempt 1): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 16:19:25 [WARNING] Sending telemetry (attempt 2): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 16:19:52 [WARNING] Sending telemetry (attempt 3): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 16:20:56 [ERROR] Sending telemetry: Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host

2020/12/05 16:30:49 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: http://82.165.67.61:80/admin/login.asp)

2020/12/05 16:46:27 [INFO] - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 16:53:19 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 16:53:19 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 16:53:20 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 16:53:20 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 16:53:20 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 16:53:20 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 16:53:20 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 16:53:20 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 16:53:20 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 16:53:21 [INFO] 82.165.67.61 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 17:08:12 [INFO][cache:0xc0000333b0] Scanning for stale OCSP staples

2020/12/05 17:08:12 [INFO][cache:0xc0000333b0] Done checking OCSP staples

2020/12/05 17:18:33 http: TLS handshake error from 172.17.0.1:56262: EOF

2020/12/05 17:18:34 http: TLS handshake error from 172.17.0.1:56266: tls: unsupported SSLv2 handshake received

2020/12/05 17:18:34 http: TLS handshake error from 172.17.0.1:56270: tls: client offered only unsupported versions: [300]

2020/12/05 17:18:34 http: TLS handshake error from 172.17.0.1:56274: tls: client offered only unsupported versions: [301 300]

2020/12/05 17:18:35 http: TLS handshake error from 172.17.0.1:56278: tls: client offered only unsupported versions: [302 301 300]

2020/12/05 17:18:35 http: TLS handshake error from 172.17.0.1:56284: no certificate available for ‘82.165.67.61’

2020/12/05 17:18:35 http: TLS handshake error from 172.17.0.1:56288: no certificate available for ‘82.165.67.61’

2020/12/05 17:21:58 [WARNING] Sending telemetry (attempt 1): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: read udp 172.17.0.12:57644->192.168.100.1:53: i/o timeout - backing off and retrying

2020/12/05 17:22:06 [WARNING] Sending telemetry (attempt 2): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 17:22:33 [WARNING] Sending telemetry (attempt 3): Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host - backing off and retrying

2020/12/05 17:23:37 [ERROR] Sending telemetry: Post https://telemetry.caddyserver.com/v1/update/88acc80c-e433-44d7-a260-c1069ebf2bb2: dial tcp: lookup telemetry.caddyserver.com on 192.168.100.1:53: no such host

2020/12/05 17:23:39 [INFO] 127.0.0.1 - No such site at :80 (Remote: 172.17.0.1, Referer: )

2020/12/05 17:35:23 http2: received GOAWAY [FrameHeader GOAWAY len=8], starting graceful shutdown

2020/12/05 17:57:01 [INFO] 127.0.0.1 - No such site at :80 (Remote: 172.17.0.1, Referer: )

5. What I already tried:

I am completly desperate

6. Links to relevant resources:

Thanks for your help.

2

Caddy v1 is EOL and no longer supported, please upgrade to Caddy v2!

Here’s a guide for nextcloud in Caddy v2:

We have an official Docker image for v2: Docker

3

I tried to setup a container without success and big issues. I guess I would need much easier/detailed instructions.

Maybe a good hint on current issue anyway?

4

I just linked all the relevant documentation for you to review. I’m not sure how it could be made any clearer.

5

Do not take it personally, I am sure it is my lack of knowledge.

After setting up a caddy2 container on a fresh VM I am not able to reach the basic site on the server (service is active) …

So you may have an idea about my skeptic of loosing access to my webs services

6

@francislavoie
I started a new container v2 and tried to convert step by step my old Caddyfile but with the first one I am already struggling.
I can access the site but if I am adding the auth name and pass it is looping in the request for login data???

############################################
#COPS AUF FILESERVER
ebooks.broehlis.de {
  reverse_proxy 192.168.100.11:8030
  tls rudolf123@yahoo.de
  basicauth /* {
     gast JDJhJDEwJDNSNURGeWo2cDI5TEtFZVI1YkZLYnVmYWduYnhhSmdvQXpieXNDTXhzYjRuazVnM1pmaTNt
  }
  basicauth /* {
    marie  JDJhJDEwJDdTeDJOcGhBaFF3VEIwcHZNUzJjVXVvMUl4eDlTUnpTNllmcnlJTk0wdTNzRHA3Y3E1Qklt
  }
  log {
       output file  /data/log/ebooks.log
       format single_field common_log
  }
  encode gzip
}
7

Combine your basicauth, don’t use it twice:

	basicauth {
		gast JDJhJDEwJDNSNURGeWo2cDI5TEtFZVI1YkZLYnVmYWduYnhhSmdvQXpieXNDTXhzYjRuazVnM1pmaTNt
		marie JDJhJDEwJDdTeDJOcGhBaFF3VEIwcHZNUzJjVXVvMUl4eDlTUnpTNllmcnlJTk0wdTNzRHA3Y3E1Qklt
	}
1 Like
8

@francislavoie I am procceeding well. A lot of revers-proxy chapters are already working. As usually I saved the “big ones” for the final. I found no sample about Bitwarden.

This was my v1 Caddyfile:

############################################
#bitwarden AUF FILESERVER

bw.broehlis.de {
  proxy / 192.168.100.11:8040 {
    transparent
    insecure_skip_verify
  }
  proxy /notifications/hub 192.168.100.11:3012 {
  websocket
 }
 proxy /notifications/hub/negotiate 192.168.100.11:8040 {
  transparent
  }
  log    /etc/log/bw-access.log
  errors /etc/log/bw-errors.log
  gzip
  tls erwin12344321@yahoo.de
}

I converted it to this, which at least has no error message in Caddy log but is not directing to bw server:

############################################
#bitwarden AUF FILESERVER
bw.broehlis.de {
  reverse_proxy  192.168.100.11:8040 {
       transport http {
           tls_insecure_skip_verify
       }
  }
  reverse_proxy /notifications/hub 192.168.100.11:3012 {
#  websocket
  }
  reverse_proxy /notifications/hub/negotiate 192.168.100.11:8040
  log {
       output file  /data/log/bw.log
       format single_field common_log
  }
  encode gzip
  tls rudolf123@yahoo.de
}

Maybe you have some idea how to adapt better …

Did I already mention that I am really appreciating your help!!!

9

Another one (the last one) which leads us back to initial issue of this threat, also.

############################################
#NEXTCLOUD AUF RPi
dany.broehlis.de {
  reverse_proxy  192.168.100.123:443
  tls rudolf123@yahoo.de
  encode gzip
   # client support (e.g. os x calendar / contacts)
  redir /.well-known/carddav /remote.php/carddav 301
  redir /.well-known/caldav /remote.php/caldav 301
  header {
    Referrer-Policy "no-referrer"
    Strict-Transport-Security "max-age=31536000; includeSubdomains"
    X-XSS-Protection "1; mode=block"
    X-Content-Type-Options "nosniff"
    X-Frame-Options "SAMEORIGIN"
    Referrer-Policy "same-origin"
  }
    log {
       output file  /data/log/nextcloud-daniel.log
       format single_field common_log
  }
}

I am receiving this error message
grafik

But this is working
https:/192.168.100.123:443

10

You may need to add * to the end of the path matcher. Caddy v2 uses exact path matching, so for example this will not match /notifications/hub/negotiate/foo, unless you change it to /notifications/hub/negotiate*.

Also, I would reorder them in your Caddyfile, in the order of the path matcher length, just for readability’s sake. The Caddyfile adapter has sorting logic anyways to try and guess which matchers are more specific (longer path is more specific, so /notifications/hub/negotiate* should be tried before /notifications/hub*, because they overlap and you would have one “hide” the other if they were not sorted.

I don’t think Caddy knows that it must connect over tls here, so that might be the issue you’re running into. Either specify https:// on the proxy address, or add tls to the transport options (https:// is a shortcut for specifying tls, either would do).

I’m not sure, but you may need to do the same for your negotiate one.

Caddy v2 no longer needs websocket specified, it’s always on by default (Caddy passes through all headers transparently):

Re the nextcloud one, same thing as above, need https:// or tls specified to connect over TLS.

1 Like
11

Is transport really a directive for Caddyfile?

Thats the way I tried it ending in a error message and not starting of caddy:
############################################
#NEXTCLOUD AUF RPi
dany.broehlis.de {
reverse_proxy 192.168.100.123:443
transport http {
tls erwin12344321@yahoo.de
}
encode gzip
# client support (e.g. os x calendar / contacts)
redir /.well-known/carddav /remote.php/carddav 301
redir /.well-known/caldav /remote.php/caldav 301
header {
Referrer-Policy “no-referrer”
Strict-Transport-Security “max-age=31536000; includeSubdomains”
X-XSS-Protection “1; mode=block”
X-Content-Type-Options “nosniff”
X-Frame-Options “SAMEORIGIN”
Referrer-Policy “same-origin”
}
log {
output file /data/log/nextcloud-daniel.log
format single_field common_log
}
}

I found after deleting transport again this error.
“logger”:“http”,“msg”:“server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS”,“server_name”:“srv0”,“https_port”:443}

How can I handle the reverse proxying to a different host in this case 192.168.100.123; can it be that there is a lack of kowledge about where to look for a TLS cer?

12

transport is a subdirective of reverse_proxy:

Please remember to use ``` on the lines before and after your config to use code formatting!

1 Like
13

This helped

reverse_proxy 192.168.100.123:443 {
transport http {
tls_insecure_skip_verify
}
}

For a testing setup … ok
all other tests were without success

14

Thanks SO much!!!
My migration from v1 to v2 wasn’t as hard as expected!!!

1 Like
15

This topic was automatically closed after 30 days. New replies are no longer allowed.