Newbie - error using TLS to backend

Help
1

1. Caddy version (caddy version):

2.30

2. How I run Caddy:

As a service on Ubuntu server
Domain www.persondataret.dk

a. System environment:

Caddy runs alone on a KVM VM in Ubuntu 20.04.2

b. Command:

systemctl start caddy

Paste command here.

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddyfile or JSON config:

# ACME Server
caddy.persondataret.dk {
        acme_server
        tls internal
}

mythtv.persondataret.dk:443 {
reverse_proxy 192.168.1.110:80
}

nextcloud.persondataret.dk {
        reverse_proxy https://192.168.1.123/nextcloud {
                header_up Host {http.reverse_proxy.upstream.hostport}
                header_up X-Forwarded-Host {host}
        }
}

3. The problem I’m having:

I am testing Caddy and i have two hosts on my network:
one server 192.168.1.110:80 running mythweb
one server running 192.168.1.123 running nginx with /nextcloud and /mail (squirelmail). This server is allready running lets encrypt with another domain name.

When i try to connect to mythtv.persondataret.dk everything works
When i try to connect to nextcloud.persondataret.dk i get redirected to www.nextcloud.persondataret.dk/nextcloud and a blank page a

And to this i get the following error in the systemctl journal

4. Error messages and/or full log output:

I get the following error when starting caddy:

May 04 15:46:55 caddy caddy[1174]: {"level":"info","ts":1620143215.1462433,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000229960"}
May 04 15:46:55 caddy caddy[1174]: {"level":"info","ts":1620143215.1731267,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
May 04 15:46:55 caddy caddy[1174]: {"level":"info","ts":1620143215.1737742,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
May 04 15:46:55 caddy caddy[1174]: {"level":"warn","ts":1620143215.5912042,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
May 04 15:46:55 caddy caddy[1174]: 2021/05/04 15:46:55 not NSS security databases found
May 04 15:46:55 caddy caddy[1174]: 2021/05/04 15:46:55 define JAVA_HOME environment variable to use the Java trust
May 04 15:46:55 caddy sudo[1196]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
May 04 15:46:55 caddy sudo[1196]: pam_unix(sudo:auth): conversation failed
May 04 15:46:55 caddy sudo[1196]: pam_unix(sudo:auth): auth could not identify password for [caddy]
May 04 15:46:55 caddy sudo[1196]:    caddy : user NOT in sudoers ; TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/tee /usr/local/share/ca-certificates/Caddy_Local_Authority_-_2021_ECC_Root_338223557714076944819820939653888973913.crt
May 04 15:46:55 caddy caddy[1174]: {"level":"error","ts":1620143215.6138268,"logger":"pki.ca.local","msg":"failed to install root certificate","error":"failed to execute sudo: exit status 1","certificate_file":"storage:pki/authorities/local/root.crt"}
May 04 15:46:55 caddy caddy[1174]: {"level":"info","ts":1620143215.6160853,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["mythtv.persondataret.dk","nextcloud.persondataret.dk","caddy..persondataret.dk"]}
May 04 15:46:55 caddy caddy[1174]: {"level":"warn","ts":1620143215.6191943,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [caddy..persondataret.dk]: no OCSP server specified in certificate"}
May 04 15:46:55 caddy caddy[1174]: {"level":"info","ts":1620143215.6196706,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
May 04 15:46:55 caddy caddy[1174]: {"level":"info","ts":1620143215.619881,"msg":"serving initial configuration"}
May 04 15:46:55 caddy caddy[1174]: {"level":"info","ts":1620143215.6232193,"logger":"tls","msg":"cleaned up storage units"}

5. What I already tried:

6. Links to relevant resources:

2

That doesn’t seem valid, you have two dots there :thinking:

Caddy doesn’t support paths in the proxy address. If you need to rewrite the path, then do that with the rewrite directive before proxying (e.g. rewrite * /nextcloud{uri})

1 Like
3

Thank you for you answer.
Yes the caddy…per was a typo

I have editet the Caddyfile so now its:

caddy.persondataret.dk {
        acme_server
        tls internal
}

mythtv.persondataret.dk:443 {
reverse_proxy 192.168.1.110:80
}

nextcloud.persondataret.dk {
        rewrite * /nextcloud{uri}
        reverse_proxy https://192.168.1.123 {
                header_up Host {http.reverse_proxy.upstream.hostport}
                header_up X-Forwarded-Host {host}
        }
}

I still have the error in the journal and the rewrite didn’t help regarding the nextcloud.persondataret.dk. Still empty page.
Can this be due to that the nextcloud server has a lets encrypt certificate and thus must adhere to the certificate domain name in the Caddyfile in stead of the IP address?

4

Caddy will try to use 192.168.1.123 for SNI, cause that’s what you told it to do. In that case, you should change header_up Host {http.reverse_proxy.upstream.hostport} to header_up Host <the actual domain upstream>

What’s in your logs? There must be an error in the logs if Caddy fails to proxy.

5

The log shows:
{"level":"error","ts":1620147287.5190575,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:6335","proto":"HTTP/2.0","method":"GET","host":"nextcloud.persondataret.dk","uri":"/nextcloud","headers":{"User-Agent":["Mozilla/5.0 (Android 11; Mobile; rv:88.0) Gecko/88.0 Firefox/88.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["da-DK,en-US;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"nextcloud.persondataret.dk"}},"common_log":"87.49.146.8 - - [04/May/2021:16:54:47 +0000] \"GET /nextcloud HTTP/2.0\" 502 0","duration":0.013341336,"size":0,"status":502,"resp_headers":{"Server":["Caddy"]}}

6

Right so that 502 means Caddy couldn’t connect to the upstream. That’s just the access log part though, is there really no other message in the logs from the reverse_proxy module?

You could try turning on debug logging by adding this to the top of your Caddyfile:

{
	debug
}
7

Thank you for your patience and help.
With the debug directive the log states:

{"level":"error","ts":1620148101.5135102,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:26465","proto":"HTTP/2.0","method":"GET","host":"nextcloud.persondataret.dk","uri":"/nextcloud","headers":{"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Android 11; Mobile; rv:88.0) Gecko/88.0 Firefox/88.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["da-DK,en-US;q=0.5"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"nextcloud.persondataret.dk"}},"common_log":"87.49.146.8 - - [04/May/2021:17:08:21 +0000] \"GET /nextcloud HTTP/2.0\" 502 0","duration":0.010222012,"size":0,"status":502,"resp_headers":{"Server":["Caddy"]}}

I cannot se any difference in the log file

8

And I still have this error in the systemctl journal:

ay 04 17:14:32 caddy caddy[1535]: 2021/05/04 17:14:32 not NSS security databases found
May 04 17:14:32 caddy caddy[1535]: 2021/05/04 17:14:32 define JAVA_HOME environment variable to use the Java trust
May 04 17:14:32 caddy sudo[1555]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
May 04 17:14:32 caddy sudo[1555]: pam_unix(sudo:auth): conversation failed
May 04 17:14:32 caddy sudo[1555]: pam_unix(sudo:auth): auth could not identify password for [caddy]
May 04 17:14:32 caddy sudo[1555]:    caddy : user NOT in sudoers ; TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/tee /usr/local/share/ca-certificates/Caddy_Local_Authority_-_2021_ECC_Root_338223557714076944819820939653888973913.crt
May 04 17:14:32 caddy caddy[1535]: {"level":"error","ts":1620148472.7409265,"logger":"pki.ca.local","msg":"failed to install root certificate","error":"failed to execute sudo: exit status 1","certificate_file":"storage:pki/authorities/local/root.crt"}

Do I need to install Java on the Caddy host?

9

No you can ignore that, this is just the smallstep libs trying to install the internal CA’s root certificate to the various trust stores on your system. It’s not critical.

Well :man_shrugging: clearly the proxy isn’t working. Check the logs of the thing you’re proxying to (is it another Caddy instance?)

10

Aparently the request doesn’t reach the nextcloud instance.
Neither the nginx access.log nor the nextcloud.log (at debug level) registers any attempt to access from the server with caddy.
I can login (and the nextcloud.log registers a login) if I access nextcloud directly at the server at 192.168.1.123/nextcloud. It the redirects me to https://192.168.1.123/nextcloud/login and i can login

So aparently the request through the caddy server doesn’t reach the webserver at 192.168.1.123

11

I am not the only one with this error:

Unfortunately the site doesn’t have a solution

12

Pull up a shell on the VM you run Caddy on, and execute:

curl -kIL https://192.168.1.123/nextcloud

And:

curl -kIL https://nextcloud.persondataret.dk/nextcloud --resolve nextcloud.persondataret.dk:443:192.168.1.123

And let us know what you get back?

1 Like
13

curl -kIL https://192.168.1.123/nextcloud
the result is:

username@caddy:~$ curl -kIL https://192.168.1.123/nextcloud
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 05 May 2021 16:43:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Location: /nextcloud/
X-Content-Type-Options: nosniff
X-Robots-Tag: none
Referrer-Policy: no-referrer
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000; includeSubDomains

HTTP/1.1 302 Found
Server: nginx
Date: Wed, 05 May 2021 16:43:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=bIRq8gcNlOGpAbZuDJ3nJKITycEGIi13v4A3UuDFqS7whO1a%2F5LMpyS3SmGxuTzaTU8kT5rTGEgNzT0URjJvmDB9rH%2F5C%2BeQ%2BA3lyOwq6L%2FwXShddr%2Fec5ODdrB5MSnU; path=/nextcloud; secure; HttpOnly
Set-Cookie: ocvjwhheo588=1bm2e738qevtr8jrprbljd8573; path=/nextcloud; secure; HttpOnly
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-V2xnY3YxUjViS1NUU0NOZDExd2ZnNXE1RDEwcG1rNEVDTnJHRzgvcFdlcz06UEhORmh3VTlXL2JlWjNzYXJoVlE5c0xhV1cxUTZ5VlBUZkdNS0w2OEFkTT0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Set-Cookie: nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Location: https://192.168.1.123/nextcloud/login
X-Content-Type-Options: nosniff
X-Robots-Tag: none
Referrer-Policy: no-referrer
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000; includeSubDomains

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 May 2021 16:43:32 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8742
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=zxFlGXyN0RdW6WsoflIBz7vvN82HIxurZFr%2BK80qPQ6tBpb2q%2FlO8RH%2FP8Fjl33%2B9lqS8j0ddy2T4Kl4WA41c3YhOO5SP6FTuKCA44JMYM2cEi9AtKcv%2FnJz9Q7cn%2Fgv; path=/nextcloud; secure; HttpOnly
Set-Cookie: ocvjwhheo588=rv0qqjhkinskfrakuqkoejqf6h; path=/nextcloud; secure; HttpOnly
Set-Cookie: nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self'
Feature-Policy: autoplay 'self';camera 'none';fullscreen 'self';geolocation 'none';microphone 'none';payment 'none'
X-Robots-Tag: none
X-Content-Type-Options: nosniff
X-Robots-Tag: none
Referrer-Policy: no-referrer
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000; includeSubDomains

And:

curl -kIL https://nextcloud.persondataret.dk/nextcloud --resolve nextcloud.persondataret.dk:443:192.168.1.123
The result is:

username@caddy:~$ curl -kIL https://nextcloud.persondataret.dk/nextcloud --resolve nextcloud.persondataret.dk:443:192.168.1.123
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 05 May 2021 16:46:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Location: /nextcloud/
X-Content-Type-Options: nosniff
X-Robots-Tag: none
Referrer-Policy: no-referrer
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000; includeSubDomains

HTTP/1.1 302 Found
Server: nginx
Date: Wed, 05 May 2021 16:46:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=g5u7Q3WA42rTTru7HRqjcGp2gL4%2BbeNXQTOhD%2FZFmscvWcWcoQmten1q3zhybozfVpFXps8kL2%2Fk%2FBkl6KXcEy4lWXyY0DFidrdKyAH1dqpmCT9Ja7aObcyLIkRgoZAR; path=/nextcloud; secure; HttpOnly
Set-Cookie: ocvjwhheo588=ok3lt27c5jchom6qkdknhd4eif; path=/nextcloud; secure; HttpOnly
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-RUNlcHduZ09lWEF4bEpRWHM0ZmFGYk9PZU1nT3BRZ2MvUWpHeXlQQ0x2dz06ZWthUmxRSkVEd0JyL2Y5QjVxeWlKLzdqRlpKcTYwMXR5bWFTbXhPWWRvOD0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Set-Cookie: nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Location: https://nextcloud.persondataret.dk/nextcloud/login
X-Content-Type-Options: nosniff
X-Robots-Tag: none
Referrer-Policy: no-referrer
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000; includeSubDomains

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 May 2021 16:46:54 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8836
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=PjcgnTdEJXudjXzvMhYF1fm6fn7M9cP8xBH8WSEAhuI8NRaS95rMJK6dV4kPuRvZcovDyjVHcpXHpvRYcQ%2F5D4Hbb8seq9YpkMGzszaHLO6azYAz0vOgbInli9miIu7U; path=/nextcloud; secure; HttpOnly
Set-Cookie: ocvjwhheo588=u7p29h8t0e56pung8vbu7d3j43; path=/nextcloud; secure; HttpOnly
Set-Cookie: nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self'
Feature-Policy: autoplay 'self';camera 'none';fullscreen 'self';geolocation 'none';microphone 'none';payment 'none'
X-Robots-Tag: none
X-Content-Type-Options: nosniff
X-Robots-Tag: none
Referrer-Policy: no-referrer
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000; includeSubDomains

'```




And let us know what you get back?
[/quote]
14

Alright, so the Nextcloud instance is permissive of hostname anyway (and sends absolute Location headers adjusted to your Host, neat!).

We can definitely access it, so why is Caddy producing 502s?

Try one more command for me, from the Caddy host VM:

curl -IL https://192.168.1.123/nextcloud

(Note the lack of -k flag)

Let us know what comes back from this one.

15

The result is an error of certificate. The nextcloud instance has a certificate of the domain kjellerup-hansen.dk. Does this matter?

username@caddy:~$ curl -IL https://192.168.1.123/nextcloud
curl: (60) SSL: no alternative certificate subject name matches target host name '192.168.1.123'
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
16

I think it might be the cause of Caddy returning 502s for the backend.

Caddy refuses to proceed with connections with untrusted certificates by default.

IDEALLY you would add the CA of your Nextcloud instance to your Caddy VM’s trust store, to allow Caddy to verify and trust your Nextcloud backend. This lets you keep security between your backend and webserver.

Alternately, you can disable the “Secure” of Hypertext Transfer Protocol Secure (HTTPS) by opening up a transport http {} block in your reverse_proxy directive and adding the tls_insecure_skip_verify subdirective there.

See: reverse_proxy (Caddyfile directive) — Caddy Documentation

That said, since your connection wouldn’t be secure this way, there’s less of a point to using HTTPS; just configure your backend and reverse_proxy to use HTTP instead.

2 Likes
17

I have now arrived at this setup

caddy.kjellerup-hansen.dk {
        acme_server
        tls internal
}

mythtv.kjellerup-hansen.dk:443 {
reverse_proxy 192.168.1.110:80
}

mail.kjellerup-hansen.dk {
#        log {
#                output file /var/log/caddy/nextcloud.log
#        }


        rewrite * /mail{uri}
        reverse_proxy https://192.168.1.123 {
                header_up Host {http.reverse_proxy.upstream.hostport}
                header_up X-Forwarded-Host {host}
                transport http {
                tls_insecure_skip_verify
                }
        }
}

nextcloud.kjellerup-hansen.dk {
#        log {
#                output file /var/log/caddy/nextcloud.log
#        }


        rewrite * /nextcloud{uri}
        reverse_proxy https://192.168.1.123 {
                header_up Host {http.reverse_proxy.upstream.hostport}
                header_up X-Forwarded-Host {host}
                transport http {
                  tls_insecure_skip_verify
                  }
        }
}


caddy.persondataret.dk {
        acme_server
        tls internal
}
mythtv.persondataret.dk:443 {
reverse_proxy 192.168.1.110:80
}

www.persondataret.dk {


        rewrite * /mail{uri}
        reverse_proxy https://192.168.1.123 {
                header_up Host {http.reverse_proxy.upstream.hostport}
                header_up X-Forwarded-Host {host}
                transport http {
                tls_insecure_skip_verify
                }
        }
}


nextcloud.persondataret.dk {
#       log {
 #              output file /var/log/caddy/nextcloud.log
#       }


        rewrite * /nextcloud{uri}
        reverse_proxy https://192.168.1.123 {
                header_up Host {http.reverse_proxy.upstream.hostport}
                header_up X-Forwarded-Host {host}
                transport http {
                tls_insecure_skip_verify
                }
        }
}

What is strange is that the server at mail.kjellerup-hansen.dk cen be reached and respondes normally
The server at nextcloud.kjellerup-hansen.dk does not respond.
I have enteret a new trustet domain “nextcloud.kjellerup-hansen.dk” in the nextcloud config.php

The same is the matter for persondataret.dk.
mail.persondataret.dk works
nextcloud.persondataret.dk does not work

18

Can you elaborate - being as specific as possible - and let us know:

  1. What you tried to do
  2. What you expected
  3. What (exactly) happened instead

For example: “nagivated to nextcloud.kjellerup-hansen.dk in browser, expected Nextcloud, got an error (timeout) instead”

These specifics are important to nail exactly where the breakdown is.

2 Likes
19

Sorry for being unprecise. If I from the outside access mail.kjellerup-hansen.dk i get to the right site - so everything ok
If I from the outside access the nextcloud.kjellerup-hansen.dk i get a timeout. The output is en empty/blank page.
I have entered a log statement i Caddyfile and the log containes this when accessing nextcloud.kjellerup-hansen.dk:

{"level":"info","ts":1620464826.998692,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_addr":"192.168.1.1:58124","proto":"HTTP/2.0","method":"GET","host":"nextcloud.persondataret.dk","uri":"/","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Gpc":["1"],"Pragma":["no-cache"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0"],"Dnt":["1"],"Upgrade-Insecure-Requests":["1"],"Cache-Control":["no-cache"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"nextcloud.persondataret.dk"}},"common_log":"192.168.1.1 - - [08/May/2021:09:07:06 +0000] \"GET / HTTP/2.0\" 302 0","duration":0.075569635,"size":0,"status":302,"resp_headers":{"Server":["Caddy","nginx"],"Cache-Control":["no-store, no-cache, must-revalidate"],"Content-Type":["text/html; charset=UTF-8"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"],"Content-Security-Policy":["default-src 'self'; script-src 'self' 'nonce-b09tcVNyei9qL2xXWnZ1clhkdzFvR2o0ek1rUkxKZ2VsMnBpa2tWK2pDVT06bElxYUV2SzYzY2dIUEpQSkRZeC8xMTJkajQwa1dkWnc1RUZXd1c0NG8zST0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';"],"Referrer-Policy":["no-referrer"],"X-Permitted-Cross-Domain-Policies":["none"],"Set-Cookie":["oc_sessionPassphrase=q4rpJpR8YXtPOi%2Ffb5HS5Zsx%2B8AWfuxi5Iskfbguy5Mvpl2WJ1CjWkcpnUOgpHdpdojPDn0zsjP%2Bbqn3brnMtm%2F6PaI19y9nHwKqUzLQUFr4cKnEEZr3URtlSJVDJ2SN; path=/nextcloud; secure; HttpOnly","ocvjwhheo588=3muapbjvvl5ajjaigimuqn7t47; path=/nextcloud; secure; HttpOnly","nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax","nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict"],"Location":["https://192.168.1.123:443/nextcloud/login"],"Pragma":["no-cache"],"X-Robots-Tag":["none"],"X-Download-Options":["noopen"],"Strict-Transport-Security":["max-age=15552000; includeSubDomains"],"Date":["Sat, 08 May 2021 09:07:06 GMT"],"X-Content-Type-Options":["nosniff"],"X-Xss-Protection":["1; mode=block"],"X-Frame-Options":["SAMEORIGIN"]}}

When i access mail.kjellerup-hansen.dk i get this log:

{"level":"info","ts":1620465038.6809998,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Upgrade-Insecure-Requests":["1"],"Dnt":["1"],"Sec-Gpc":["1"],"Te":["trailers"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:38 +0000] \"GET / HTTP/2.0\" 200 2350","duration":0.022356438,"size":2350,"status":200,"resp_headers":{"Vary":["Accept-Encoding"],"Last-Modified":["Sat, 08 May 2021 09:10:38 GMT"],"X-Dns-Prefetch-Control":["off"],"Content-Encoding":["gzip"],"X-Frame-Options":["sameorigin"],"Date":["Sat, 08 May 2021 09:10:38 GMT"],"Cache-Control":["private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0"],"Strict-Transport-Security":["max-age=15552000; includeSubDomains"],"Pragma":["no-cache"],"Content-Type":["text/html; charset=UTF-8"],"Server":["Caddy","nginx"],"Content-Language":["da"],"Expires":["Sat, 08 May 2021 09:10:38 GMT"]}}
{"level":"info","ts":1620465039.1258476,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/ajaxloader.gif","headers":{"Accept":["image/webp,*/*"],"Accept-Encoding":["gzip, deflate, br"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept-Language":["da"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Dnt":["1"],"Sec-Gpc":["1"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/ajaxloader.gif HTTP/2.0\" 0 0","duration":0.000938948,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1272871,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/ajaxloader_dark.gif","headers":{"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Sec-Gpc":["1"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Te":["trailers"],"Accept":["image/webp,*/*"],"Accept-Language":["da"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/ajaxloader_dark.gif HTTP/2.0\" 0 0","duration":0.000302828,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1281955,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/buttons.png","headers":{"Accept":["image/webp,*/*"],"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Dnt":["1"],"Sec-Gpc":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept-Language":["da"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/buttons.png HTTP/2.0\" 0 0","duration":0.0004678,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1284857,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/addcontact.png","headers":{"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Sec-Gpc":["1"],"Accept":["image/webp,*/*"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/addcontact.png HTTP/2.0\" 0 0","duration":0.000135284,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1287978,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/filetypes.png","headers":{"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Dnt":["1"],"Sec-Gpc":["1"],"Te":["trailers"],"Accept":["image/webp,*/*"],"Accept-Language":["da"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/filetypes.png HTTP/2.0\" 0 0","duration":0.000174258,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1290696,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/listicons.png","headers":{"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Dnt":["1"],"Sec-Gpc":["1"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept":["image/webp,*/*"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/listicons.png HTTP/2.0\" 0 0","duration":0.000122704,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1293468,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/messages.png","headers":{"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Sec-Gpc":["1"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Dnt":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept":["image/webp,*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/messages.png HTTP/2.0\" 0 0","duration":0.000145708,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1296127,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/messages_dark.png","headers":{"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Dnt":["1"],"Te":["trailers"],"Accept":["image/webp,*/*"],"Accept-Language":["da"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Sec-Gpc":["1"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/messages_dark.png HTTP/2.0\" 0 0","duration":0.000132296,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.129899,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/quota.png","headers":{"Accept":["image/webp,*/*"],"Te":["trailers"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Dnt":["1"],"Sec-Gpc":["1"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/quota.png HTTP/2.0\" 0 0","duration":0.000140906,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.130186,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/selector.png","headers":{"Te":["trailers"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept":["image/webp,*/*"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Dnt":["1"],"Sec-Gpc":["1"],"Referer":["https://mail.kjellerup-hansen.dk/"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/selector.png HTTP/2.0\" 0 0","duration":0.000129976,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1304579,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/splitter.png","headers":{"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Sec-Gpc":["1"],"Accept":["image/webp,*/*"],"Accept-Language":["da"],"Dnt":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/splitter.png HTTP/2.0\" 0 0","duration":0.000133571,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.144048,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/favicon.ico","headers":{"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept":["image/webp,*/*"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Dnt":["1"],"Sec-Gpc":["1"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/favicon.ico HTTP/2.0\" 0 0","duration":0.013361597,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
20

Did you try this Wiki?

In particular, did you setup your Nextcloud config.php?