Nextcloud Too Many Redirects

1. Caddy version (caddy version): 2.4.6

2. How I run Caddy:

Container for reverse proxy, trying to use caddy as file_server for Nextcloud.

a. System environment:

Ubuntu Server 21.04 LXC in Proxmox
Caddy installed via repository managed by systemd
Nextcloud installed locally via archive

b. Command:

Paste command here.

c. Service/unit/compose file: N/A

d. My complete Caddyfile or JSON config:

Reverse Proxy:

testcloud.my.house {
        reverse_proxy 172.16.0.252:443
}

File Server:

:443 {
        root * /srv
        file_server
        php_fastcgi unix//run/php/php7.4-fpm.sock
        header {
                Strict-Transport-Security max-age=31536000;
        }

        @forbidden {
                path /.htaccess
                path /data/*
                path /config/*
                path /db_structure
                path /.xml
                path /README
                path /3rdparty/*
                path /lib/*
                path /templates/*
                path /occ
                path /console.php
        }
        respond @forbidden 404
}

3. The problem I’m having:

4. Error messages and/or full log output:

curl -v results:

Trying 123.45.678.90:443...
Connected to testcloud.my.house (123.45.678.90) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
TLSv1.3 (IN), TLS handshake, Certificate (11):
TLSv1.3 (IN), TLS handshake, CERT verify (15):
TLSv1.3 (IN), TLS handshake, Finished (20):
TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.3 (OUT), TLS handshake, Finished (20):
SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
ALPN, server accepted to use h2
Server certificate:
subject: CN=testcloud.my.house
start date: Nov 18 21:31:36 2021 GMT
expire date: Feb 16 21:31:35 2022 GMT
subjectAltName: host "testcloud.my.house" matched cert's "testcloud.my.house"
issuer: C=US; O=Let's Encrypt; CN=R3
SSL certificate verify ok.
Using HTTP2, server supports multi-use
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
Using Stream ID: 1 (easy handle 0x558cb7a64580)
GET / HTTP/2
Host: testcloud.my.house
user-agent: curl/7.74.0
accept: */*
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
HTTP/2 400 
server: Caddy
content-type: text/plain; charset=utf-8
date: Thu, 18 Nov 2021 23:37:53 GMT

Client sent an HTTP request to an HTTPS server.
Connection #0 to host testcloud.my.house left intact

5. What I already tried:

I’ve gone through and made both Nextcloud directories as identical as I can (serving on /srv), the reverse proxy block is identical, and keep getting HTTP requests over HTTPS.

6. Links to relevant resources:

• Nextcloud behind caddy reverse proxy: too many redirects
• What could be causing too many redirects?

When you use port 443, Caddy will enable TLS, because it’s the default HTTPS port. But you don’t have a certificate to serve on port 443 – you haven’t configured a domain to automate issuance on that server, nor provided a certificate to use.

Here, you’re not telling Caddy to proxy over HTTPS (you could do so by prefixing the upstream address with https://).

Since you’re setting this up with two servers, the first one will terminate TLS, so there’s no use in proxying over HTTPS. So you can use a port like 8080 instead, that won’t have the implication of HTTPS, and proxy over HTTP instead.

Well now I’m getting an Internal Server Error, so that probably fixed that problem and something copied weird somewhere.

Edit: Messed up some PHP settings but now we’re in business!