Nextcloud with FastCGI and Docker

1. My Caddy version (caddy -version):

1.0.3 (php-no-stats)

2. How I run Caddy:

a. System environment:

docker-compose on alpine in a VM

b. Command:

docker-compose up 

c. Service/unit/compose file:

  caddy:
    image: abiosoft/caddy:php-no-stats
    restart: always
    volumes:
      - ./Caddyfile:/etc/Caddyfile:ro
      - caddycerts:/root/.caddy
    ports:
      - 80:80 # needed for Let's Encrypt
      - 443:443
    environment:
      ACME_AGREE: "true" # agree to Let's Encrypt Subscriber Agreement
      DOMAIN: "censored" # CHANGE THIS! Used for Auto Let's Encrypt SSL
      EMAIL: "censored"  # CHANGE THIS! Optional, provided to Let's Encrypt
    networks:
      - nextcloud
volumes:
  caddycerts:
networks:
  nextcloud:

version: '3'

volumes:
  nextcloud:
  db:

services:
  nextcloud_mariadb:
    image: mariadb
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - /home/user/nextcloud/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD='censored'
      - MYSQL_PASSWORD='censored'
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud

  nextcloud:
    image: nextcloud:fpm-alpine
    links:
      - nextcloud_mariadb
    volumes:
      - /home/user/mnt/VM-Data/nextcloud:/var/www/html
    restart: always
    ports:
      -  9000:9000
    networks: 
      - nextcloud 


d. My complete Caddyfile:

nextcloud.domain.tld {

        root   /var/www/nextcloud
        log    /var/log/nextcloud_access.log
        errors /var/log/nextcloud_errors.log

        fastcgi / 127.0.0.1:9000 php {
                env PATH /bin
                env modHeadersAvailable true
                env front_controller_active true
                connect_timeout 60s
                read_timeout 3600s
                send_timeout 300s
        }

        header / {
                Strict-Transport-Security               "max-age=15768000;"
                X-Content-Type-Options                  "nosniff"
                X-XSS-Protection                        "1; mode=block"
                X-Robots-Tag                            "none"
                X-Download-Options                      "noopen"
                X-Permitted-Cross-Domain-Policies       "none"
                Referrer-Policy                         "no-referrer"
        }

        header /core/fonts {
                Cache-Control                           "max-age=604800"
        }

        # checks for images
        rewrite {
                ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map
                r ^/index.php/.*$
                to /{1} /index.php?{query}
        }

        rewrite {
                r ^/\.well-known/host-meta$
                to /public.php?service=host-meta&{query}
        }
        rewrite {
                r ^/\.well-known/host-meta\.json$
                to /public.php?service=host-meta-json&{query}
        }
        rewrite {
                r ^/\.well-known/webfinger$
                to /public.php?service=webfinger&{query}
        }

        rewrite {
                r ^/index.php/.*$
                to /index.php?{query}
        }

        rewrite / {
                if {path} not_starts_with /remote.php
                if {path} not_starts_with /public.php
                ext .png .html .ttf .ico .jpg .jpeg .css .js .woff .woff2 .svg .gif .map .html .ttf 
                r ^/(.*)$
                to /{1} /index.php{uri}
        }

        rewrite / {
                if {path} not /core/img/favicon.ico
                if {path} not /core/img/manifest.json
                if {path} not_starts_with /remote.php
                if {path} not_starts_with /public.php
                if {path} not_starts_with /cron.php
                if {path} not_starts_with /core/ajax/update.php
                if {path} not_starts_with /status.php
                if {path} not_starts_with /ocs/v1.php
                if {path} not_starts_with /ocs/v2.php
                if {path} not /robots.txt
                if {path} not_starts_with /updater/
                if {path} not_starts_with /ocs-provider/
                if {path} not_starts_with /ocm-provider/ 
                if {path} not_starts_with /.well-known/
                to /index.php{uri}
        }

        # client support (e.g. os x calendar / contacts)
        redir /.well-known/carddav /remote.php/carddav 301
        redir /.well-known/caldav /remote.php/caldav 301

        # remove trailing / as it causes errors with php-fpm
        rewrite {
                r ^/remote.php/(webdav|caldav|carddav|dav)(\/?)(\/?)$
                to /remote.php/{1}
        }

        rewrite {
                r ^/remote.php/(webdav|caldav|carddav|dav)/(.+?)(\/?)(\/?)$
                to /remote.php/{1}/{2}
        }

        rewrite {
                r ^/public.php/(dav|webdav|caldav|carddav)(\/?)(\/?)$
                to /public.php/{1}
        }

        rewrite {
                r ^/public.php/(dav|webdav|caldav|carddav)/(.+)(\/?)(\/?)$
                to /public.php/{1}/{2}
        }

        # .htaccess / data / config / ... shouldn't be accessible from outside
        status 404 {
                /.htaccess
                /data
                /config
                /db_structure
                /.xml
                /README
                /3rdparty
                /lib
                /templates
                /occ
                /console.php
        }

}

3. The problem I’m having:

Im not quite sure how to configure Caddy to serve Nextcloud with FastCGI when both are running inside docker containers.
How do I specify the root path? The Nextcloud root is in a docker volume for the nextcloud container which is on my filesystem under /home/user/mnt/vm-data/nextcloud. Do I need to add that volume to caddy? Whats the best/easiest way to do this?

I just figured out that if I change 127.0.0.1:9000 to nextcloud:9000 that I get a File not Found instead of a 502. And also I see the nextcloud container in my docker log. So I guess this is fine now

4. Error messages and/or full log output:

caddy_1              | 2020/01/20 23:05:50 [WARNING] Root path does not exist: /var/www/nextcloud
nextcloud_mariadb_1  | 2020-01-20 23:05:48+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.4.11+maria~bionic started.
nextcloud_mariadb_1  | 2020-01-20 23:05:49+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
caddy_1              | Activating privacy features... 2020/01/20 23:05:50 [INFO][cache:0xc000176730] Started certificate maintenance routine
nextcloud_mariadb_1  | 2020-01-20 23:05:49+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.4.11+maria~bionic started.
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] mysqld (mysqld 10.4.11-MariaDB-1:10.4.11+maria~bionic) starting as process 1 ...
caddy_1              | done.
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Warning] You need to use --log-bin to make --binlog-format work.
caddy_1              | 
caddy_1              | Serving HTTPS on port 443 

caddy_1              | https://nextcloud.domain.tld

nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: Using Linux native AIO
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: Uses event mutexes
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: Number of pools: 1
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: Using SSE2 crc32 instructions
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] mysqld: O_TMPFILE is not supported on /tmp (disabling future attempts)
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: Initializing buffer pool, total size = 256M, instances = 1, chunk size = 128M
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: Completed initialization of buffer pool
caddy_1              | 2020/01/20 23:05:50 [INFO] Serving https://nextcloud.domain.tld
caddy_1              | 
caddy_1              | Serving HTTP on port 80 
caddy_1              | http://bitwarden.besendorf.org
caddy_1              | http://nextcloud.domain.tld
caddy_1              | 
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: Creating shared tablespace for temporary tables
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: Waiting for purge to start
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: 10.4.11 started; log sequence number 19998611; transaction id 14836
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
caddy_1              | 2020/01/20 23:05:50 [INFO] Serving http://nextcloud.domain.tls
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] Plugin 'FEEDBACK' is disabled.
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] Server socket created on IP: '::'.
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Warning] 'proxies_priv' entry '@% root@c42501ff1811' ignored in --skip-name-resolve mode.
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] Reading of all Master_info entries succeeded
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] Added new Master_info '' to hash table
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] mysqld: ready for connections.
nextcloud_mariadb_1  | Version: '10.4.11-MariaDB-1:10.4.11+maria~bionic'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  mariadb.org binary distribution
nextcloud_mariadb_1  | 2020-01-20 23:05:50 0 [Note] InnoDB: Buffer pool(s) load completed at 200120 23:05:50
nextcloud_1          | [20-Jan-2020 23:05:51] NOTICE: fpm is running, pid 1
nextcloud_1          | [20-Jan-2020 23:05:51] NOTICE: ready to handle connections
nextcloud_1          | 172.30.0.2 -  20/Jan/2020:23:06:01 +0000 "GET /index.php" 404
nextcloud_1          | 172.30.0.2 -  20/Jan/2020:23:06:02 +0000 "GET /index.php" 404

5. What I already tried:

I tried adding the nextcloud volume also to the caddy container into /var/www/nextcloud. Now there is no Warning in the docker log about root not being found but I still get an File not Found if I try to access the site.

6. Links to relevant resources:

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.