Reverse proxy redirecting to internal url

1. Output of caddy version:

v2.5.2 h1:eCJdLyEyAGzuQTa5Mh3gETnYWDClo1LjtQm2q9RNZrs=

2. How I run Caddy:

docker-compose home built dockerfile for caddy-docker-proxy

FROM caddy:builder AS builder

RUN caddy-builder github.com/caddy-dns/cloudflare github.com/lucaslorentz/caddy-docker-proxy/plugin

FROM caddy:2-alpine

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

CMD ["caddy", "docker-proxy"]

caddy-docker-proxy format labels.

 labels:
      - com.centurylinklabs.watchtower.enable=false
      - caddy=*.drogo-internal.andc.nz
      - caddy.@nextcloud=host nextcloud.drogo-internal.andc.nz
      - caddy.reverse_proxy=@nextcloud "{{ upstreams 80 }}"

Linked to an argo tunnel from https://cloud.andc.nz

With an http host header:


As per what I figured out as part of Caddy (caddy-docker-proxy) returning 0 status - Help - Caddy Community

a. System environment:

Ubuntu LTS 20.04

Client:
Version: 18.06.1-ce
API version: 1.38
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:25:03 2018
OS/Arch: linux/amd64
Experimental: true

Server:
Engine:
Version: 18.06.1-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:23:27 2018
OS/Arch: linux/amd64
Experimental: false

b. Command:

n/a docker compose

c. Service/unit/compose file:

services:
  caddy:
    container_name: caddy
    restart: always
    mem_limit: 75m
    labels:
      - com.centurylinklabs.watchtower.enable=false
    build:
      context: "/hdd/docker-data/network_access/caddy/docker/"
      dockerfile: dockerfile
    environment:
      - ACME_AGREE=true
      - LETSENCRYPT_EMAIL=letsencrypt@andc.nz
      - CLOUDFLARE_EMAIL=cloudflare@andc.nz
      - CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY}
      - CADDY_INGRESS_NETWORKS=caddy-proxy
      - CADDY_DOCKER_CADDYFILE_PATH=/etc/caddy/Caddyfile
    networks:
      - caddy-proxy
    ports:
      - 2019:2019
      - 443:443
      - 8480:8480
      - 8443:8443
    dns:
      - 192.168.10.1
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - "/hdd/docker-data/network_access/caddy/:/etc/caddy/"
      - caddy-data:/data

networks:
  caddy-proxy:
    driver: bridge
    external: true

volumes:
  caddy-data:

d. My complete Caddy config:

Copy of autosave.conf

{
	"admin": {
		"listen": "tcp/localhost:2019"
	},
	"apps": {
		"http": {
			"servers": {
				"srv0": {
					"errors": {
						"routes": [
							{
								"handle": [
									{
										"handler": "subroute",
										"routes": [
											{
												"handle": [
													{
														"body": "{http.error.status_code} {http.error.status_text}",
														"handler": "static_response"
													}
												]
											}
										]
									}
								],
								"match": [
									{
										"host": [
											"*.drogo-internal.andc.nz"
										]
									}
								],
								"terminal": true
							}
						]
					},
					"listen": [
						":443"
					],
					"logs": {},
					"routes": [
						{
							"handle": [
								{
									"handler": "subroute",
									"routes": [
										{
											"handle": [
												{
													"error": "Unauthorized",
													"handler": "error",
													"status_code": 403
												}
											],
											"match": [
												{
													"path": [
														"/*"
													]
												}
											]
										}
									]
								}
							],
							"match": [
								{
									"host": [
										"drogo-internal.andc.nz"
									]
								}
							],
							"terminal": true
						},
						{
							"match": [
								{
									"host": [
										"internal.andc.nz"
									]
								}
							],
							"terminal": true
						},
						{
							"handle": [
								{
									"handler": "subroute",
									"routes": [
										{
											"handle": [
												{
													"handler": "reverse_proxy",
													"upstreams": [
														{
															"dial": "172.26.0.8:80"
														}
													]
												}
											],
											"match": [
												{
													"host": [
														"nextcloud.drogo-internal.andc.nz"
													]
												}
											]
										},
										{
											"handle": [
												{
													"handler": "reverse_proxy",
													"upstreams": [
														{
															"dial": "172.26.0.6:2342"
														}
													]
												}
											],
											"match": [
												{
													"host": [
														"photos.drogo-internal.andc.nz"
													]
												}
											]
										},
										{
											"handle": [
												{
													"handler": "reverse_proxy",
													"upstreams": [
														{
															"dial": "172.26.0.7:7878"
														}
													]
												}
											],
											"match": [
												{
													"host": [
														"radarr.drogo-internal.andc.nz"
													]
												}
											]
										},
										{
											"handle": [
												{
													"handler": "reverse_proxy",
													"upstreams": [
														{
															"dial": "172.26.0.5:8989"
														}
													]
												}
											],
											"match": [
												{
													"host": [
														"sonarr.drogo-internal.andc.nz"
													]
												}
											]
										},
										{
											"handle": [
												{
													"handler": "reverse_proxy",
													"upstreams": [
														{
															"dial": "172.26.0.4:8082"
														}
													]
												}
											],
											"match": [
												{
													"host": [
														"traccar.drogo-internal.andc.nz"
													]
												}
											]
										}
									]
								}
							],
							"match": [
								{
									"host": [
										"*.drogo-internal.andc.nz"
									]
								}
							],
							"terminal": true
						},
						{
							"handle": [
								{
									"handler": "subroute",
									"routes": [
										{
											"handle": [
												{
													"handler": "reverse_proxy",
													"upstreams": [
														{
															"dial": "172.26.0.3:80"
														}
													]
												}
											],
											"match": [
												{
													"host": [
														"reader.internal.andc.nz"
													]
												}
											]
										}
									]
								}
							],
							"match": [
								{
									"host": [
										"*.internal.andc.nz"
									]
								}
							],
							"terminal": true
						}
					]
				}
			}
		},
		"tls": {
			"automation": {
				"policies": [
					{
						"issuers": [
							{
								"challenges": {
									"dns": {
										"provider": {
											"api_token": "redacted",
											"name": "cloudflare"
										}
									}
								},
								"email": "letsencrypt@andc.nz",
								"module": "acme"
							},
							{
								"challenges": {
									"dns": {
										"provider": {
											"api_token": "redacted",
											"name": "cloudflare"
										}
									}
								},
								"email": "letsencrypt@andc.nz",
								"module": "zerossl"
							}
						],
						"subjects": [
							"drogo-internal.andc.nz",
							"internal.andc.nz",
							"*.drogo-internal.andc.nz",
							"*.internal.andc.nz"
						]
					}
				]
			}
		}
	}
}

3. The problem I’m having:

When i navigate to https://cloud.andc.nz I get redirected to https://nextcloud.drogo-internal.andc.nz
It doesn’t affect functionality, but I’d rather not have my internal name exposed.
I added this extra step to the argo, as it works as advertised when I set the internal service to my local http://drogo.andc.nz:8090 - but preferred that argo connected via ssl through caddy, so that tunnel traffic was encrypted.

4. Error messages and/or full log output:

I think these are the relevant log entries

{"level":"info","ts":1662164216.8670776,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"172.26.0.1","remote_port":"57650","proto":"HTTP/1.1","method":"GET","host":"nextcloud.drogo-internal.andc.nz","uri":"/","headers":{"Cdn-Loop":["cloudflare"],"Cf-Warp-Tag-Id":["d242ff85-d2b1-46d6-98aa-42974293742948"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Site":["none"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Cf-Ray":["744a4cb2082bab05-SYD"],"X-Forwarded-Host":["cloud.andc.nz"],"Dnt":["1"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua":["\"Chromium\";v=\"104\", \" Not A;Brand\";v=\"99\", \"Microsoft Edge\";v=\"104\""],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36 Edg/104.0.1293.63"],"Accept-Encoding":["gzip"],"Accept-Language":["en-NZ,en;q=0.9"],"Cf-Connecting-Ip":["203.86.195.69"],"Cf-Ipcountry":["NZ"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Connection":["keep-alive"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Upgrade-Insecure-Requests":["1"],"X-Forwarded-For":["203.86.195.69"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.drogo-internal.andc.nz"}},"user_id":"","duration":0.06419323,"size":0,"status":302,"resp_headers":{"Location":["https://nextcloud.drogo-internal.andc.nz/login"],"Cache-Control":["no-store, no-cache, must-revalidate"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"],"X-Download-Options":["noopen"],"X-Frame-Options":["SAMEORIGIN"],"X-Permitted-Cross-Domain-Policies":["none"],"Referrer-Policy":["no-referrer"],"Date":["Sat, 03 Sep 2022 00:16:56 GMT"],"X-Content-Type-Options":["nosniff"],"X-Robots-Tag":["none"],"Server":["Caddy","nginx/1.18.0"],"Content-Type":["text/html; charset=UTF-8"],"Set-Cookie":[],"X-Xss-Protection":["1; mode=block"],"Pragma":["no-cache"],"Content-Security-Policy":["default-src 'self'; script-src 'self' 'nonce-TDd5RWlZbW1OanpUdWRBdFprei9kSXZ0UFFpZDBqWnh0dE50Z3lBanRQdz06RzR2Ujg5SHVmRnU1ek9COUNuWE5UUE9sVTIydnFFNUI5SkVtckZweWc3ST0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';"]}}

Paste logs/commands/output here.
USE THE PREVIEW PANE TO MAKE SURE IT LOOKS NICELY FORMATTED.



### 5. What I already tried:
<!-- Show us what effort you've put in to solving the problem. Be specific -- people are volunteering their time to help you! Low effort posts are not likely to get good answers! -->
all seems to be related possible to my error correction stuff as mentioned in: [Default error handing - example - subdomain not in added · Issue #396 · lucaslorentz/caddy-docker-proxy (github.com)](https://github.com/lucaslorentz/caddy-docker-proxy/issues/396)

And my other problem.


### 6. Links to relevant resources:

Hmm, I’m not seeing that. I see a 403 from Cloudflare:

$ curl -v https://cloud.andc.nz
*   Trying 104.21.87.204:443...
* Connected to cloud.andc.nz (104.21.87.204) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: May 11 00:00:00 2022 GMT
*  expire date: May 10 23:59:59 2023 GMT
*  subjectAltName: host "cloud.andc.nz" matched cert's "*.andc.nz"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55f594689e80)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: cloud.andc.nz
> user-agent: curl/7.81.0
> accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 403 
< date: Sat, 03 Sep 2022 03:16:01 GMT
< content-type: text/plain; charset=UTF-8
< content-length: 16
< x-frame-options: SAMEORIGIN
< referrer-policy: same-origin
< cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< expires: Thu, 01 Jan 1970 00:00:01 GMT
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PH2ei%2FMVp6c1qxhwOYyILdYTtZjh08SSOA0kkyabVyKINuLLgRGsiwUvrfV5C5R27Q7HEI7VOE9AfUk3vKNqUZxOq8qRPZS%2FI4XAthvBanSe75%2BkUS6fQtV8Kl8ZUAId"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 744b53056dffa07a-SLC
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
< 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host cloud.andc.nz left intact

*   Trying 172.67.145.243:443...
* TCP_NODELAY set
* Connected to cloud.andc.nz (172.67.145.243) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: May 11 00:00:00 2022 GMT
*  expire date: May 10 23:59:59 2023 GMT
*  subjectAltName: host "cloud.andc.nz" matched cert's "*.andc.nz"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5584fd088210)
> GET / HTTP/2
> Host: cloud.andc.nz
> user-agent: curl/7.68.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 302 
< date: Sat, 03 Sep 2022 03:29:10 GMT
< content-type: text/html; charset=UTF-8
< location: https://nextcloud.drogo-internal.andc.nz/login
< cache-control: no-store, no-cache, must-revalidate
< content-security-policy: default-src 'self'; script-src 'self' 'nonce-L3B5N1k3RUNkMlE4a0svRkFsaE9ORnM5RThPcWtuSlN1YlMvcFVRTjlFOD06cXN2NEROMTJGbFZkMjh5SVRERW5kM1JVSnZQWjlVRTN5KzZNeURBL2xTcz0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< pragma: no-cache
< referrer-policy: no-referrer
< set-cookie: oc_sessionPassphrase=%2BHAbZEv6dFdgbatzLOty3ZKVzzT%2F4hv8ejcwGJV1JGFy5N15yyauqFETVEsCJl9pLTyIgLsL7tdeznDFFFGj6bpsLgOmFD2Oj46qvsELphhAyYRNb9mQMMMALv5I8ibc; path=/; secure; HttpOnly; SameSite=Lax
< set-cookie: ocmapm570nzm=i7rnbe9aqfpb8gqneo6hp9kabj; path=/; secure; HttpOnly; SameSite=Lax
< set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
< set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
< x-content-type-options: nosniff
< x-download-options: noopen
< x-frame-options: SAMEORIGIN
< x-permitted-cross-domain-policies: none
< x-robots-tag: none
< x-xss-protection: 1; mode=block
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YmaPVbvZ5MKbbgdGrvFzrx5kM6T26fhJkVfRtC3pa8A6zBh7hO5Aagjg2VlhAnQg92%2FFLvRVt%2FJXC9cWW8XTBSqrVm%2FPtOFiGpwGOaUKT7zHe3CllOwFfu%2BkdUgns9RB"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 744b6649bee1dfbd-SYD
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
< 
* Connection #0 to host cloud.andc.nz left intact

I think I have some default cloudflare fw rules blocking traffic from anywhere but NZ

Any further thoughts from the logs? Or do I have to unblock the firewall rule?

You’ll need to configure Nextcloud to trust requests coming from Caddy’s IP address (i.e. its docker IP address) so that it actually looks at the X-Forwarded-Host header to get the correct hostname to redirect to. See their docs: Reverse proxy — Nextcloud latest Administration Manual latest documentation

Not sure that helped.

"level":"info","ts":1662196357.9645574,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.10.190","remote_port":"58958","proto":"HTTP/2.0","method":"GET","host":"nextcloud.drogo-internal.andc.nz","uri":"/apple-touch-icon-152x152-precomposed.png","headers":{"User-Agent":["MobileSafari/8613.2.7.0.7 CFNetwork/1333.0.4 Darwin/21.5.0"],"Accept":["*/*"],"Accept-Language":["en-AU,en;q=0.9"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"nextcloud.drogo-internal.andc.nz"}},"user_id":"","duration":0.067158454,"size":0,"status":302,"resp_headers":{"X-Download-Options":["noopen"],"X-Frame-Options":["SAMEORIGIN"],"Date":["Sat, 03 Sep 2022 09:12:37 GMT"],"X-Content-Type-Options":["nosniff"],"Server":["Caddy","nginx/1.18.0"],"Pragma":["no-cache"],"Location":["https://nextcloud.drogo-internal.andc.nz/login"],"Content-Type":["text/html; charset=UTF-8"],"Cache-Control":["no-store, no-cache, must-revalidate"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"],"Content-Security-Policy":["default-src 'self'; script-src 'self' 'nonce-SnRZOEgzT1QrUDRITEI4bDc1bmZqUk0zSEI2bGJ1dFVGRGErQlZ4QWthdz06VlpKcWJ4TG10Y3hSV2taeXRzNlUvMnBuY25UQ0o0NFlUQjNFVkJRbHV2UT0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';"],"X-Permitted-Cross-Domain-Policies":["none"],"X-Robots-Tag":["none"],"Referrer-Policy":["no-referrer"],"X-Xss-Protection":["1; mode=block"],"Set-Cookie":[]}}
{"level":"info","ts":1662196358.0861208,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.10.190","remote_port":"58958","proto":"HTTP/2.0","method":"GET","host":"nextcloud.drogo-internal.andc.nz","uri":"/login","headers":{"User-Agent":["MobileSafari/8613.2.7.0.7 CFNetwork/1333.0.4 Darwin/21.5.0"],"Accept-Language":["en-AU,en;q=0.9"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":[],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"nextcloud.drogo-internal.andc.nz"}},"user_id":"","duration":0.099248249,"size":4305,"status":200,"resp_headers":{"Content-Type":["text/html; charset=UTF-8"],"Feature-Policy":["autoplay 'self';camera 'none';fullscreen 'self';geolocation 'self';microphone 'none';payment 'none'"],"Content-Length":["4305"],"X-Download-Options":["noopen"],"Content-Encoding":["gzip"],"X-Robots-Tag":["none","none"],"X-Permitted-Cross-Domain-Policies":["none"],"Pragma":["no-cache"],"X-Content-Type-Options":["nosniff"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"],"Referrer-Policy":["no-referrer"],"Server":["Caddy","nginx/1.18.0"],"X-Frame-Options":["SAMEORIGIN"],"Cache-Control":["no-cache, no-store, must-revalidate"],"Date":["Sat, 03 Sep 2022 09:12:38 GMT"],"Content-Security-Policy":["default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self'"],"X-Xss-Protection":["1; mode=block"]}}
{"level":"info","ts":1662196358.1861298,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.10.190","remote_port":"58958","proto":"HTTP/2.0","method":"GET","host":"nextcloud.drogo-internal.andc.nz","uri":"/apple-touch-icon-152x152.png","headers":{"Cookie":[],"Accept":["*/*"],"User-Agent":["MobileSafari/8613.2.7.0.7 CFNetwork/1333.0.4 Darwin/21.5.0"],"Accept-Language":["en-AU,en;q=0.9"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"nextcloud.drogo-internal.andc.nz"}},"user_id":"","duration":0.077030167,"size":0,"status":302,"resp_headers":{"X-Download-Options":["noopen"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"],"Date":["Sat, 03 Sep 2022 09:12:38 GMT"],"Pragma":["no-cache"],"Referrer-Policy":["no-referrer"],"Content-Type":["text/html; charset=UTF-8"],"X-Robots-Tag":["none"],"Location":["https://nextcloud.drogo-internal.andc.nz/login"],"Server":["Caddy","nginx/1.18.0"],"Content-Security-Policy":["default-src 'self'; script-src 'self' 'nonce-czBONElaRWp4MVVCd3dHL2d5R29jU0NsckFpKzRWSFN1d3MxTnpMZ05zaz06d0FjdVVmQldpbWRYdFZqbzJuYmpBMW4xd21MWnFEU2U0eUJQWm5xRkhaRT0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';"],"X-Permitted-Cross-Domain-Policies":["none"],"X-Frame-Options":["SAMEORIGIN"],"Cache-Control":["no-store, no-cache, must-revalidate"],"X-Content-Type-Options":["nosniff"],"X-Xss-Protection":["1; mode=block"]}}
{"level":"info","ts":1662196358.2717903,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.10.190","remote_port":"58958","proto":"HTTP/2.0","method":"GET","host":"nextcloud.drogo-internal.andc.nz","uri":"/login","headers":{"Accept":["*/*"],"User-Agent":["MobileSafari/8613.2.7.0.7 CFNetwork/1333.0.4 Darwin/21.5.0"],"Accept-Language":["en-AU,en;q=0.9"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":[]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"nextcloud.drogo-internal.andc.nz"}},"user_id":"","duration":0.080792249,"size":4305,"status":200,"resp_headers":{"Server":["Caddy","nginx/1.18.0"],"Date":["Sat, 03 Sep 2022 09:12:38 GMT"],"Content-Encoding":["gzip"],"Referrer-Policy":["no-referrer"],"Content-Length":["4305"],"X-Xss-Protection":["1; mode=block"],"Cache-Control":["no-cache, no-store, must-revalidate"],"X-Download-Options":["noopen"],"Content-Type":["text/html; charset=UTF-8"],"Content-Security-Policy":["default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self'"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"],"Feature-Policy":["autoplay 'self';camera 'none';fullscreen 'self';geolocation 'self';microphone 'none';payment 'none'"],"X-Permitted-Cross-Domain-Policies":["none"],"X-Robots-Tag":["none","none"],"X-Content-Type-Options":["nosniff"],"Pragma":["no-cache"],"X-Frame-Options":["SAMEORIGIN"]}}
{"level":"info","ts":1662198494.8845956,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"172.26.0.1","remote_port":"47318","proto":"HTTP/1.1","method":"GET","host":"nextcloud.drogo-internal.andc.nz","uri":"/","headers":{"Cf-Ipcountry":["NZ"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Connection":["keep-alive"],"X-Forwarded-For":["203.86.195.69"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15"],"Cf-Warp-Tag-Id":["d242ff85-d2b1-46d6-98aa-5a920fb2532a"],"Cdn-Loop":["cloudflare"],"Cf-Connecting-Ip":["203.86.195.69"],"Cookie":[],"Priority":["u=0, i"],"X-Forwarded-Proto":["https"],"Accept-Encoding":["gzip"],"Accept-Language":["en-AU,en;q=0.9"],"Cf-Ray":["744d918ffeb3a7fc-SYD"],"X-Forwarded-Host":["cloud.andc.nz"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.drogo-internal.andc.nz"}},"user_id":"","duration":0.06090422,"size":0,"status":302,"resp_headers":{"X-Robots-Tag":["none"],"Cache-Control":["no-store, no-cache, must-revalidate"],"Set-Cookie":[],"Content-Security-Policy":["default-src 'self'; script-src 'self' 'nonce-VlBYYzlYQUZoNGZoQXdWV2ovVjIwTXR4TDZGbTZPR05KSVQxVlE1bTkwaz06SklDYXVBVTg2K1RSZVd3R3ZwTVN2SUZJRnVJanNLN2pVdStHSmtvRXBnVT0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';"],"X-Frame-Options":["SAMEORIGIN"],"Server":["Caddy","nginx/1.18.0"],"Pragma":["no-cache"],"X-Xss-Protection":["1; mode=block"],"Referrer-Policy":["no-referrer"],"Location":["https://nextcloud.drogo-internal.andc.nz/login"],"Date":["Sat, 03 Sep 2022 09:48:14 GMT"],"X-Content-Type-Options":["nosniff"],"X-Permitted-Cross-Domain-Policies":["none"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"],"X-Download-Options":["noopen"],"Content-Type":["text/html; charset=UTF-8"]}}
{"level":"info","ts":1662199220.4186609,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.10.190","remote_port":"59535","proto":"HTTP/2.0","method":"GET","host":"nextcloud.drogo-internal.andc.nz","uri":"/login","headers":{"Accept-Encoding":["gzip, deflate, br"],"Cookie":[],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15"],"Accept-Language":["en-AU,en;q=0.9"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"nextcloud.drogo-internal.andc.nz"}},"user_id":"","duration":0.095147882,"size":5850,"status":200,"resp_headers":{"Feature-Policy":["autoplay 'self';camera 'none';fullscreen 'self';geolocation 'self';microphone 'none';payment 'none'"],"X-Content-Type-Options":["nosniff"],"X-Xss-Protection":["1; mode=block"],"Cache-Control":["no-cache, no-store, must-revalidate"],"X-Permitted-Cross-Domain-Policies":["none"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"],"Set-Cookie":[],"Server":["Caddy","nginx/1.18.0"],"Pragma":["no-cache"],"Content-Security-Policy":["default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-RzBXRVVPMGM3bEpKSXYvUDZVVWQ3RHE4cXhvazRRUTlwaUVtOTJ6MlNxWT06ZkNDM0pxOXdoelE4R29XY2lndEtpSHZVbldKb3RVb0w0bXRsbndDNUdNaz0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self'"],"Content-Type":["text/html; charset=UTF-8"],"X-Download-Options":["noopen"],"X-Frame-Options":["SAMEORIGIN"],"Date":["Sat, 03 Sep 2022 10:00:20 GMT"],"Content-Length":["5850"],"Content-Encoding":["gzip"],"X-Robots-Tag":["none","none"],"Referrer-Policy":["no-referrer"]}}
{"level":"info","ts":1662199222.20027,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.10.190","remote_port":"59535","proto":"HTTP/2.0","method":"GET","host":"nextcloud.drogo-internal.andc.nz","uri":"/login","headers":{"Accept-Language":["en-AU,en;q=0.9"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":[],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"nextcloud.drogo-internal.andc.nz"}},"user_id":"","duration":0.06795337,"size":5847,"status":200,"resp_headers":{"Content-Length":["5847"],"Pragma":["no-cache"],"Referrer-Policy":["no-referrer"],"Content-Type":["text/html; charset=UTF-8"],"X-Xss-Protection":["1; mode=block"],"Content-Security-Policy":["default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-YVVWN2JhQ2tsMTRwUmpkblpuNVhWSnp5dW5qQVNXSXNaeXhRL2EyQ0wraz06RGlCSUcrTEkvamhjZmswMEJUQUFNTjJhakFDTUhTd2FJMllUbGNITmZZWT0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self'"],"X-Robots-Tag":["none","none"],"X-Frame-Options":["SAMEORIGIN"],"Cache-Control":["no-cache, no-store, must-revalidate"],"X-Download-Options":["noopen"],"Server":["Caddy","nginx/1.18.0"],"Feature-Policy":["autoplay 'self';camera 'none';fullscreen 'self';geolocation 'self';microphone 'none';payment 'none'"],"X-Permitted-Cross-Domain-Policies":["none"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"],"Content-Encoding":["gzip"],"Date":["Sat, 03 Sep 2022 10:00:22 GMT"],"X-Content-Type-Options":["nosniff"]}}

I dont know what times these records are for but the last one should be just now.

Looks like you’re proxying to an nginx server. Make sure it also passes through the X-Forwarded-Host header to Nextcloud.

Ultimately, this isn’t an issue with Caddy. Caddy is working as intended here. You need to make sure everything upstream of Caddy is configured correctly.

Yeah so I’m out - and I can see that I’m being passed from caddy to the internal caddy. And that is not accessible from the internet.

So much be something with that cloudflare “proxying”

There’s some caching happening somewhere.

I went to cloudflare and set it back to the internal http port for Nextcloud and got the logging screen as expected.

So had another go at setting it to the caddy proxy (Nextcloud.drogo-internal.andc.nz). That gave me the blank page again. Then I added that http header in cloudflare again back to that internal caddy name. And it worked again. No redirection to the internal caddy name. So I wonder if that will change to a 302 redirection later on.

Not sure what you guys get if you try it now. But I think that cloudflare firewall rule will take effect

I realise it’s not a caddy issue as such. But it’s related to proxying so I’m hoping you can help.