The log shows:
{"level":"error","ts":1620147287.5190575,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:6335","proto":"HTTP/2.0","method":"GET","host":"nextcloud.persondataret.dk","uri":"/nextcloud","headers":{"User-Agent":["Mozilla/5.0 (Android 11; Mobile; rv:88.0) Gecko/88.0 Firefox/88.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["da-DK,en-US;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"nextcloud.persondataret.dk"}},"common_log":"87.49.146.8 - - [04/May/2021:16:54:47 +0000] \"GET /nextcloud HTTP/2.0\" 502 0","duration":0.013341336,"size":0,"status":502,"resp_headers":{"Server":["Caddy"]}}
Right so that 502 means Caddy couldn’t connect to the upstream. That’s just the access log part though, is there really no other message in the logs from the reverse_proxy module?
You could try turning on debug logging by adding this to the top of your Caddyfile:
{
debug
}
Thank you for your patience and help.
With the debug directive the log states:
{"level":"error","ts":1620148101.5135102,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:26465","proto":"HTTP/2.0","method":"GET","host":"nextcloud.persondataret.dk","uri":"/nextcloud","headers":{"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Android 11; Mobile; rv:88.0) Gecko/88.0 Firefox/88.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["da-DK,en-US;q=0.5"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"nextcloud.persondataret.dk"}},"common_log":"87.49.146.8 - - [04/May/2021:17:08:21 +0000] \"GET /nextcloud HTTP/2.0\" 502 0","duration":0.010222012,"size":0,"status":502,"resp_headers":{"Server":["Caddy"]}}
I cannot se any difference in the log file
And I still have this error in the systemctl journal:
ay 04 17:14:32 caddy caddy[1535]: 2021/05/04 17:14:32 not NSS security databases found
May 04 17:14:32 caddy caddy[1535]: 2021/05/04 17:14:32 define JAVA_HOME environment variable to use the Java trust
May 04 17:14:32 caddy sudo[1555]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
May 04 17:14:32 caddy sudo[1555]: pam_unix(sudo:auth): conversation failed
May 04 17:14:32 caddy sudo[1555]: pam_unix(sudo:auth): auth could not identify password for [caddy]
May 04 17:14:32 caddy sudo[1555]: caddy : user NOT in sudoers ; TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/tee /usr/local/share/ca-certificates/Caddy_Local_Authority_-_2021_ECC_Root_338223557714076944819820939653888973913.crt
May 04 17:14:32 caddy caddy[1535]: {"level":"error","ts":1620148472.7409265,"logger":"pki.ca.local","msg":"failed to install root certificate","error":"failed to execute sudo: exit status 1","certificate_file":"storage:pki/authorities/local/root.crt"}
Do I need to install Java on the Caddy host?
No you can ignore that, this is just the smallstep libs trying to install the internal CA’s root certificate to the various trust stores on your system. It’s not critical.
Well 
clearly the proxy isn’t working. Check the logs of the thing you’re proxying to (is it another Caddy instance?)
Aparently the request doesn’t reach the nextcloud instance.
Neither the nginx access.log nor the nextcloud.log (at debug level) registers any attempt to access from the server with caddy.
I can login (and the nextcloud.log registers a login) if I access nextcloud directly at the server at 192.168.1.123/nextcloud. It the redirects me to https://192.168.1.123/nextcloud/login and i can login
So aparently the request through the caddy server doesn’t reach the webserver at 192.168.1.123
I am not the only one with this error:
Unfortunately the site doesn’t have a solution
Pull up a shell on the VM you run Caddy on, and execute:
curl -kIL https://192.168.1.123/nextcloud
And:
curl -kIL https://nextcloud.persondataret.dk/nextcloud --resolve nextcloud.persondataret.dk:443:192.168.1.123
And let us know what you get back?
1 Like
curl -kIL https://192.168.1.123/nextcloud
the result is:
username@caddy:~$ curl -kIL https://192.168.1.123/nextcloud
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 05 May 2021 16:43:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Location: /nextcloud/
X-Content-Type-Options: nosniff
X-Robots-Tag: none
Referrer-Policy: no-referrer
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000; includeSubDomains
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 05 May 2021 16:43:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=bIRq8gcNlOGpAbZuDJ3nJKITycEGIi13v4A3UuDFqS7whO1a%2F5LMpyS3SmGxuTzaTU8kT5rTGEgNzT0URjJvmDB9rH%2F5C%2BeQ%2BA3lyOwq6L%2FwXShddr%2Fec5ODdrB5MSnU; path=/nextcloud; secure; HttpOnly
Set-Cookie: ocvjwhheo588=1bm2e738qevtr8jrprbljd8573; path=/nextcloud; secure; HttpOnly
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-V2xnY3YxUjViS1NUU0NOZDExd2ZnNXE1RDEwcG1rNEVDTnJHRzgvcFdlcz06UEhORmh3VTlXL2JlWjNzYXJoVlE5c0xhV1cxUTZ5VlBUZkdNS0w2OEFkTT0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Set-Cookie: nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Location: https://192.168.1.123/nextcloud/login
X-Content-Type-Options: nosniff
X-Robots-Tag: none
Referrer-Policy: no-referrer
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000; includeSubDomains
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 May 2021 16:43:32 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8742
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=zxFlGXyN0RdW6WsoflIBz7vvN82HIxurZFr%2BK80qPQ6tBpb2q%2FlO8RH%2FP8Fjl33%2B9lqS8j0ddy2T4Kl4WA41c3YhOO5SP6FTuKCA44JMYM2cEi9AtKcv%2FnJz9Q7cn%2Fgv; path=/nextcloud; secure; HttpOnly
Set-Cookie: ocvjwhheo588=rv0qqjhkinskfrakuqkoejqf6h; path=/nextcloud; secure; HttpOnly
Set-Cookie: nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self'
Feature-Policy: autoplay 'self';camera 'none';fullscreen 'self';geolocation 'none';microphone 'none';payment 'none'
X-Robots-Tag: none
X-Content-Type-Options: nosniff
X-Robots-Tag: none
Referrer-Policy: no-referrer
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000; includeSubDomains
And:
curl -kIL https://nextcloud.persondataret.dk/nextcloud --resolve nextcloud.persondataret.dk:443:192.168.1.123
The result is:
username@caddy:~$ curl -kIL https://nextcloud.persondataret.dk/nextcloud --resolve nextcloud.persondataret.dk:443:192.168.1.123
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 05 May 2021 16:46:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Location: /nextcloud/
X-Content-Type-Options: nosniff
X-Robots-Tag: none
Referrer-Policy: no-referrer
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000; includeSubDomains
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 05 May 2021 16:46:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=g5u7Q3WA42rTTru7HRqjcGp2gL4%2BbeNXQTOhD%2FZFmscvWcWcoQmten1q3zhybozfVpFXps8kL2%2Fk%2FBkl6KXcEy4lWXyY0DFidrdKyAH1dqpmCT9Ja7aObcyLIkRgoZAR; path=/nextcloud; secure; HttpOnly
Set-Cookie: ocvjwhheo588=ok3lt27c5jchom6qkdknhd4eif; path=/nextcloud; secure; HttpOnly
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-RUNlcHduZ09lWEF4bEpRWHM0ZmFGYk9PZU1nT3BRZ2MvUWpHeXlQQ0x2dz06ZWthUmxRSkVEd0JyL2Y5QjVxeWlKLzdqRlpKcTYwMXR5bWFTbXhPWWRvOD0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Set-Cookie: nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Location: https://nextcloud.persondataret.dk/nextcloud/login
X-Content-Type-Options: nosniff
X-Robots-Tag: none
Referrer-Policy: no-referrer
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000; includeSubDomains
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 May 2021 16:46:54 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 8836
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=PjcgnTdEJXudjXzvMhYF1fm6fn7M9cP8xBH8WSEAhuI8NRaS95rMJK6dV4kPuRvZcovDyjVHcpXHpvRYcQ%2F5D4Hbb8seq9YpkMGzszaHLO6azYAz0vOgbInli9miIu7U; path=/nextcloud; secure; HttpOnly
Set-Cookie: ocvjwhheo588=u7p29h8t0e56pung8vbu7d3j43; path=/nextcloud; secure; HttpOnly
Set-Cookie: nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self'
Feature-Policy: autoplay 'self';camera 'none';fullscreen 'self';geolocation 'none';microphone 'none';payment 'none'
X-Robots-Tag: none
X-Content-Type-Options: nosniff
X-Robots-Tag: none
Referrer-Policy: no-referrer
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000; includeSubDomains
'```
And let us know what you get back?
[/quote]Alright, so the Nextcloud instance is permissive of hostname anyway (and sends absolute Location headers adjusted to your Host, neat!).
We can definitely access it, so why is Caddy producing 502s?
Try one more command for me, from the Caddy host VM:
curl -IL https://192.168.1.123/nextcloud
(Note the lack of -k flag)
Let us know what comes back from this one.
The result is an error of certificate. The nextcloud instance has a certificate of the domain kjellerup-hansen.dk. Does this matter?
username@caddy:~$ curl -IL https://192.168.1.123/nextcloud
curl: (60) SSL: no alternative certificate subject name matches target host name '192.168.1.123'
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
I think it might be the cause of Caddy returning 502s for the backend.
Caddy refuses to proceed with connections with untrusted certificates by default.
IDEALLY you would add the CA of your Nextcloud instance to your Caddy VM’s trust store, to allow Caddy to verify and trust your Nextcloud backend. This lets you keep security between your backend and webserver.
Alternately, you can disable the “Secure” of Hypertext Transfer Protocol Secure (HTTPS) by opening up a transport http {} block in your reverse_proxy directive and adding the tls_insecure_skip_verify subdirective there.
See: reverse_proxy (Caddyfile directive) — Caddy Documentation
That said, since your connection wouldn’t be secure this way, there’s less of a point to using HTTPS; just configure your backend and reverse_proxy to use HTTP instead.
2 Likes
I have now arrived at this setup
caddy.kjellerup-hansen.dk {
acme_server
tls internal
}
mythtv.kjellerup-hansen.dk:443 {
reverse_proxy 192.168.1.110:80
}
mail.kjellerup-hansen.dk {
# log {
# output file /var/log/caddy/nextcloud.log
# }
rewrite * /mail{uri}
reverse_proxy https://192.168.1.123 {
header_up Host {http.reverse_proxy.upstream.hostport}
header_up X-Forwarded-Host {host}
transport http {
tls_insecure_skip_verify
}
}
}
nextcloud.kjellerup-hansen.dk {
# log {
# output file /var/log/caddy/nextcloud.log
# }
rewrite * /nextcloud{uri}
reverse_proxy https://192.168.1.123 {
header_up Host {http.reverse_proxy.upstream.hostport}
header_up X-Forwarded-Host {host}
transport http {
tls_insecure_skip_verify
}
}
}
caddy.persondataret.dk {
acme_server
tls internal
}
mythtv.persondataret.dk:443 {
reverse_proxy 192.168.1.110:80
}
www.persondataret.dk {
rewrite * /mail{uri}
reverse_proxy https://192.168.1.123 {
header_up Host {http.reverse_proxy.upstream.hostport}
header_up X-Forwarded-Host {host}
transport http {
tls_insecure_skip_verify
}
}
}
nextcloud.persondataret.dk {
# log {
# output file /var/log/caddy/nextcloud.log
# }
rewrite * /nextcloud{uri}
reverse_proxy https://192.168.1.123 {
header_up Host {http.reverse_proxy.upstream.hostport}
header_up X-Forwarded-Host {host}
transport http {
tls_insecure_skip_verify
}
}
}
What is strange is that the server at mail.kjellerup-hansen.dk cen be reached and respondes normally
The server at nextcloud.kjellerup-hansen.dk does not respond.
I have enteret a new trustet domain “nextcloud.kjellerup-hansen.dk” in the nextcloud config.php
The same is the matter for persondataret.dk.
mail.persondataret.dk works
nextcloud.persondataret.dk does not work
Can you elaborate - being as specific as possible - and let us know:
- What you tried to do
- What you expected
- What (exactly) happened instead
For example: “nagivated to nextcloud.kjellerup-hansen.dk in browser, expected Nextcloud, got an error (timeout) instead”
These specifics are important to nail exactly where the breakdown is.
2 Likes
Sorry for being unprecise. If I from the outside access mail.kjellerup-hansen.dk i get to the right site - so everything ok
If I from the outside access the nextcloud.kjellerup-hansen.dk i get a timeout. The output is en empty/blank page.
I have entered a log statement i Caddyfile and the log containes this when accessing nextcloud.kjellerup-hansen.dk:
{"level":"info","ts":1620464826.998692,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_addr":"192.168.1.1:58124","proto":"HTTP/2.0","method":"GET","host":"nextcloud.persondataret.dk","uri":"/","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Gpc":["1"],"Pragma":["no-cache"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0"],"Dnt":["1"],"Upgrade-Insecure-Requests":["1"],"Cache-Control":["no-cache"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"nextcloud.persondataret.dk"}},"common_log":"192.168.1.1 - - [08/May/2021:09:07:06 +0000] \"GET / HTTP/2.0\" 302 0","duration":0.075569635,"size":0,"status":302,"resp_headers":{"Server":["Caddy","nginx"],"Cache-Control":["no-store, no-cache, must-revalidate"],"Content-Type":["text/html; charset=UTF-8"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"],"Content-Security-Policy":["default-src 'self'; script-src 'self' 'nonce-b09tcVNyei9qL2xXWnZ1clhkdzFvR2o0ek1rUkxKZ2VsMnBpa2tWK2pDVT06bElxYUV2SzYzY2dIUEpQSkRZeC8xMTJkajQwa1dkWnc1RUZXd1c0NG8zST0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';"],"Referrer-Policy":["no-referrer"],"X-Permitted-Cross-Domain-Policies":["none"],"Set-Cookie":["oc_sessionPassphrase=q4rpJpR8YXtPOi%2Ffb5HS5Zsx%2B8AWfuxi5Iskfbguy5Mvpl2WJ1CjWkcpnUOgpHdpdojPDn0zsjP%2Bbqn3brnMtm%2F6PaI19y9nHwKqUzLQUFr4cKnEEZr3URtlSJVDJ2SN; path=/nextcloud; secure; HttpOnly","ocvjwhheo588=3muapbjvvl5ajjaigimuqn7t47; path=/nextcloud; secure; HttpOnly","nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax","nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict"],"Location":["https://192.168.1.123:443/nextcloud/login"],"Pragma":["no-cache"],"X-Robots-Tag":["none"],"X-Download-Options":["noopen"],"Strict-Transport-Security":["max-age=15552000; includeSubDomains"],"Date":["Sat, 08 May 2021 09:07:06 GMT"],"X-Content-Type-Options":["nosniff"],"X-Xss-Protection":["1; mode=block"],"X-Frame-Options":["SAMEORIGIN"]}}
When i access mail.kjellerup-hansen.dk i get this log:
{"level":"info","ts":1620465038.6809998,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Upgrade-Insecure-Requests":["1"],"Dnt":["1"],"Sec-Gpc":["1"],"Te":["trailers"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:38 +0000] \"GET / HTTP/2.0\" 200 2350","duration":0.022356438,"size":2350,"status":200,"resp_headers":{"Vary":["Accept-Encoding"],"Last-Modified":["Sat, 08 May 2021 09:10:38 GMT"],"X-Dns-Prefetch-Control":["off"],"Content-Encoding":["gzip"],"X-Frame-Options":["sameorigin"],"Date":["Sat, 08 May 2021 09:10:38 GMT"],"Cache-Control":["private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0"],"Strict-Transport-Security":["max-age=15552000; includeSubDomains"],"Pragma":["no-cache"],"Content-Type":["text/html; charset=UTF-8"],"Server":["Caddy","nginx"],"Content-Language":["da"],"Expires":["Sat, 08 May 2021 09:10:38 GMT"]}}
{"level":"info","ts":1620465039.1258476,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/ajaxloader.gif","headers":{"Accept":["image/webp,*/*"],"Accept-Encoding":["gzip, deflate, br"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept-Language":["da"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Dnt":["1"],"Sec-Gpc":["1"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/ajaxloader.gif HTTP/2.0\" 0 0","duration":0.000938948,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1272871,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/ajaxloader_dark.gif","headers":{"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Sec-Gpc":["1"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Te":["trailers"],"Accept":["image/webp,*/*"],"Accept-Language":["da"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/ajaxloader_dark.gif HTTP/2.0\" 0 0","duration":0.000302828,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1281955,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/buttons.png","headers":{"Accept":["image/webp,*/*"],"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Dnt":["1"],"Sec-Gpc":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept-Language":["da"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/buttons.png HTTP/2.0\" 0 0","duration":0.0004678,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1284857,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/addcontact.png","headers":{"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Sec-Gpc":["1"],"Accept":["image/webp,*/*"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/addcontact.png HTTP/2.0\" 0 0","duration":0.000135284,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1287978,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/filetypes.png","headers":{"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Dnt":["1"],"Sec-Gpc":["1"],"Te":["trailers"],"Accept":["image/webp,*/*"],"Accept-Language":["da"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/filetypes.png HTTP/2.0\" 0 0","duration":0.000174258,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1290696,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/listicons.png","headers":{"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Dnt":["1"],"Sec-Gpc":["1"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept":["image/webp,*/*"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/listicons.png HTTP/2.0\" 0 0","duration":0.000122704,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1293468,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/messages.png","headers":{"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Sec-Gpc":["1"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Dnt":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept":["image/webp,*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/messages.png HTTP/2.0\" 0 0","duration":0.000145708,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1296127,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/messages_dark.png","headers":{"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Dnt":["1"],"Te":["trailers"],"Accept":["image/webp,*/*"],"Accept-Language":["da"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Sec-Gpc":["1"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/messages_dark.png HTTP/2.0\" 0 0","duration":0.000132296,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.129899,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/quota.png","headers":{"Accept":["image/webp,*/*"],"Te":["trailers"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Dnt":["1"],"Sec-Gpc":["1"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/quota.png HTTP/2.0\" 0 0","duration":0.000140906,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.130186,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/selector.png","headers":{"Te":["trailers"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept":["image/webp,*/*"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Dnt":["1"],"Sec-Gpc":["1"],"Referer":["https://mail.kjellerup-hansen.dk/"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/selector.png HTTP/2.0\" 0 0","duration":0.000129976,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.1304579,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/splitter.png","headers":{"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://mail.kjellerup-hansen.dk/"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Sec-Gpc":["1"],"Accept":["image/webp,*/*"],"Accept-Language":["da"],"Dnt":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/splitter.png HTTP/2.0\" 0 0","duration":0.000133571,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1620465039.144048,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"87.49.146.8:10698","proto":"HTTP/2.0","method":"GET","host":"mail.kjellerup-hansen.dk","uri":"/skins/larry/images/favicon.ico","headers":{"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"],"Accept":["image/webp,*/*"],"Accept-Language":["da"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":["roundcube_sessid=7rh3rbo6dqede35phj7dudk0jr"],"Dnt":["1"],"Sec-Gpc":["1"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"mail.kjellerup-hansen.dk"}},"common_log":"87.49.146.8 - - [08/May/2021:09:10:39 +0000] \"GET /skins/larry/images/favicon.ico HTTP/2.0\" 0 0","duration":0.013361597,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
Thank you for your answer.
Yes I have read the wiki but i’m not sure I understand everything.
My netxcloud config.php looks like this:
......
'trusted_domains' =>
array (
0 => 'www.mydomain.com',
1 => 'nextcloud.another_mydomain.com',
2 => '192.168.1.100',
3 => '192.168.1.123',
4 => 'nextcloud.mydomain.com',
),
'trusted_proxies' =>
array (
0 => '192.168.1.100',
1 => '192.168.1.123',
),
'overwrite.cli.url' => 'https://nextcloud.mydomain.com:443',
.......
My Caddyfile looks like this:
caddy.mydomain.com {
acme_server
tls internal
}
mt.mydomain.com:443 {
reverse_proxy 192.168.1.110:80
}
mail.mydomain.com {
log {
output file /var/log/caddy/mail.log
}
rewrite * /mail{uri}
reverse_proxy https://192.168.1.123 {
header_up Host {http.reverse_proxy.upstream.hostport}
header_up X-Forwarded-Host {host}
transport http {
tls_insecure_skip_verify
}
}
}
nextcloud.mydomain.com {
log {
output file /var/log/caddy/nextcloud.log
}
rewrite * /nextcloud{uri}
reverse_proxy https:192.168.1.123 {
header_up Host {http.reverse_proxy.upstream.hostport}
header_up X-Forwarded-Host {host}
transport http {
tls_insecure_skip_verify
}
}
}
I can access mt.mydomain.com and mail.mydomain.com
But nextcloud.mydomain.com only returns an empty page. I suspect that it is something with the config.php setting and not caddy, but I don’t know what.
If I look at the caddy log file for nextcloud.log, it states tha the call for nextcloud.mydomain.com is redirected to the subdir /mail - strange:
{"level":"error","ts":1620674386.7137306,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_addr":"192.168.1.1:37638","proto":"HTTP/2.0","method":"GET","host":"nextcloud.mydomain.com","uri":"/mail/","headers":{"User-Agent":["Mozilla/5.0 (Android 11; Mobile; rv:88.0) Gecko/88.0 Firefox/88.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["da-DK,en-US;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"]},"tls":{"resumed":true,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"nextcloud.mydoamin.com"}},"common_log":"192.168.1.1 - - [10/May/2021:19:19:46 +0000] \"GET /mail/ HTTP/2.0\" 502 0","duration":0.00021236,"size":0,"status":502,"resp_headers":{"Server":["Caddy"]}}
Why are you making nextcloud listen to so many domains/ IP addresses?
Do you actually have multiple network adapters assigned to your nextcloud? You should have setup a local dns resolver so why using up addresses?
Anyway I’m not sure if that all work how you configured it. I suggest you first make one domain to work and then extend if really required.
I think you are right and your issue is outside Caddy. Don’t forget to clear your browser cache after each change. I waisted a lot of time thinking my config didn’t work while it was a browser issue.
Actually, looking again at your caddyfile I’m a little confused. You setup the internal acme server but then disable tls?
Can you describe what you exactly trying to achieve?
This topic was automatically closed after 30 days. New replies are no longer allowed.