Redirect loop Caddy reverse proxy to Apache 2.4

Help
1

1. The problem I’m having:

Hello,

I am trying to set up Docker containers for a client with the following services:
Apache 2.4
PHP 8.3 with FPM
MySQL 8.0
phpMyAdmin

I’d love to use Caddy for the server but he requires Apache so I have to stick with it, I want to use Caddy as much as possible so that’s why the Caddy reverse proxy

is used, which works perfectly fine and is easy to set up.

Any help or hints are highly appreciated, I guess it’s only a simple thing I am overlooking here but I have no clue what else to try so that’s why I am posting here.

It seems like Apache is redirecting to itself, is there anything in the proxy config or Apache config to turn the loop off?

2. Error messages and/or full log output:

Here is the curl -vL https://staging.smartreparatur.at output

* TLSv1.3 (IN), TLS app data, [no content] (0):
< HTTP/2 301
< alt-svc: h3=":443"; ma=2592000
< content-type: text/html; charset=iso-8859-1
< date: Sat, 09 Nov 2024 11:11:49 GMT
< location: https://staging.smartreparatur.at
< server:
< server: Apache
< strict-transport-security: max-age=63072000; includeSubDomains; preload
< content-length: 241
<
* TLSv1.3 (IN), TLS app data, [no content] (0):
* Ignoring the response-body
* Connection #0 to host staging.smartreparatur.at left intact
* Issue another request to this URL: 'https://staging.smartreparatur.at'
* Rebuilt URL to: https://staging.smartreparatur.at/
* Found bundle for host staging.smartreparatur.at: 0x557db71f4ac0 [can multiplex]
* Re-using existing connection! (#0) with host staging.smartreparatur.at
* Connected to staging.smartreparatur.at (185.164.4.182) port 443 (#0)
* Using Stream ID: 65 (easy handle 0x557db71f96f0)
* TLSv1.3 (OUT), TLS app data, [no content] (0):
> GET / HTTP/2
> Host: staging.smartreparatur.at
> User-Agent: curl/7.61.1
> Accept: */*
>
* TLSv1.3 (IN), TLS app data, [no content] (0):
< HTTP/2 301
< alt-svc: h3=":443"; ma=2592000
< content-type: text/html; charset=iso-8859-1
< date: Sat, 09 Nov 2024 11:11:49 GMT
< location: https://staging.smartreparatur.at
< server:
< server: Apache
< strict-transport-security: max-age=63072000; includeSubDomains; preload
< content-length: 241
<
* TLSv1.3 (IN), TLS app data, [no content] (0):
* Ignoring the response-body
* Connection #0 to host staging.smartreparatur.at left intact
* Maximum (50) redirects followed
curl: (47) Maximum (50) redirects followed

Full docker log container output, Apache in full debug mode

docker logs -f df74923de143
Initialize container
Start container with the command: /init
/package/admin/s6-overlay/libexec/preinit: info: container permissions: uid=0 (root), euid=0, gid=0 (root), egid=0
/package/admin/s6-overlay/libexec/preinit: info: /run permissions: uid=0 (root), gid=0 (root), perms=oxorgxgruxuwur
s6-rc: info: service s6rc-fdholder: starting
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service s6rc-fdholder successfully started
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/00-bootstrap
Verify group www-data
Verify user www-data
Create /var/www/html if not exists
Generate PHP config
/usr/local/etc/php/conf.d/zz-generated-settings.ini

[PHP]
allow_url_include = 0
date.timezone = UTC
display_errors = 1
error_log = /proc/1/fd/2
expose_php = 0
mail.log = /proc/1/fd/2
max_input_vars = 10000
memory_limit = 256M
opcache.enable = 1
opcache.error_log = /proc/1/fd/2
opcache.jit_debug = 1
opcache.max_accelerated_files = 130987
opcache.preload_user = www-data
post_max_size = 320M
report_zend_debug = 1
request_order = GP
session.cookie_httponly = 1
session.cookie_lifetime = 0
session.cookie_samesite = Lax
session.cookie_secure = 0
session.use_cookies = 1
syslog.facility = syslog
upload_max_filesize = 300M
variables_order = EGPCS

; Generated at 2024-11-09 11:24:26

/usr/local/etc/php-fpm.d/zz-generated-settings.conf

[global]
daemonize = no
error_log = /proc/1/fd/2
log_buffering = yes
log_level = notice
pid = /run/php-fpm.pid
syslog.facility = syslog

[www]
access.format = %R - %u %t "%m %r%Q%q" %s %{HTTP_HOST}e%{REQUEST_URI}e %{seconds}d %{kilo}M %C%% %{HTTP_REFERER}e
access.log = /var/log/php-fpm.log
catch_workers_output = yes
clear_env = no
decorate_workers_output = no
group = www-data
listen = /run/php-fpm.sock
listen.group = www-data
listen.mode = 0660
listen.owner = www-data
ping.path = /ping
ping.response = pong
pm = ondemand
pm.max_children = 5
pm.max_requests = 0
pm.max_spare_servers = 3
pm.max_spawn_rate = 32
pm.min_spare_servers = 1
pm.process_idle_timeout = 10
pm.start_servers = 2
pm.status_listen = /run/php-fpm-status.sock
pm.status_path = /status/php-fpm
process.dumpable = no
request_terminate_timeout_track_finished = no
slowlog = /proc/1/fd/2
user = www-data

; Generated at 2024-11-09 11:24:26

PHP config exported:
  /usr/local/etc/php/conf.d/zz-generated-settings.ini
  /usr/local/etc/php-fpm.d/zz-generated-settings.conf

Skip project creation because /var/www/html is not empty.
Skip composer install because /var/www/html/composer.json is missing.
Skip creating index.php because /var/www/html is not empty.

░█▀▀░█░█░▀█▀░█▀█░█▀▀░█▀▀░█▀█░▀█▀░█▀▀░█▀▄░░░█░█▀█░█░█░█▀█
░▀▀█░█▀█░░█░░█░█░▀▀█░█▀▀░█░█░░█░░█▀▀░█▀▄░▄▀░░█▀▀░█▀█░█▀▀
░▀▀▀░▀░▀░▀▀▀░▀░▀░▀▀▀░▀▀▀░▀░▀░░▀░░▀▀▀░▀░▀░▀░░░▀░░░▀░▀░▀░░

If you find my Docker images useful, consider donating via PayPal:
 -> https://www.paypal.me/shinsenter

(To edit this welcome message, add your text to /etc/welcome.txt)

---------------
Container     : shinsenter/phpfpm-apache (built: 2024-10-30T03:29:50+0000)
Distro        : Debian GNU/Linux 12 (bookworm)
Timezone      : UTC (GMT+0000)
UID / GID     : www-data:www-data (33:33)
App Root      : /var/www/html
Document Root : /var/www/html
---------------

Docker Images by SHIN Company
Copyright (C) 2024 SHIN Company <shin@shin.company>

This software is free under the GNU General Public License (GPL).
You can redistribute and/or modify it under the terms of the GNU GPL.
This program is provided with the hope that it will be useful,
but it comes WITHOUT ANY WARRANTY. For more details, refer to the GNU GPL.

To get support, please contact: SHIN Company <shin@shin.company>
Docker Hub:      https://hub.docker.com/u/shinsenter
GitHub Packages: https://github.com/shinsenter?tab=packages

PHP 8.3.13 (fpm-fcgi) (built: Oct 28 2024 22:05:02)
Copyright (c) The PHP Group
Zend Engine v4.3.13, Copyright (c) Zend Technologies
    with Zend OPcache v8.3.13, Copyright (c), by Zend Technologies
Composer version 2.8.2 2024-10-29 16:12:11

Fix .htaccess to allow uri path after index.php
Fix ownership for the application path
cont-init: info: /etc/cont-init.d/00-bootstrap exited 0
cont-init: info: running /etc/cont-init.d/zz-start-apache
Server version: Apache/2.4.62 (Debian)
Server built:   2024-10-04T15:21:08
🐞 Apache is in DEBUG MODE 🐞
VirtualHost configuration:
*:80                   staging.smartreparatur.at (/etc/apache2/sites-enabled/00-default.conf:2)
*:443                  staging.smartreparatur.at (/etc/apache2/sites-enabled/00-default.conf:10)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/proc/1/fd/2"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
PidFile: "/run/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
mkdir: created directory '/var/lock/apache2'
Fix ownership for /var/log/apache2
Fix ownership for /var/lock/apache2
Fix ownership for /var/run/apache2
Fix ownership for /var/lib/apache2
Fix ownership for /var/log/apache2
Fix ownership for /run/apache2
Syntax OK
cont-init: info: /etc/cont-init.d/zz-start-apache exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service syslogd-prepare: starting
s6-rc: info: service php-fpm: starting
s6-rc: info: service crontab: starting
s6-rc: info: service php-fpm successfully started
s6-rc: info: service apache: starting
s6-rc: info: service crontab successfully started
s6-rc: info: service apache successfully started
s6-rc: info: service syslogd-prepare successfully started
s6-rc: info: service syslogd-log: starting
s6-rc: info: service syslogd-log successfully started
s6-rc: info: service syslogd: starting
[09-Nov-2024 11:24:27] NOTICE: fpm is running, pid 492
[09-Nov-2024 11:24:27] NOTICE: ready to handle connections
s6-rc: info: service syslogd successfully started
s6-rc: info: service legacy-services: starting
[Sat Nov 09 11:24:27.455612 2024] [ssl:info] [pid 512:tid 512] AH01883: Init: Initialized OpenSSL library
[Sat Nov 09 11:24:27.456938 2024] [ssl:debug] [pid 512:tid 512] ssl_engine_init.c(364): AH01886: OpenSSL has FIPS mode disabled
[Sat Nov 09 11:24:27.456950 2024] [ssl:info] [pid 512:tid 512] AH01887: Init: Initializing (virtual) servers for SSL
[Sat Nov 09 11:24:27.456955 2024] [ssl:info] [pid 512:tid 512] AH01914: Configuring server staging.smartreparatur.at:443 for SSL protocol
[Sat Nov 09 11:24:27.457683 2024] [ssl:debug] [pid 512:tid 512] ssl_engine_init.c(536): AH01893: Configuring TLS extension handling
[Sat Nov 09 11:24:27.458993 2024] [ssl:warn] [pid 512:tid 512] AH01906: staging.smartreparatur.at:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Nov 09 11:24:27.459028 2024] [ssl:debug] [pid 512:tid 512] ssl_util_ssl.c(451): AH02412: [staging.smartreparatur.at:443] Cert does not match for name 'staging.smartreparatur.at' [subject: CN=localhost / issuer: CN=localhost / serial: 1F51D77CFFB5265F3AB7AD04F28306C5B14A35F0 / notbefore: Oct 30 00:19:01 2024 GMT / notafter: Oct 30 00:19:01 2034 GMT]
[Sat Nov 09 11:24:27.459039 2024] [ssl:warn] [pid 512:tid 512] AH01909: staging.smartreparatur.at:443:0 server certificate does NOT include an ID which matches the server name
[Sat Nov 09 11:24:27.459043 2024] [ssl:info] [pid 512:tid 512] AH02568: Certificate and private key staging.smartreparatur.at:443:0 configured from /etc/ssl/site/server.crt and /etc/ssl/site/server.key
[Sat Nov 09 11:24:27.459454 2024] [ssl:info] [pid 512:tid 512] AH01876: mod_ssl/2.4.62 compiled against Server: Apache/2.4.62, Library: OpenSSL/3.0.14
[Sat Nov 09 11:24:27.459464 2024] [http2:debug] [pid 512:tid 512] mod_http2.c(112): AH03089: initializing post config dry run
[Sat Nov 09 11:24:27.467011 2024] [ssl:info] [pid 512:tid 512] AH01883: Init: Initialized OpenSSL library
[Sat Nov 09 11:24:27.467067 2024] [ssl:debug] [pid 512:tid 512] ssl_engine_init.c(364): AH01886: OpenSSL has FIPS mode disabled
[Sat Nov 09 11:24:27.467078 2024] [ssl:warn] [pid 512:tid 512] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Sat Nov 09 11:24:27.467091 2024] [ssl:info] [pid 512:tid 512] AH01887: Init: Initializing (virtual) servers for SSL
[Sat Nov 09 11:24:27.467096 2024] [ssl:info] [pid 512:tid 512] AH01914: Configuring server staging.smartreparatur.at:443 for SSL protocol
s6-rc: info: service legacy-services successfully started
[Sat Nov 09 11:24:27.467871 2024] [ssl:debug] [pid 512:tid 512] ssl_engine_init.c(536): AH01893: Configuring TLS extension handling
[Sat Nov 09 11:24:27.470003 2024] [ssl:warn] [pid 512:tid 512] AH01906: staging.smartreparatur.at:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Nov 09 11:24:27.470081 2024] [ssl:debug] [pid 512:tid 512] ssl_util_ssl.c(451): AH02412: [staging.smartreparatur.at:443] Cert does not match for name 'staging.smartreparatur.at' [subject: CN=localhost / issuer: CN=localhost / serial: 1F51D77CFFB5265F3AB7AD04F28306C5B14A35F0 / notbefore: Oct 30 00:19:01 2024 GMT / notafter: Oct 30 00:19:01 2034 GMT]
[Sat Nov 09 11:24:27.470092 2024] [ssl:warn] [pid 512:tid 512] AH01909: staging.smartreparatur.at:443:0 server certificate does NOT include an ID which matches the server name
[Sat Nov 09 11:24:27.470098 2024] [ssl:info] [pid 512:tid 512] AH02568: Certificate and private key staging.smartreparatur.at:443:0 configured from /etc/ssl/site/server.crt and /etc/ssl/site/server.key
[Sat Nov 09 11:24:27.470930 2024] [ssl:info] [pid 512:tid 512] AH01876: mod_ssl/2.4.62 compiled against Server: Apache/2.4.62, Library: OpenSSL/3.0.14
[Sat Nov 09 11:24:27.470958 2024] [http2:info] [pid 512:tid 512] AH03090: mod_http2 (v2.0.22, feats=CHPRIO+SHA256+INVHD+DWINS, nghttp2 1.52.0), initializing...
[Sat Nov 09 11:24:27.472340 2024] [watchdog:debug] [pid 512:tid 512] mod_watchdog.c(445): AH010033: Watchdog: Running with WatchdogInterval 1000ms
[Sat Nov 09 11:24:27.472416 2024] [watchdog:debug] [pid 512:tid 512] mod_watchdog.c(454): AH02974: Watchdog: found parent providers.
[Sat Nov 09 11:24:27.472443 2024] [watchdog:debug] [pid 512:tid 512] mod_watchdog.c(500): AH02977: Watchdog: found child providers.
[Sat Nov 09 11:24:27.472594 2024] [watchdog:debug] [pid 512:tid 512] mod_watchdog.c(508): AH02978: Watchdog: Looking for child (_singleton_).
[Sat Nov 09 11:24:27.472649 2024] [watchdog:debug] [pid 512:tid 512] mod_watchdog.c(508): AH02978: Watchdog: Looking for child (_default_).
[Sat Nov 09 11:24:27.473207 2024] [mpm_event:debug] [pid 512:tid 512] event.c(740): Child 0 started: pid 512, gen 0, active 1/6, total 1/1/16
[Sat Nov 09 11:24:27.473384 2024] [watchdog:debug] [pid 512:tid 512] mod_watchdog.c(559): AH02980: Watchdog: nothing configured?
[Sat Nov 09 11:24:27.473465 2024] [http2:info] [pid 512:tid 512] h2_workers: created with min=25 max=37 idle_ms=600000
[Sat Nov 09 11:24:27.474643 2024] [proxy:debug] [pid 512:tid 512] proxy_util.c(2254): AH00925: initializing worker proxy:reverse shared
[Sat Nov 09 11:24:27.474734 2024] [proxy:debug] [pid 512:tid 512] proxy_util.c(2325): AH00927: initializing worker proxy:reverse local
[Sat Nov 09 11:24:27.474812 2024] [proxy:debug] [pid 512:tid 512] proxy_util.c(2356): AH00930: initialized pool in child 512 for (*:80) min=0 max=61 smax=61
[Sat Nov 09 11:24:27.475209 2024] [mpm_event:debug] [pid 512:tid 589] event.c(2402): AH02471: start_threads: Using epoll (wakeable)
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.207996 2024] [headers:debug] [pid 512:tid 592] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
[Sat Nov 09 11:33:21.243108 2024] [headers:debug] [pid 512:tid 593] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.278626 2024] [headers:debug] [pid 512:tid 594] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.312461 2024] [headers:debug] [pid 512:tid 595] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.346964 2024] [headers:debug] [pid 512:tid 596] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.381303 2024] [headers:debug] [pid 512:tid 597] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.416012 2024] [headers:debug] [pid 512:tid 598] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.454944 2024] [headers:debug] [pid 512:tid 599] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.489107 2024] [headers:debug] [pid 512:tid 600] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.523923 2024] [headers:debug] [pid 512:tid 601] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.557959 2024] [headers:debug] [pid 512:tid 602] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.595959 2024] [headers:debug] [pid 512:tid 603] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.629892 2024] [headers:debug] [pid 512:tid 591] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.663982 2024] [headers:debug] [pid 512:tid 604] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.698551 2024] [headers:debug] [pid 512:tid 605] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.731981 2024] [headers:debug] [pid 512:tid 606] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.765915 2024] [headers:debug] [pid 512:tid 607] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.801019 2024] [headers:debug] [pid 512:tid 608] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.836797 2024] [headers:debug] [pid 512:tid 611] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.876228 2024] [headers:debug] [pid 512:tid 612] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241
[Sat Nov 09 11:33:21.912207 2024] [headers:debug] [pid 512:tid 610] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()
193.83.132.82 - - [09/Nov/2024:11:33:21 +0000] "GET / HTTP/1.1" 301 241

3. Caddy version:

Version of the Reverse proxy caddy server

docker exec -it 547aace81d18 caddy version
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

I run the Caddy reverse proxy using

docker compose up -d in the folder where the compose.yaml is /srv

a. System environment:

cat /etc/os-release
NAME=“AlmaLinux”
VERSION=“8.10 (Cerulean Leopard)”
ID=“almalinux”
ID_LIKE=“rhel centos fedora”
VERSION_ID=“8.10”
PLATFORM_ID=“platform:el8”
PRETTY_NAME=“AlmaLinux 8.10 (Cerulean Leopard)”
ANSI_COLOR=“0;34”
LOGO=“fedora-logo-icon”
CPE_NAME=“cpe:/o:almalinux:almalinux:8::baseos”
HOME_URL=“https://almalinux.org/
DOCUMENTATION_URL=“https://wiki.almalinux.org/
BUG_REPORT_URL=“https://bugs.almalinux.org/

ALMALINUX_MANTISBT_PROJECT=“AlmaLinux-8”
ALMALINUX_MANTISBT_PROJECT_VERSION=“8.10”
REDHAT_SUPPORT_PRODUCT=“AlmaLinux”
REDHAT_SUPPORT_PRODUCT_VERSION=“8.10”
SUPPORT_END=2029-06-01

b. Command:

docker compose up -d

c. Service/unit/compose file:

---
services:
  caddy:
    image: lucaslorentz/caddy-docker-proxy:ci-alpine
    ports:
      - 80:80
      - 443:443
    environment:
      - CADDY_INGRESS_NETWORKS=caddy
    networks:
      - caddy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - caddy_data:/data
    restart: unless-stopped

networks:
  caddy:
    external: true

volumes:
  caddy_data: {}

Here is the compose.yaml used to set up the PHP-FPM-APACHE, MySQL and phpMyAdmin services

---
networks:
  caddy:
    external: true
  internal:
    driver: bridge

services:
  web:
    image: shinsenter/php:8.3-fpm-apache
    container_name: PHPFPM-APACHE-SMARTREPARATUR-STAGING
    volumes:
      - /srv/lcmp_smartreparatur_staging/www/www/home:/var/www/html
      - /srv/lcmp_smartreparatur_staging/custom.conf:/etc/apache2/custom.d/custom.conf
    networks:
      - internal
      - caddy
    labels:
      caddy: staging.smartreparatur.at
      caddy.reverse_proxy: "{{upstreams}}"
      caddy.header.Server: ""
    environment:
      PHP_DISPLAY_ERRORS: "1"
      PHP_ERROR_ERROR_REPORTING: "-1"
      PHP_POST_MAX_SIZE: "320M"
      PHP_UPLOAD_MAX_FILESIZE: "300M"
      PHP_MAX_INPUT_VARS: "10000"
      DEBUG: "1"

  mysql-lcmp-smartreparatur-staging:
    image: "mysql:8.0"
    container_name: MYSQL-SMARTREPARATUR-STAGING
    environment:
      MYSQL_ROOT_PASSWORD: <redacted>
    volumes:
      - "mysqldata:/var/lib/mysql"
    networks:
      - internal

  phpmyadmin-lcmp-smartreparatur-staging:
    image: "phpmyadmin/phpmyadmin:latest"
    container_name: PHPMYADMIN-SMARTREPARATUR-STAGING
    environment:
      PMA_HOST: mysql-lcmp-smartreparatur-staging
      UPLOAD_LIMIT: 1024M
    labels:
      caddy: phpmyadmin-staging.smartreparatur.at
      caddy.reverse_proxy: "{{upstreams}}"
    networks:
      - internal
      - caddy
    depends_on:
      - mysql-lcmp-smartreparatur-staging
volumes:
  mysqldata: {}

The custom.conf Apache configuration file that is loaded additionally

ServerName staging.smartreparatur.at
Redirect permanent / https://staging.smartreparatur.at

# Enable Gzip compression (Deflate)
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
DeflateCompressionLevel 9
</IfModule>

<Directory /var/www/html>
DirectoryIndex index.php
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>

# Enable caching for static assets
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
</IfModule>


# Security headers
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
#        Header set X-Frame-Options "SAMEORIGIN"
Header set X-XSS-Protection "1; mode=block"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
</IfModule>


# Enable logging
# Log to standard output (stdout)
CustomLog /proc/self/fd/1 common
ErrorLog /proc/self/fd/2

I have a similar set up with this “weird” custom.conf


LoadModule proxy_module /usr/local/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/local/apache2/modules/mod_proxy_http.so
LoadModule proxy_fcgi_module /usr/local/apache2/modules/mod_proxy_fcgi.so
LoadModule cache_module /usr/local/apache2/modules/mod_cache.so
LoadModule deflate_module /usr/local/apache2/modules/mod_deflate.so
LoadModule expires_module /usr/local/apache2/modules/mod_expires.so
LoadModule remoteip_module /usr/local/apache2/modules/mod_remoteip.so
LoadModule rewrite_module /usr/local/apache2/modules/mod_rewrite.so

<VirtualHost *:80>
    ServerName https://www.smartreparatur.at
    ServerAlias https://smartreparatur.at

    DocumentRoot /var/www/html

    # Enable Gzip compression (Deflate)
    <IfModule mod_deflate.c>
        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
        DeflateCompressionLevel 9
    </IfModule>

    # Set the ProxyTimeout globally for this VirtualHost
    ProxyTimeout 60

    # PHP and Proxy Configuration
    <FilesMatch "\.php$">
        SetHandler "proxy:fcgi://php-lcmp-smartreparatur:9000"
    </FilesMatch>

    <Directory /var/www/html>
        DirectoryIndex index.php
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    # Enable caching for static assets
    <IfModule mod_expires.c>
        ExpiresActive On
        ExpiresByType image/jpg "access plus 1 year"
        ExpiresByType image/png "access plus 1 year"
        ExpiresByType image/gif "access plus 1 year"
        ExpiresByType text/css "access plus 1 month"
        ExpiresByType application/javascript "access plus 1 month"
    </IfModule>


    # Security headers
    <IfModule mod_headers.c>
        Header set X-Content-Type-Options "nosniff"
#        Header set X-Frame-Options "SAMEORIGIN"
        Header set X-XSS-Protection "1; mode=block"
        Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
    </IfModule>


    # Enable logging
    # Log to standard output (stdout)
    CustomLog /proc/self/fd/1 common
    ErrorLog /proc/self/fd/2

</VirtualHost>

ServerSignature Off
ServerTokens Prod

If any of these lines are changed, it also ends in a redirect loop

<VirtualHost *:80>
    ServerName smartreparatur.at
    Redirect permanent / https://www.smartreparatur.at
</VirtualHost>

<VirtualHost *:80>
    ServerName https://www.smartreparatur.at
#    ServerAlias https://smartreparatur.at

According to the Apache documentation, the ServerName should never include the protocol but if it is removed, it ends in a redirect loop.

It seems like Apache wants to handle SSL which is not necessary since all of it is done by the Caddy reverse proxy.

d. My complete Caddy config:

cat Caddyfile.autosave inside the Caddy reverse proxy Docker container. This config is built based on the labels specified in the compose.yaml

netswerk.vanill.at, api.vanill.at, config.vanill.at {
        header {
                Server
        }
        reverse_proxy 172.18.0.2
}
phpmyadmin-staging.smartreparatur.at {
        reverse_proxy 172.18.0.9
}
phpmyadmin.smartreparatur.at {
        header {
                Server
        }
        reverse_proxy 172.18.0.6
}
phpmyadmin.vanill.at {
        header {
                Server
        }
        reverse_proxy 172.18.0.3
}
smartreparatur.at, www.smartreparatur.at {
        header {
                Server
        }
        reverse_proxy 172.18.0.7
}
staging.smartreparatur.at {
        header {
                Server
        }
        reverse_proxy 172.18.0.8
}

5. Links to relevant resources:

The PHP-FPM-APACHE Docker image used

The Caddy reverse proxy used

2

Exactly. Make :80 serve content in your Apache config, remove the Redirect from :80. Caddy proxies over HTTP on port 80.

1 Like
3

Hello,

sorry for my stupid question but how can I do this concretely?

This is my current compose.yaml to set up the Apache PHP-FPM container

---
services:
  web:
    image: shinsenter/php:8.3-fpm-apache
    container_name: PHPFPM-APACHE-NETSWERK-DEMO
    volumes:
      - /srv/lcmp_netswerk_demo/www/public_html:/var/www/html
      - /srv/lcmp_netswerk_demo/custom.conf:/etc/apache2/custom.d/custom.conf
    networks:
      - internal
      - caddy
    labels:
      caddy: demo.vanill.at
      caddy.reverse_proxy: "{{upstreams}}"
      caddy.header.Server: ""
      caddy.header.X-Forwarded-Proto: "https"
#      caddy.reverse_proxy.header_up.X-Forwarded-Proto: "{https}"

    environment:
      PHP_DISPLAY_ERRORS: "1"
      PHP_ERROR_ERROR_REPORTING: "-1"
      PHP_POST_MAX_SIZE: "1100M"
      PHP_UPLOAD_MAX_FILESIZE: "1000M"
      PHP_MAX_INPUT_VARS: "10000"
      PHP_SHORT_OPEN_TAG: "1"
      PHP_MAX_EXECUTION_TIME: "1000"
      PHP_MAX_INPUT_TIME: "1000"
      DEBUG: "1"
networks:
  caddy:
    external: true
  internal:
    driver: bridge
volumes:
  mysqldata: {}

this is my current custom.conf which is loaded into the Apache PHP-FPM container via the volume mount

# Disable automatic trailing slash redirect
DirectorySlash Off

# Enable Gzip compression
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/$</IfModule>

<Directory /var/www/html>
    DirectoryIndex index.php
    Options FollowSymLinks
    AllowOverride All
    Require all granted

    # Serve static files directly
    <FilesMatch "\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|otf|eot|json|map|txt|xml|webp|mp4|$        Require all granted
    </FilesMatch>
</Directory>

<IfModule remoteip_module>
    RemoteIPHeader X-Forwarded-For
    RemoteIPTrustedProxy 172.18.0.0/16
</IfModule>

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP:X-Forwarded-Proto} =https
    RewriteRule ^ - [E=HTTPS:on]
</IfModule>

# Enable logging to the default error log file
ErrorLog /proc/self/fd/2
#LogLevel debug

LogLevel rewrite:trace8

LogFormat "%{X-Forwarded-Proto}i" xfp
CustomLog ${APACHE_LOG_DIR}/access.log xfp

When I comment out the line

caddy.reverse_proxy.header_up.X-Forwarded-Proto: "{https}"

in the compose.yaml, I get the following error from the Caddy reverse proxy

{"level":"info","ts":1731861971.800034,"logger":"docker-proxy","msg":"Successfully configured","server":"localhost"}
{"level":"info","ts":1731861971.80113,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}

This is my current htaccess inside /var/www/html

RewriteEngine On
RewriteBase /

# Avoid HTTPS redirect loops by respecting X-Forwarded-Proto
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Skip redirection for existing files and directories
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]

# Skip redirection for common static assets
RewriteCond %{REQUEST_URI} \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|otf|eot|json|map|txt|xml$RewriteRule ^ - [L]

# Fallback to index.php for non-static and non-existing files
RewriteRule ^([^.]+)$ /index.php?node=$1 [QSA,L]

Removing the .htaccess doesn’t change anything, all the assets like .js and css files are stuck in a redirect loop

4

Remove this stuff, it’s useless. Caddy already sets the proxy header appropriately. See the docs: reverse_proxy (Caddyfile directive) — Caddy Documentation

That’s not an error. That’s a regular config reload. Look at the level, it’s info, not error.

Show an example request with curl -v.

1 Like
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.