[SOLVED] Subdomain and reverse_proxy config

1. Caddy version (caddy version):

Caddy version v2.2.1

2. How I run Caddy:

Docker on portainer

a. System environment:

Ubuntu 20.04.1 LTS

b. Command:

c. Service/unit/compose file:

Docker version 19.03.8

d. My complete Caddyfile or JSON config:

email [MYEMAIL]


root *  /var/www



reverse_proxy  localhost:9000

reverse_proxy  localhost:8080

3. The problem I’m having:

I have set 3 A domain in Server Zone DNS

All pointing to [MYIP]
I can reach [MYDOMAIN] and www.[MYDOMAIN] on browser but
portainer.[MYDOMAIN] and nextcloud.[MYDOMAIN] give me HTTP ERROR 502

4. Error messages and/or full log output:

{“level”:“error”,“ts”:1604688101.0248196,“logger”:“http.log.error”,“msg”:“dial tcp connect: connection refused”,“request”:{“remote_addr”:“”,“proto”:“HTTP/2.0”,“method”:“GET”,“host”:“nextcloud.[MYDOMAIN]”,“uri”:"/",“headers”:{“Cache-Control”:[“max-age=0”],“User-Agent”:[“Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36”],“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”],“Sec-Fetch-Site”:[“cross-site”],“Sec-Fetch-Dest”:[“document”],“Accept-Encoding”:[“gzip, deflate, br”],“Accept-Language”:[“it-IT,it;q=0.9”],“Upgrade-Insecure-Requests”:[“1”],“Sec-Fetch-Mode”:[“navigate”],“Sec-Fetch-User”:["?1"]},“tls”:{“resumed”:false,“version”:772,“cipher_suite”:4865,“proto”:“h2”,“proto_mutual”:true,“server_name”:“nextcloud.[MYDOMAIN]”}},“duration”:0.000933191,“status”:502,“err_id”:“n7s1hyaun”,“err_trace”:“reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:441)”}

5. What I already tried:

6. Links to relevant resources:

When running in docker, localhost points to the Caddy container itself, so you’re asking Caddy to connect to a service running on port 8080, in the Caddy container, which isn’t a thing.

Instead, you’ll want to use the container name, if it’s in the same docker network. Probably something like nextcloud:8080 for example.

hi, thank you for your reply, I did edited Caddyfile as suggested:

reverse_proxy nextcloud_app_1:8080

And even added the dockers to caddyserver default network.
I still getting HTTP ERROR 502
and the following log, from caddyserver docker:

{“level”:“error”,“ts”:1604691493.0354574,“logger”:“http.log.error”,“msg”:“dial tcp: lookup portainer on no such host”,“request”:{“remote_addr”:“”,“proto”:“HTTP/2.0”,“method”:“GET”,“host”:“portainer.[MYDOMAIN]”,“uri”:"/",“headers”:{“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”],“Sec-Fetch-Site”:[“cross-site”],“Sec-Fetch-User”:["?1"],“Sec-Fetch-Dest”:[“document”],“Accept-Language”:[“it-IT,it;q=0.9”],“Cache-Control”:[“max-age=0”],“User-Agent”:[“Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36”],“Accept-Encoding”:[“gzip, deflate, br”],“Upgrade-Insecure-Requests”:[“1”],“Sec-Fetch-Mode”:[“navigate”]},“tls”:{“resumed”:false,“version”:772,“cipher_suite”:4865,“proto”:“h2”,“proto_mutual”:true,“server_name”:“portainer.[MYDOMAIN]”}},“duration”:0.006948508,“status”:502,“err_id”:“5sa6mwsi7”,“err_trace”:“reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:441)”}

That’s the problem there, it doesn’t know how to resolve the name portainer to an IP address.

sorry, but I don’t get it, should I use an internal IP given by docker or else?
thanks for your patience

I don’t use portainer, so I can’t say how things are configured there, but you should use a name that will resolve to the IP of the container you want to proxy to. You could use the IP address directly, but there’s no guarantee that the IP won’t change later.

I don’t see what’s portainer’s role in managing IP, for what I understood is just a managing GUI.
Btw, I did insert the VPS IP in the Caddyfile and got me Error 502
I did use the IP of the local docker network and I still get Error 502

Yeah Portainer doesn’t manage any IPs, that’s all Docker. But you do decide the service names of the things you run in Portainer, no? Those service names are what Docker uses as DNS names that resolve to the IP of the containers.

Ok, I did use dockers names coming from portainers and even added them to caddyserver_web network,
it is currently working from portainer.[MYDOMAIN]
but still won’t work from nextcloud.[MYDOMAIN] errore 502

Are you sure you’re using the right port number? You need to use the port internal to the docker network, not the port being published to the host.

oh yes! That solved my problem, thank you so much for your help

1 Like

ive been having this same issue could you possibly share how you created your caddy network on portainer host. Im using portainer also and i cant find anwhere where they said how to make a network bridge with the ability to run other apps through caddy network bridge

Hi, dunno if this is the answer you are looking for, but what I did is just have dockers connecting to the caddyserver2_web network that was already created by Caddyserver Docker and everyghting seems to run smooth. Oh well, except for Nextcloud who’s opening on nextcloud.[MYDOMAIN] but then it raises a permission issue … but I think it has to do with nextcloud config

Could you please provide the docker hub link and docker-compose.yml. I have to use cloudflare with my install everything works fine but the local domain will not load or see it. Im pretty sure its because caddy cant show or see my docker containers on the outside. I know it has something to do with docker networks and caddy not fully synicng. My caddy2 install done here from this github maker from docker for cloudflare GitHub - mr-karan/caddy-plugins-docker: Docker image for Caddy with custom plugins baked into the image. there was no setup or install for networks. Could you possibly share your dockerfile or stack you used?

I did run caddyserver inside Portainer, from app template, and edited Caddyfile as mentioned in the first post

huh thats weird i dont get a network made by caddy by default could you possibly display more information without details like api key and others

This topic was automatically closed after 30 days. New replies are no longer allowed.