Moved all web apps to a new server only nextcloud tunnel error (Umleitungsfehler)

1. Caddy version (caddy version):

2.4.5

2. How I run Caddy:

Docker container

a. System environment:

lxc turnkey core 16.1 (Debian 10)

b. Command:

docker run -d \
  --name caddy \
  --restart=always \
  -v /var/docker/config/caddy/caddyfile:/etc/caddy/ \
  -v /var/docker/config/caddy/data:/data \
  -v /var/docker/config/caddy/config:/config \
  -v /media/daten/WEBSERVICEDATEN/caddy/www/:/srv \
  -p 80:80 \
  -p 443:443 \
  -e ACME_AGREE=true \
  caddy:2.4.5

c. Service/unit/compose file:

d. My complete Caddyfile or JSON config:

############################################################################################
############################################################################################
#-------------------------------------------------------------------------------------------
#COPS on SRV-WEB - external

ebooks.bbbb.de {
  reverse_proxy 192.168.100.13:8030
  tls bbbb@yahoo.de
  basicauth /* {
     gast somenicesigns
     homer somenicesigns
  }
  log {
       output file  /data/log/ebooks.log
       format single_field common_log
  }
  encode gzip
}

#COPS on SRV-WEB - local
http://192.168.100.13:8030 {
  encode gzip
  }
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
############################################################################################
############################################################################################
#-------------------------------------------------------------------------------------------
#Guacamole on SRV-WEB - external

vm.bbbb.de {
    redir / /guacamole/ 308
    reverse_proxy 192.168.100.13:8080 {
        flush_interval -1
    }
    tls bbbb@yahoo.de
}
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
############################################################################################
############################################################################################
#-------------------------------------------------------------------------------------------
#Syncthing on SRV-WEB - external

sync.bbbb.de {
  reverse_proxy 192.168.100.13:8384
  basicauth /* {
     homer somenicesigns
  }
  log {
       output file  /data/log/sync.log
       format single_field common_log
  }
  encode gzip
  tls bbbb@yahoo.de
}
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
############################################################################################
############################################################################################
#-------------------------------------------------------------------------------------------
#NEXTCLOUD on SRV-WEB - external
nc.bbbb.de, nextcloud.bbbb.my-wan.de, nextcloud.bbbb.de, bbbb.my-wan.de, bbbb.bbbb.de {
  reverse_proxy  192.168.100.13:8020
  tls bbbb@yahoo.de
  encode gzip
  # client support (e.g. os x calendar / contacts)
  redir /.well-known/carddav /remote.php/dav 301
  redir /.well-known/caldav /remote.php/dav 301
  redir /.well-known/webfinger /remote.php/webfinger 301
  redir /.well-known/webfinger /index.php/webfinger 301
  redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo

  header    {
            Referrer-Policy              no-referrer
            Strict-Transport-Security    max-age=31536000; includeSubdomains
            X-XSS-Protection             1; mode=block
            X-Content-Type-Options       nosniff
            X-Frame-Options              SAMEORIGIN
            Referrer-Policy              same-origin
  }

    log {
       output file  /data/log/nextcloud.log
       format single_field common_log
  }
}
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
############################################################################################
############################################################################################
#-------------------------------------------------------------------------------------------
#FOLDERS on SRV_WEB - external
bbbb.my-wan.de, bbbb.de, www.bbbb.de {
  root * /srv
  file_server
  tls bbbb@yahoo.de
  #tls off
  log {
       output file  /data/log/gcbilder.log
       format single_field common_log
  }
  encode gzip
}

3. The problem I’m having:

I moved all my docker containers to a new internal VM (LXC) new ip:192.168.100.13
all apps are accessable from the web but nextcloud not

4. Error messages and/or full log output:

{“level”:“error”,“ts”:1633509048.129207,“logger”:“tls.issuance.acme”,“msg”:“looking up info for HTTP challenge”,“host”:“nextcloud.bbbb.my-wan.de”,“error”:“no information found to solve challenge for identifier: nextcloud.bbbb.my-wan.de”}

{“level”:“error”,“ts”:1633509048.1292653,“logger”:“tls.issuance.acme”,“msg”:“looking up info for HTTP challenge”,“host”:“nextcloud.bbbb.my-wan.de”,“error”:“no information found to solve challenge for identifier: nextcloud.bbbb.my-wan.de”}

{“level”:“error”,“ts”:1633509048.4803474,“logger”:“tls.issuance.acme”,“msg”:“looking up info for HTTP challenge”,“host”:“nextcloud.bbbb.my-wan.de”,“error”:“no information found to solve challenge for identifier: nextcloud.bbbb.my-wan.de”}

{“level”:“error”,“ts”:1633509048.4803858,“logger”:“tls.issuance.acme”,“msg”:“looking up info for HTTP challenge”,“host”:“nextcloud.bbbb.my-wan.de”,“error”:“no information found to solve challenge for identifier: nextcloud.bbbb.my-wan.de”}

{“level”:“error”,“ts”:1633509475.446034,“logger”:“tls.issuance.acme”,“msg”:“looking up info for HTTP challenge”,“host”:“nextcloud.bbbb.de”,“error”:“no information found to solve challenge for identifier: nextcloud.bbbb.de”}

5. What I already tried:

I checked config.php of nextcloud and checked array of urls and if there is new internal ip.
Some other threats seem to be similar but not really. All have other log messsages.

Nextcloud can be accessed without issues by https://192.168.100.13:4432
Could it be there is a conflict in letsencrypt key and maybe a self signed from nextcloud?

6. Links to relevant resources:

You don’t need this for Caddy v2. This environment variable was used in Caddy v1, but is no longer used for v2. Simply using Caddy is a sign of implicitly agreeing to the Let’s Encrypt terms of service.

Remove the /* here. It’s redundant, and very marginally slower (nanoseconds) than omitting the matcher. See the docs on matcher syntax:

Instead of specifying this in each site block, you can move it to global options with email bbbb@yahoo.de

That’s odd. It reads like an ACME CA is making requests to your server to solve a challenge, but Caddy isn’t ready to solve the challenge (didn’t initiate the issuance flow).

Seems like your old server might have initiated the ACME order but your new server received the requests because of a change to your DNS? Does that sound accurate at all?

Either way, this should be harmless if you’re moving servers. Make sure your old Caddy instance is turned off, and let your new one try to issue certificates for those domains.

1 Like

After reading your helpful lines I did all steps again. Started with stopping docker containers on old-server moving config/data etc and firing up new one.

And now it is working … very strange but the effort of doing an 4h extra turn was worth it.

The only issue remaining is a error message in Nextcloud:

The “X-Content-Type-Options” HTTP header is not set to “nosniff”. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
The “X-Frame-Options” HTTP header is not configured as “SAMEORIGIN”. This is a potential security or privacy risk, and we recommend changing this setting.
Your web server is not set up correctly to resolve “/.well-known/webfinger”. See the documentation for more information.
Your web server is not set up correctly to resolve “/.well-known/nodeinfo”. See the documentation for more information

For caddy v2 I found no solution to solve it. All efforts are already in my Caddyfile?!

Thanks

Shouldn’t you put the redir and header bits on the Caddy server hosting nextcloud instead of in the proxy?

You have double lines with .well-known/webfinger