Nextcloud behind apache to caddy

tkintenn · September 28, 2023, 2:30pm

1. The problem I’m having:

Moved an existing nextcloud instance to a new server. Have caddy running on another server, both have local lan access and internet traffic is routed to caddy. I have it working except I’d like to modify the url presented to the browser. Found several github and caddy forum entries that detail caddy v1 rewrites needed… i can’t seem to figure out how to translate those to v2 or if they’re even needed now.
right now it comes back https://sub.mycompany.com/index.php/apps/dashboard/#/
It should be: https://sub.mycompany.com/apps/dashboard/

trying to use apache to rewrite causes too many redirects error.
should the nextcloud instance be given an internal hostname resolvable by internal dns so it can pass it’s rewrites back to caddy?

2. Error messages and/or full log output:

Sep 28 13:14:19 stcontainer caddy[32483]: {"level":"debug","ts":1695906859.6796849,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.3.32:8080","total_upstreams":1}
Sep 28 13:14:19 stcontainer caddy[32483]: {"level":"debug","ts":1695906859.766926,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.3.32:8080","duration":0.08710551,"request":{"remote_ip":"74.115.129.21","remote_port":"17859","client_ip":"74.115.129.21","proto":"HTTP/1.1","method":"PROPFIND","host":"files.mycompany.com","uri":"/remote.php/dav/files/monica/Documents","headers":{"Authorization":[],"Accept":["*/*"],"Cookie":[],"Content-Length":["105"],"X-Forwarded-Host":["files.mycompany.com"],"Accept-Encoding":["gzip, deflate"],"Content-Type":["text/xml; charset=utf-8"],"X-Request-Id":["73913f09-6945-4468-9e17-252e0784961e"],"User-Agent":["Mozilla/5.0 (Macintosh) mirall/2.5.1final (build 20181204) (Nextcloud)"],"Accept-Language":["en-US,*"],"Depth":["0"],"X-Forwarded-For":["74.115.129.21"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":771,"cipher_suite":49195,"proto":"","server_name":"files.mycompany.com"}},"headers":{"Date":["Thu, 28 Sep 2023 13:14:19 GMT"],"Server":["Apache/2.4.52 (Ubuntu)"],"Cache-Control":["no-store, no-cache, must-revalidate"],"Pragma":["no-cache"],"Content-Security-Policy":["default-src 'none';"],"Referrer-Policy":["no-referrer"],"X-Content-Type-Options":["nosniff"],"X-Debug-Token":["5fKlMNThMlABEdKwJnki"],"X-Frame-Options":["SAMEORIGIN"],"X-Permitted-Cross-Domain-Policies":["none"],"X-Xss-Protection":["1; mode=block"],"Dav":["1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, nextcloud-checksum-update, nc-calendar-search, nc-enable-birthday-calendar"],"X-Request-Id":["5fKlMNThMlABEdKwJnki"],"Content-Encoding":["gzip"],"Content-Type":["application/xml; charset=utf-8"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"],"X-Robots-Tag":["noindex, nofollow"],"Vary":["Brief,Prefer"],"Content-Length":["243"]},"status":207}
Sep 28 13:14:19 stcontainer caddy[32483]: {"level":"debug","ts":1695906859.805926,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.3.32:8080","total_upstreams":1}

3. Caddy version:

v2.7.4 h1:J8nisjdOxnYHXlorUKXY75Gr6iBfudfoGhrJ8t7/flI=

4. How I installed and ran Caddy:

ubuntu 22.04 lts apt repo

a. System environment:

Nextcloud server - ubuntu 22.04lts, apache 2.4, 192.168.3.32
Caddy server ubuntu 22.04lts, docker, 192.168.3.37

b. Command:

# /lib/systemd/system/caddy.service
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

c. Service/unit/compose file:

version: "3.9"

services:
  caddy:
    image: caddy:2.7.4-alpine
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./site:/srv
      - caddy_data:/data
      - caddy_config:/config

volumes:
  caddy_data:
  caddy_config:

d. My complete Caddy config:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
{
	debug
}


#files.mycompany.com {
#	header Strict-Transport-Security max-age=31536000;
#	reverse_proxy 192.168.3.32:8080
#}
#
files.mycompany.com {
	header Strict-Transport-Security max-age=31536000
	redir /.well-known/carddav /remote.php/dav 301
	redir /.well-known/caldav /remote.php/dav 301

	reverse_proxy 192.168.3.32:8080

	rewrite / /
}

5. Links to relevant resources:

This seemed to be in the direction i needed to head:

not sure if this one applies… seemed promising at first.

gist.github.com

https://gist.github.com/tmo1/72a9dc98b0b6b75f7e4ec336cdc399e1

nextcloud-caddy-docker.md

# Introduction

This is a guide to deploying Nextcloud behind a Caddy reverse proxy, both running in Docker containers (an [official Nextcloud one](https://hub.docker.com/_/nextcloud/) and a [caddy-docker-proxy one](https://github.com/lucaslorentz/caddy-docker-proxy)), with the goal of implementing as much as possible via docker-compose files. This is much more difficult than it should be, for a variety of reasons:

 * As with Docker versions of software in general, documentation of the software does not always apply to the Docker versions, and the Docker documentation does not always include the Docker equivalent ways of doing things.

 * Docker images do not always expose the desired configuration knobs of the underlying software.

 * Nextcloud requires [special configuration to run correctly behind a reverse proxy](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html) (and again, some of the instructions for this configuration requires modification for Dockerized versions of Nextcloud and the reverse proxy).

This file has been truncated. show original

francislavoie · September 28, 2023, 6:04pm

Since Apache is the one handling PHP, you should configure any rewrites there, not in Caddy.

tkintenn · September 28, 2023, 6:13pm

i thought so too but turning on the rewrite engine in the vhost file causes the “too many redirects error”. Is it because the nextcloud vhost file and it’s conf file have rewrites for the same domain name in the caddy file?

francislavoie · September 28, 2023, 6:24pm

It’s probably trying to redirect to HTTPS when Caddy is already terminating TLS and it proxying over HTTP. Or something like that. Ultimately it’s an Apache misconfiguration, not a Caddy problem.

tkintenn · September 28, 2023, 6:36pm

https is turned off in the vhost file.

<VirtualHost *:8080>
    #ServerName files.mycompany.com
    DocumentRoot /var/www/html/nc.mycompany.com
    #ServerAlias files.mycompany.com
    ErrorLog /var/log/apache2/nc_error.log
    CustomLog /var/log/apache2/nc_requests.log combined
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =files.mycompany.com
#RewriteRule ^ http://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Alias /nextcloud "/var/www/html/nc.mycompany.com/"
<Directory /var/www/html/file.shafertech.io/>
 Options +FollowSymlinks
 AllowOverride All

<IfModule mod_dav.c>
 Dav off
 </IfModule>

SetEnv HOME /var/www/html/nc.mycompany.com
 SetEnv HTTP_HOME /var/www/html/nc.mycompany.com
</Directory>

tkintenn · September 28, 2023, 7:27pm

For anyone else that is using apache to host nextcloud on one server, and another server running caddy reverse proxy here was my answer:

The answer was in the URL in the vhost file. Since i had moved an instance that was a standalone vm to behind a reverse proxy, the vhost file needed changed. I change the *:8080 to files.internal.site:8080 and the redirects in the vhost file to use that internal domain.

Add the reverse proxy entries Next cloud calls for in the config.php. I needed
‘overwrite.cli.url’, ‘overwritehost’ => files.mycompany.com, and trusted_proxies array (use the trusted_domains array as an example if you need one. I simply added the proxy host internal Ip.

the last problem i had is apache was ignoring the .htaccess file. That’s because in ubuntu 22.04 lts it loads the apache2.conf file first and the directory entry for /var/www has allow override none. Changing it to allow overrides for just that entry fixed my last issue.

It started working. the end.

system · October 28, 2023, 7:28pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.