1. The problem I’m having:
I have installed Nextcloud-AIO in a Docker container on my server, and used its built-in setup flow to set its URL to cloud.xanderwhart.us.
In a separate container, which shares a Docker network with the Nextcloud-AIO container, I am running Caddy as a reverse proxy.
When I attempt to log in to Nextcloud-AIO using the default provided admin credentials, I get an error message:
Temporary error.
Please try again.
I am posting this issue here because this GitHub issue of people with similar errors has several people saying they were able to fix this issue by disabling caching on their reverse proxy, which suggests to me that my reverse proxy (Caddy) might also somehow be implicated.
2. Error messages and/or full log output:
I apologize for truncating the log; however, I’ve been trying to solve this issue for a month and have had the log in debug mode the entire time; the full thing is nearly 1GB in size and something like 2.5 million lines.
This appears to be relevant log entries from around the time I submitted a Nextcloud login request:
caddy-1 | {"level":"debug","ts":1738361687.3796778,"logger":"http.stdlib","msg":"http: TLS handshake error from 98.246.122.50:43680: no certificate available for 'xanderwhart.us'"}
caddy-1 | {"level":"debug","ts":1738361687.4044147,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"nextcloud-aio-apache:11000","total_upstreams":1}
caddy-1 | {"level":"debug","ts":1738361687.405074,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"nextcloud-aio-apache:11000","duration":0.000631304,"request":{"remote_ip":"98.246.122.50","remote_port":"43624","client_ip":"98.246.122.50","proto":"HTTP/2.0","method":"GET","host":"cloud.xanderwhart.us","uri":"/apps/theming/img/background/jenna-kim-the-globe.webp","headers":{"Cookie":["REDACTED"],"Sec-Fetch-Site":["same-origin"],"Priority":["u=4, i"],"X-Forwarded-For":["98.246.122.50"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Fetch-Dest":["image"],"Sec-Fetch-Mode":["no-cors"],"Te":["trailers"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["cloud.xanderwhart.us"],"Accept-Language":["en-US,en;q=0.5"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0"],"Accept":["image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"cloud.xanderwhart.us"}},"headers":{"Referrer-Policy":["no-referrer"],"Last-Modified":["Fri, 31 Jan 2025 20:28:19 GMT"],"Content-Length":["98876"],"Content-Type":["image/webp"],"Strict-Transport-Security":["max-age=31536000;"],"X-Frame-Options":["SAMEORIGIN"],"X-Permitted-Cross-Domain-Policies":["none"],"X-Robots-Tag":["noindex, nofollow"],"Accept-Ranges":["bytes"],"Date":["Fri, 31 Jan 2025 22:14:47 GMT"],"Etag":["\"1823c-62d06621e5f59\""],"X-Content-Type-Options":["nosniff"],"X-Xss-Protection":["1; mode=block"],"Cache-Control":["max-age=15778463"]},"status":200}
caddy-1 | {"level":"warn","ts":1738361687.4059002,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","upstream":"nextcloud-aio-apache:11000","duration":0.000631304,"request":{"remote_ip":"98.246.122.50","remote_port":"43624","client_ip":"98.246.122.50","proto":"HTTP/2.0","method":"GET","host":"cloud.xanderwhart.us","uri":"/apps/theming/img/background/jenna-kim-the-globe.webp","headers":{"Cookie":["REDACTED"],"Sec-Fetch-Site":["same-origin"],"Priority":["u=4, i"],"X-Forwarded-For":["98.246.122.50"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Fetch-Dest":["image"],"Sec-Fetch-Mode":["no-cors"],"Te":["trailers"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["cloud.xanderwhart.us"],"Accept-Language":["en-US,en;q=0.5"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0"],"Accept":["image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"cloud.xanderwhart.us"}},"error":"writing: http2: stream closed"}
caddy-1 | {"level":"debug","ts":1738361687.40595,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"nextcloud-aio-apache:11000","total_upstreams":1}
caddy-1 | {"level":"debug","ts":1738361687.4059675,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"nextcloud-aio-apache:11000","duration":0.000003567,"request":{"remote_ip":"98.246.122.50","remote_port":"43624","client_ip":"98.246.122.50","proto":"HTTP/2.0","method":"GET","host":"cloud.xanderwhart.us","uri":"/core/img/logo/logo.svg","headers":{"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Fetch-Dest":["image"],"Accept":["image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Site":["same-origin"],"Priority":["u=4, i"],"Te":["trailers"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["REDACTED"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0"],"X-Forwarded-For":["98.246.122.50"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["cloud.xanderwhart.us"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"cloud.xanderwhart.us"}},"error":"context canceled"}
caddy-1 | {"level":"debug","ts":1738361688.2332754,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"nextcloud-aio-apache:11000","total_upstreams":1}
caddy-1 | {"level":"debug","ts":1738361688.2887018,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"nextcloud-aio-apache:11000","duration":0.055354094,"request":{"remote_ip":"98.246.122.50","remote_port":"43624","client_ip":"98.246.122.50","proto":"HTTP/2.0","method":"GET","host":"cloud.xanderwhart.us","uri":"/nextcloud/index.php/apps/files/preview-service-worker.js","headers":{"User-Agent":["Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0"],"X-Forwarded-For":["98.246.122.50"],"X-Forwarded-Host":["cloud.xanderwhart.us"],"Te":["trailers"],"Cache-Control":["no-cache"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["REDACTED"],"Sec-Fetch-Dest":["serviceworker"],"Priority":["u=4"],"Accept":["*/*"],"Service-Worker":["script"],"Pragma":["no-cache"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Fetch-Mode":["same-origin"],"Sec-Fetch-Site":["same-origin"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"cloud.xanderwhart.us"}},"headers":{"X-Content-Type-Options":["nosniff"],"X-Permitted-Cross-Domain-Policies":["none"],"Cache-Control":["no-cache, no-store, must-revalidate"],"Referrer-Policy":["no-referrer"],"Set-Cookie":["REDACTED"],"X-Request-Id":["m2meOmL81LClKxM482KC"],"Content-Length":["4734"],"Content-Type":["text/html; charset=UTF-8"],"Feature-Policy":["autoplay 'self';camera 'self';fullscreen 'self' https://cloud.xanderwhart.us;geolocation 'none';microphone 'self';payment 'none'"],"Date":["Fri, 31 Jan 2025 22:14:48 GMT"],"X-Frame-Options":["SAMEORIGIN"],"X-Robots-Tag":["noindex, nofollow"],"Content-Security-Policy":["default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-7K5CBxai72YGXt6GFqexe5gcwE4eT7VlF84bZ+xX3fA=' blob:;script-src-elem 'strict-dynamic' 'nonce-7K5CBxai72YGXt6GFqexe5gcwE4eT7VlF84bZ+xX3fA=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org https://cloud.xanderwhart.us;font-src 'self' data:;connect-src 'self' blob: cloud.xanderwhart.us:3478 wss://cloud.xanderwhart.us;media-src 'self' blob:;frame-src 'self' nc: https://cloud.xanderwhart.us;child-src blob: 'self';frame-ancestors 'self' https://cloud.xanderwhart.us;worker-src blob: 'self';form-action 'self' https://cloud.xanderwhart.us"],"Strict-Transport-Security":["max-age=31536000;"],"X-Xss-Protection":["1; mode=block"]},"status":404}
3. Caddy version:
v2.9.1
4. How I installed and ran Caddy:
a. System environment:
- Operating system: OpenMediaVault 7.4.16-1 (Sandworm), which is based on Debian 12 (Bookworm)
- Architecture: x86_64
- Docker version: 27.5.1, build 9f9e405
b. Command:
n/a
c. Service/unit/compose file:
services:
caddy:
image: serfriz/caddy-cloudflare-ddns-crowdsec-geoip-security-dockerproxy:2.9.1
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "443:443/udp"
environment:
- CADDY_INGRESS_NETWORKS=caddy,nextcloud-aio
- CADDY_DOCKER_CADDYFILE_PATH=/etc/caddy/Caddyfile
networks:
- caddy
- nextcloud-aio
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./Caddyfile:/etc/caddy/Caddyfile
#- ./site:/srv
- caddy_data:/data
- caddy_config:/config
networks:
caddy:
external: true
nextcloud-aio:
external: true
volumes:
caddy_data:
caddy_config:
d. My complete Caddy config:
{
debug
dynamic_dns {
provider cloudflare {env.CF_API_TOKEN}
domains {
xanderwhart.us *
motley.club
motley.rocks *
spencerdub.me *
}
}
}
(cloudflare) {
tls {
dns cloudflare {env.CF_API_TOKEN}
}
}
https://cloud.xanderwhart.us:443 {
import cloudflare
reverse_proxy nextcloud-aio-apache:11000
}
e. Nextcloud-AIO Docker Compose file:
services:
nextcloud-aio-mastercontainer:
image: nextcloud/all-in-one:latest
init: true
restart: always
container_name: nextcloud-aio-mastercontainer
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 5050:8080
environment:
# - APACHE_ADDITIONAL_NETWORK=caddy
- APACHE_PORT=11000
- APACHE_IP_BINDING=127.0.0.1
- NEXTCLOUD_DATADIR=/akhet/system/appdata/nextcloud_data
networks:
- caddy
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer
networks:
caddy:
external: true
5. Links to relevant resources:
- This support request cross-posted: Reddit, Reddit again, OpenMediaVault forums, Nextcloud Help forums
- Similar issue on Nextcloud Github, where disabling caching is recommended as a fix
- Nextcloud-AIO guide to installing behind a reverse proxy
- My previous post in this forum about an earlier stage of Nextcloud-AIO setup
I am deeply grateful for all help that you can provide. Thank you.