Settings up Nextcloud with Caddy in Docker

1. Caddy version (caddy version):

2.4.6

2. How I run Caddy:

a. System environment:

Docker

b. Command:

sudo docker-compose up -d

c. Service/unit/compose file:

services:
  caddy:
    image: caddy
    container_name: caddy
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - data:/data
      - config:/config
volumes:
  data:
  config:
networks:
  default:
    name: proxy

d. My complete Caddyfile or JSON config:

{
    debug
}
cloud.haddock.cc {
    reverse_proxy nextcloud:9000
}

3. The problem I’m having:

I’m trying to reverse proxy the official Nextcloud Docker image, and I’m just getting a grey screen when I go to my Nextcloud URL.

4. Error messages and/or full log output:

Caddy log

{"level":"info","ts":1641859477.4185688,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1641859477.4193442,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1641859477.4202936,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1641859477.420507,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000273c70"}
{"level":"info","ts":1641859477.420574,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1641859477.420765,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"debug","ts":1641859477.4210703,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
{"level":"debug","ts":1641859477.421109,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
{"level":"info","ts":1641859477.4211152,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["cloud.haddock.cc"]}
{"level":"debug","ts":1641859477.421389,"logger":"tls","msg":"loading managed certificate","domain":"cloud.haddock.cc","expiration":1649631219,"issuer_key":"acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/data/caddy"}
{"level":"debug","ts":1641859477.4216433,"logger":"tls.cache","msg":"added certificate to cache","subjects":["cloud.haddock.cc"],"expiration":1649631219,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"9338001c64c614abd47df3c501224d332ec4d172048a6f364a59456f24681747","cache_size":1,"cache_capacity":10000}
{"level":"info","ts":1641859477.4217043,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1641859477.4217923,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1641859477.4218013,"msg":"serving initial configuration"}
{"level":"info","ts":1641859477.4220183,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"debug","ts":1641859495.819337,"logger":"tls.handshake","msg":"choosing certificate","identifier":"cloud.haddock.cc","num_choices":1}
{"level":"debug","ts":1641859495.8193774,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"cloud.haddock.cc","subjects":["cloud.haddock.cc"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"9338001c64c614abd47df3c501224d332ec4d172048a6f364a59456f24681747"}
{"level":"debug","ts":1641859495.8193889,"logger":"tls.handshake","msg":"matched certificate in cache","subjects":["cloud.haddock.cc"],"managed":true,"expiration":1649631219,"hash":"9338001c64c614abd47df3c501224d332ec4d172048a6f364a59456f24681747"}
{"level":"debug","ts":1641859495.8281877,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"nextcloud:9000","duration":0.000762923,"request":{"remote_addr":"192.168.1.1:33922","proto":"HTTP/2.0","method":"GET","host":"cloud.haddock.cc","uri":"/","headers":{"Sec-Fetch-User":["?1"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":["__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; nc_username=admin; nc_token=b3wn452GKGDlOXPMVO49q%2B92KTgdL1tp; nc_session_id=5cfbvtei9hjkqf5mj2p5fs4vm1; authelia_session=P89I5i*u7XsMeVx9OiIm*asEXRUKHw%y; i18next=en-US; oc6mbe5vxaa7=hnb90f9hh1lktfn44p50i0h1cg; oc_sessionPassphrase=VbZci9j0godFQ6BfBYVN83%2FR3bluY6iAjlFl4AAcGtD60y9tDOUYmKBrRXM4SsH6Tx85wfo8DKcW8hk9VgwARg4V2oJlkkK0ZsrnYakZSUtqMaz4sIta3xR5qHr%2BNR7b; ocgiijrqfwz6=dcs7g46bg9v8e4hr46rllduv6m; oclw7focx2b5=76fr8dlilnsq1hcdfnhvdditgv;oc7q59qugbbx=8g9co5gasf4vb7eujj56tanffs; ocr4joi5lllq=stjojcb7qo143u2nphqes8clta; ockb818hs8g0=r5bnge13pire30oskojc6fqv4i; oc5xvram9n0w=5cfbvtei9hjkqf5mj2p5fs4vm1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"Accept-Language":["en-US,en;q=0.5"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Te":["trailers"],"X-Forwarded-For":["192.168.1.1"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"cloud.haddock.cc"}},"error":"dial tcp 172.21.0.4:9000: connect: connection refused"}
{"level":"error","ts":1641859495.828301,"logger":"http.log.error","msg":"dial tcp 172.21.0.4:9000: connect: connection refused","request":{"remote_addr":"192.168.1.1:33922","proto":"HTTP/2.0","method":"GET","host":"cloud.haddock.cc","uri":"/","headers":{"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":["__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; nc_username=admin; nc_token=b3wn452GKGDlOXPMVO49q%2B92KTgdL1tp; nc_session_id=5cfbvtei9hjkqf5mj2p5fs4vm1; authelia_session=P89I5i*u7XsMeVx9OiIm*asEXRUKHw%y; i18next=en-US; oc6mbe5vxaa7=hnb90f9hh1lktfn44p50i0h1cg; oc_sessionPassphrase=VbZci9j0godFQ6BfBYVN83%2FR3bluY6iAjlFl4AAcGtD60y9tDOUYmKBrRXM4SsH6Tx85wfo8DKcW8hk9VgwARg4V2oJlkkK0ZsrnYakZSUtqMaz4sIta3xR5qHr%2BNR7b; ocgiijrqfwz6=dcs7g46bg9v8e4hr46rllduv6m; oclw7focx2b5=76fr8dlilnsq1hcdfnhvdditgv; oc7q59qugbbx=8g9co5gasf4vb7eujj56tanffs; ocr4joi5lllq=stjojcb7qo143u2nphqes8clta; ockb818hs8g0=r5bnge13pire30oskojc6fqv4i; oc5xvram9n0w=5cfbvtei9hjkqf5mj2p5fs4vm1"],"Accept-Language":["en-US,en;q=0.5"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"cloud.haddock.cc"}},"duration":0.00100219,"status":502,"err_id":"9ymnxyyb5","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}

curl -v output

*   Trying 71.212.165.162:80...
* Connected to cloud.haddock.cc (71.212.165.162) port 80 (#0)
> GET / HTTP/1.1
> Host: cloud.haddock.cc
> User-Agent: curl/7.81.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://cloud.haddock.cc/
< Server: Caddy
< Date: Mon, 10 Jan 2022 23:56:41 GMT
< Content-Length: 0
<
* Closing connection 0

5. What I already tried:

I tried using the FPM version of Nextcloud and using Caddy as a webserver, but every config file I found for doing that was outdated, or I wasn’t doing something right.

6. Links to relevant resources:

Nextcloud Docker image: Docker Hub

Also, here’s my Nextcloud compose file

services:
  app:
    image: nextcloud
    container_name: nextcloud
    restart: always
    volumes:
      - data:/var/www/html
    environment:
      - NEXTCLOUD_TRUSTED_DOMAINS=${URL}
      - NEXTCLOUD_ADMIN_USER=admin
      - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db
  db:
    image: mariadb
    container_name: nextcloud-db
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
volumes:
  data:
  db:
networks:
  default:
    name: proxy
    external: true

Are you sure the nextcloud container is listening on port 9000? Typically web server containers will listen on port 80 for HTTP requests.

You can see in the docs on Docker Hub for the nextcloud container, they suggest using -p 8080:80 to map port 8080 on the host machine to port 80 inside the container. So you should be using nextcloud:80 since you’re proxying from one container to another.

1 Like

Oh my god. I feel dumb. I remember seeing that port being used elsewhere and put it in here for some reason. Thank you.