Newbie: help with configuring Caddy to work with Nextcloud Docker AIO image

1. Caddy version:

Version 2.6.2

2. How I installed, and run Caddy:

Caddy was installed on Fedora 37 Workstation using

sudo dnf install caddy

Checked if Caddy was enabled using

sudo systemctl status caddy

As Caddy was disabled I then ran

sudo systemctl enable caddy
sudo reboot

After all of this I verified that Caddy was running using systemctl command above.

a. System environment:

OS: Fedora 37 Workstation
Architecture: amd64
Systemd

b. Command:

sudo systemctl enable caddy
systemctl status caddy

c. Service/unit/compose file:

Using systemd

d. My complete Caddy config:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
{
	debug
}

globally {
	acme_dns porkbun {
		api_key {env.PORKBUN_API_KEY}
		api_secret_key {env.PORKBUN_API_SECRET_KEY}
	}
}

:bluelucy.xyz {
	https://bluelucy.xyz:443 {
		reverse_proxy localhost:9000
		tls {
			dns porkbun <key>
		}
	}

3. The problem I’m having:

What I am trying to do is securely setup the Nextcloud AIO with Caddy so that Nextcloud is accessible using the domain listed in the Caddyfile with HTTPS to host files. That’s really all. Overall, I am quite new to Linux and self hosting.

My issue appears to be that when I visit my domain I am greeted first with the Firefox HTTPS warning/alert and after I proceed to the HTTP only site then the Caddy “Your web server is working. Now make it work for you.” message appears. This is where I am stuck. When I visit my internal LAN IP address of 192.168.1.100:8080 I arrive at the Nextcloud AIO login screen.

One additional thing I would like to mention is that Porkbun appears to have assigned me a SSL certificate (downloadable bundle?) that I have sitting on my desktop. Not sure how to tie that fact in with the above.

4. Error messages and/or full log output:

Jan 23 21:46:30 bluelucy.xyz caddy[11160]: USER=caddy
Jan 23 21:46:30 bluelucy.xyz caddy[11160]: INVOCATION_ID=cfc632882a3547b1bd1b9e6b1b4ed7a7
Jan 23 21:46:30 bluelucy.xyz caddy[11160]: JOURNAL_STREAM=8:86580
Jan 23 21:46:30 bluelucy.xyz caddy[11160]: SYSTEMD_EXEC_PID=11160
Jan 23 21:46:30 bluelucy.xyz caddy[11160]: {"level":"info","ts":1674528390.5912447,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Jan 23 21:46:30 bluelucy.xyz caddy[11160]: {"level":"info","ts":1674528390.5919664,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Jan 23 21:46:30 bluelucy.xyz caddy[11160]: {"level":"warn","ts":1674528390.5920084,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
Jan 23 21:46:30 bluelucy.xyz caddy[11160]: {"level":"info","ts":1674528390.5920682,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00088c7e0"}
Jan 23 21:46:30 bluelucy.xyz caddy[11160]: {"level":"info","ts":1674528390.5920877,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Jan 23 21:46:30 bluelucy.xyz caddy[11160]: {"level":"info","ts":1674528390.5920963,"logger":"tls","msg":"finished cleaning storage units"}
Jan 23 21:46:30 bluelucy.xyz caddy[11160]: {"level":"info","ts":1674528390.5920992,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Jan 23 21:46:30 bluelucy.xyz caddy[11160]: {"level":"info","ts":1674528390.5921652,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jan 23 21:46:30 bluelucy.xyz caddy[11160]: {"level":"info","ts":1674528390.5921848,"msg":"serving initial configuration"}
Jan 23 21:46:30 bluelucy.xyz systemd[1]: Started caddy.service - Caddy.
Jan 24 08:16:04 bluelucy.xyz caddy[11160]: {"level":"info","ts":1674566164.7605433,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
Jan 24 08:16:04 bluelucy.xyz caddy[11160]: {"level":"warn","ts":1674566164.7606976,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
Jan 24 08:16:04 bluelucy.xyz caddy[11160]: {"level":"info","ts":1674566164.7608192,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc00088c7e0"}
Jan 24 08:16:04 bluelucy.xyz caddy[11160]: {"level":"info","ts":1674566164.7608607,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Jan 24 08:16:04 bluelucy.xyz caddy[11160]: {"level":"info","ts":1674566164.7608654,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
Jan 24 08:16:04 bluelucy.xyz systemd[1]: Stopping caddy.service - Caddy...
Jan 24 08:16:04 bluelucy.xyz systemd[1]: caddy.service: Deactivated successfully.
Jan 24 08:16:04 bluelucy.xyz systemd[1]: Stopped caddy.service - Caddy.
-- Boot 9c2611ff3732455398fde1f08208b4e6 --
Jan 24 21:54:18 john systemd[1]: Starting caddy.service - Caddy...
Jan 24 21:54:19 john caddy[1508]: caddy.HomeDir=/var/lib/caddy
Jan 24 21:54:19 john caddy[1508]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Jan 24 21:54:19 john caddy[1508]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Jan 24 21:54:19 john caddy[1508]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Jan 24 21:54:19 john caddy[1508]: caddy.Version=v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
Jan 24 21:54:19 john caddy[1508]: runtime.GOOS=linux
Jan 24 21:54:19 john caddy[1508]: runtime.GOARCH=amd64
Jan 24 21:54:19 john caddy[1508]: runtime.Compiler=gc
Jan 24 21:54:19 john caddy[1508]: runtime.NumCPU=12
Jan 24 21:54:19 john caddy[1508]: runtime.GOMAXPROCS=12
Jan 24 21:54:19 john caddy[1508]: runtime.Version=go1.19.2
Jan 24 21:54:19 john caddy[1508]: os.Getwd=/
Jan 24 21:54:19 john caddy[1508]: LANG=en_US.UTF-8
Jan 24 21:54:19 john caddy[1508]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
Jan 24 21:54:19 john caddy[1508]: XDG_DATA_DIRS=/var/lib/flatpak/exports/share:/usr/local/share/:/usr/share/
Jan 24 21:54:19 john caddy[1508]: NOTIFY_SOCKET=/run/systemd/notify
Jan 24 21:54:19 john caddy[1508]: HOME=/var/lib/caddy
Jan 24 21:54:19 john caddy[1508]: LOGNAME=caddy
Jan 24 21:54:19 john caddy[1508]: USER=caddy
Jan 24 21:54:19 john caddy[1508]: INVOCATION_ID=abea112c10c44aa88df0fbb64f5718b3
Jan 24 21:54:19 john caddy[1508]: JOURNAL_STREAM=8:38926
Jan 24 21:54:19 john caddy[1508]: SYSTEMD_EXEC_PID=1508
Jan 24 21:54:19 john caddy[1508]: {"level":"info","ts":1674615259.0221715,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Jan 24 21:54:19 john caddy[1508]: {"level":"info","ts":1674615259.0230134,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//[::1]:2019","//127.0.0.1:2019","//localhost:2019"]}
Jan 24 21:54:19 john caddy[1508]: {"level":"warn","ts":1674615259.0230591,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
Jan 24 21:54:19 john caddy[1508]: {"level":"info","ts":1674615259.0231228,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00085c770"}
Jan 24 21:54:19 john caddy[1508]: {"level":"info","ts":1674615259.02314,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Jan 24 21:54:19 john caddy[1508]: {"level":"info","ts":1674615259.0231533,"logger":"tls","msg":"finished cleaning storage units"}
Jan 24 21:54:19 john caddy[1508]: {"level":"info","ts":1674615259.023154,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Jan 24 21:54:19 john caddy[1508]: {"level":"info","ts":1674615259.0232315,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jan 24 21:54:19 john caddy[1508]: {"level":"info","ts":1674615259.0232518,"msg":"serving initial configuration"}
Jan 24 21:54:19 john systemd[1]: Started caddy.service - Caddy.

Output of caddy adapt

[bear-fedora-desktop@john caddy]$ caddy adapt
2023/01/25 04:35:01.002	INFO	using adjacent Caddyfile
Error: Caddyfile:15: unrecognized directive: acme_dns
[bear-fedora-desktop@john caddy]$ 

I copied from the most recent log entries to the point where I could not scroll up any further in the terminal. I’m not sure how to extract the whole log to a text file.

5. What I already tried:

I’ve followed the Docker Nextcloud AIO and accompanying reverse proxy documentation found at the links below. I have also downloaded the caddy-dns/porkbun file, made it executable and placed it in my home directory. I pointed the A records for my domain to the public IP of the server.

I am having an issue identifying what my problem actually is. Hopefully, I’ve made it halfway. Thank you!

6. Links to relevant resources:

I started with this:

https://github.com/nextcloud/all-in-one#how-to-use-this

Currently trying to follow this:

https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#caddy-with-acme-dns-challenge

Downloaded caddy build for porkbun from here made it executable and placed in /home/ directory.

That’s invalid syntax.

If you’re trying to set global options, it must be in the global options block. See Caddyfile Concepts — Caddy Documentation

This also doesn’t make sense. Why do you have a leading : there? That’s a domain, not a port, so there shouldn’t be a :

Caddy is reading its config from /etc/caddy/Caddyfile.

The fact you have syntax errors in what you posted, but Caddy still runs, is telling me that you probably didn’t put your config in /etc/caddy/Caddyfile, where it should be.

That’s not how that works. You need to make a custom build of Caddy with any plugins you want, then you need to replace your installed caddy binary with that one (i.e. /usr/bin/caddy). See the docs: Build from source — Caddy Documentation