Reverse proxy to nextcloud server not working

jalouke · February 6, 2021, 2:55am

1. Caddy version (`caddy version`):

v2.3.0

2. How I run Caddy:

a. System environment:

Proxmox ve 6.3 debian 10 container

b. Command:

sudo nano /etc/caddy/Caddyfile
sudo systemctl restart caddy
sudo systemctl status caddy

c. Service/unit/compose file:

n/a

d. My complete Caddyfile or JSON config:

{
    # email to use on Let's Encrypt
    email my-email@email.com

    # Uncomment for debug
    #acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
    #debug
}



# Add forward headers to requests
(theheaders) {
   header_up X-Forwarded-Ssl on
   header_up Host {host}
   header_up X-Real-IP {remote}
   header_up X-Forwarded-For {remote}
   header_up X-Forwarded-Port {server_port}
   header_up X-Forwarded-Proto {scheme}
   header_up X-Url-Scheme {scheme}
   header_up X-Forwarded-Host {host}
}


my-domain.com, www.my-domain.com {
    root * /usr/share/caddy
    file_server
    encode gzip
}

cloud.my-domain.com, www.cloud.my-domain.com {
    encode gzip
    reverse_proxy 192.168.10.82 {
        import theheaders
    }
}

3. The problem I’m having:

I am trying to proxy the cloud. sub-domain to the IP address of my nextcloud server.

4. Error messages and/or full log output:

This page isn’t working

cloud.my-domain.com redirected you too many times.

[Try clearing your cookies].

ERR_TOO_MANY_REDIRECTS

5. What I already tried:

I have tried adding port 80, port 443, transparent, tls_insecure_skip_verify, etc.

the closest I have gotten to success is an HTTP 502 error. I can successfully access nextcloud via the local IP. my nextcloud server was also able to obtain a letsencrypt certificate using certbot, and according to ssllabs.com my sub-domain has a proper certificate. I am able to access my main domain with https and it reads the default caddy splash page.

please help me… I have been beating my head against my keyboard for 3 days (not literally beating my head, but you get the idea).

6. Links to relevant resources:

francislavoie · February 6, 2021, 3:34am

jalouke:

(theheaders) {
   header_up X-Forwarded-Ssl on
   header_up Host {host}
   header_up X-Real-IP {remote}
   header_up X-Forwarded-For {remote}
   header_up X-Forwarded-Port {server_port}
   header_up X-Forwarded-Proto {scheme}
   header_up X-Url-Scheme {scheme}
   header_up X-Forwarded-Host {host}
}

You don’t need any of this stuff. Caddy sets the appropriate headers already, automatically. These lines will become a warning in the next version, so remove them.

If you make a request to your server with curl -v, what do you see? What does the redirect look like?

The redirect is almost certainly coming from Nextcloud. Make sure it’s correctly configured for being behind a proxy.

jalouke · February 7, 2021, 5:41pm

you were right, it had nothing to do with Caddy. for the record, I removed the lines you mentioned from my CaddyFile.

The fix on the nextcloud side involved removing the rewriterule and rewritecond lines from the Virtualhost:80 block in the nextcloud.conf file.

jalouke · February 7, 2021, 6:16pm

weell almost, but not quite… technically it worked, but I am having an issue that I think now is related to Caddy:

I am getting the following warnings in nextcloud, and I don’t quite know how to implement the fix for it (I already have the appropriate fix implemented on the nextcloud/apache side from here)

errors:
Your web server is not properly set up to resolve "/.well-known/caldav".
Your web server is not properly set up to resolve "/.well-known/carddav".
fix:
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule ^\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
  RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav [R=301,L]
  RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav [R=301,L]
</IfModule>

I tried to apply the appropriate lines in this post:
https://caddy.community/t/dockerised-nextcloud-apache-web-server-behind-a-caddy-reverse-proxy/9367

redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301

but now I get a redirect error again ( I am aware that these are redirect calls, but I don’t understand how they are creating a redirect loop)

As I am sure you have noticed I am new to all of this. Thank you for your help!

francislavoie · February 7, 2021, 7:52pm

You probably want a rewrite?

rewrite /.well-known/carddav /remote.php/dav
rewrite /.well-known/caldav /remote.php/dav

@basil any thoughts?

basil · February 7, 2021, 10:36pm

@jalouke If you’re using Nextcloud in a Docker container using the base Apache image. the Caddyfile code block below should be sufficient.

cloud.my-domain.com {
  encode gzip
  reverse_proxy http://192.168.10.82

  redir /.well-known/carddav /remote.php/carddav 301
  redir /.well-known/caldav /remote.php/caldav 301
}

Are you using Cloudflare for DNS hosting? If so, make sure your encryption mode is set to Full(strict) and not Flexible otherwise you will get a redirect loop error https://support.cloudflare.com/hc/en-us/articles/115000219871-Troubleshooting-redirect-loop-errors-

jalouke · February 8, 2021, 1:26am

That is what did it! changing from redir 301 to rewrite solved the errors.

Thank you so much!

system · March 8, 2021, 2:56am

This topic was automatically closed after 30 days. New replies are no longer allowed.