Nextcloud Too Many Redirects

Eschguy · November 18, 2021, 11:53pm

1. Caddy version (`caddy version`): 2.4.6

2. How I run Caddy:

Container for reverse proxy, trying to use caddy as file_server for Nextcloud.

a. System environment:

Ubuntu Server 21.04 LXC in Proxmox
Caddy installed via repository managed by systemd
Nextcloud installed locally via archive

b. Command:

Paste command here.

c. Service/unit/compose file: N/A

d. My complete Caddyfile or JSON config:

Reverse Proxy:

testcloud.my.house {
        reverse_proxy 172.16.0.252:443
}

File Server:

:443 {
        root * /srv
        file_server
        php_fastcgi unix//run/php/php7.4-fpm.sock
        header {
                Strict-Transport-Security max-age=31536000;
        }

        @forbidden {
                path /.htaccess
                path /data/*
                path /config/*
                path /db_structure
                path /.xml
                path /README
                path /3rdparty/*
                path /lib/*
                path /templates/*
                path /occ
                path /console.php
        }
        respond @forbidden 404
}

3. The problem I’m having:

4. Error messages and/or full log output:

curl -v results:

Trying 123.45.678.90:443...
Connected to testcloud.my.house (123.45.678.90) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
TLSv1.3 (IN), TLS handshake, Certificate (11):
TLSv1.3 (IN), TLS handshake, CERT verify (15):
TLSv1.3 (IN), TLS handshake, Finished (20):
TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.3 (OUT), TLS handshake, Finished (20):
SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
ALPN, server accepted to use h2
Server certificate:
subject: CN=testcloud.my.house
start date: Nov 18 21:31:36 2021 GMT
expire date: Feb 16 21:31:35 2022 GMT
subjectAltName: host "testcloud.my.house" matched cert's "testcloud.my.house"
issuer: C=US; O=Let's Encrypt; CN=R3
SSL certificate verify ok.
Using HTTP2, server supports multi-use
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
Using Stream ID: 1 (easy handle 0x558cb7a64580)
GET / HTTP/2
Host: testcloud.my.house
user-agent: curl/7.74.0
accept: */*
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
HTTP/2 400 
server: Caddy
content-type: text/plain; charset=utf-8
date: Thu, 18 Nov 2021 23:37:53 GMT

Client sent an HTTP request to an HTTPS server.
Connection #0 to host testcloud.my.house left intact

5. What I already tried:

I’ve gone through and made both Nextcloud directories as identical as I can (serving on /srv), the reverse proxy block is identical, and keep getting HTTP requests over HTTPS.

6. Links to relevant resources:

francislavoie · November 19, 2021, 9:32am

When you use port 443, Caddy will enable TLS, because it’s the default HTTPS port. But you don’t have a certificate to serve on port 443 – you haven’t configured a domain to automate issuance on that server, nor provided a certificate to use.

Here, you’re not telling Caddy to proxy over HTTPS (you could do so by prefixing the upstream address with https://).

Since you’re setting this up with two servers, the first one will terminate TLS, so there’s no use in proxying over HTTPS. So you can use a port like 8080 instead, that won’t have the implication of HTTPS, and proxy over HTTP instead.

Eschguy · November 19, 2021, 2:50pm

Well now I’m getting an Internal Server Error, so that probably fixed that problem and something copied weird somewhere.

Edit: Messed up some PHP settings but now we’re in business!

system · December 18, 2021, 11:53pm

This topic was automatically closed after 30 days. New replies are no longer allowed.