Reverse proxy to nextcloud server not working

1. Caddy version (caddy version):


2. How I run Caddy:

a. System environment:

Proxmox ve 6.3 debian 10 container

b. Command:

sudo nano /etc/caddy/Caddyfile
sudo systemctl restart caddy
sudo systemctl status caddy

c. Service/unit/compose file:


d. My complete Caddyfile or JSON config:

    # email to use on Let's Encrypt

    # Uncomment for debug

# Add forward headers to requests
(theheaders) {
   header_up X-Forwarded-Ssl on
   header_up Host {host}
   header_up X-Real-IP {remote}
   header_up X-Forwarded-For {remote}
   header_up X-Forwarded-Port {server_port}
   header_up X-Forwarded-Proto {scheme}
   header_up X-Url-Scheme {scheme}
   header_up X-Forwarded-Host {host}
}, {
    root * /usr/share/caddy
    encode gzip
}, {
    encode gzip
    reverse_proxy {
        import theheaders

3. The problem I’m having:

I am trying to proxy the cloud. sub-domain to the IP address of my nextcloud server.

4. Error messages and/or full log output:

This page isn’t working redirected you too many times.

  • [Try clearing your cookies].


5. What I already tried:

I have tried adding port 80, port 443, transparent, tls_insecure_skip_verify, etc.

the closest I have gotten to success is an HTTP 502 error. I can successfully access nextcloud via the local IP. my nextcloud server was also able to obtain a letsencrypt certificate using certbot, and according to my sub-domain has a proper certificate. I am able to access my main domain with https and it reads the default caddy splash page.

please help me… I have been beating my head against my keyboard for 3 days (not literally beating my head, but you get the idea).

6. Links to relevant resources:

You don’t need any of this stuff. Caddy sets the appropriate headers already, automatically. These lines will become a warning in the next version, so remove them.

If you make a request to your server with curl -v, what do you see? What does the redirect look like?

The redirect is almost certainly coming from Nextcloud. Make sure it’s correctly configured for being behind a proxy.

you were right, it had nothing to do with Caddy. for the record, I removed the lines you mentioned from my CaddyFile.

The fix on the nextcloud side involved removing the rewriterule and rewritecond lines from the Virtualhost:80 block in the nextcloud.conf file.


weell almost, but not quite… technically it worked, but I am having an issue that I think now is related to Caddy:

I am getting the following warnings in nextcloud, and I don’t quite know how to implement the fix for it (I already have the appropriate fix implemented on the nextcloud/apache side from here)

Your web server is not properly set up to resolve "/.well-known/caldav".
Your web server is not properly set up to resolve "/.well-known/carddav".
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule ^\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
  RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav [R=301,L]

I tried to apply the appropriate lines in this post:

redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301

but now I get a redirect error again ( I am aware that these are redirect calls, but I don’t understand how they are creating a redirect loop)

As I am sure you have noticed I am new to all of this. Thank you for your help!

You probably want a rewrite?

rewrite /.well-known/carddav /remote.php/dav
rewrite /.well-known/caldav /remote.php/dav

@basil any thoughts?

@jalouke If you’re using Nextcloud in a Docker container using the base Apache image. the Caddyfile code block below should be sufficient. {
  encode gzip

  redir /.well-known/carddav /remote.php/carddav 301
  redir /.well-known/caldav /remote.php/caldav 301

Are you using Cloudflare for DNS hosting? If so, make sure your encryption mode is set to Full(strict) and not Flexible otherwise you will get a redirect loop error


That is what did it! changing from redir 301 to rewrite solved the errors.

Thank you so much!

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.