1. The problem I’m having:
I have a server with a public IP address and another machine which is behind a NAT. This machine has a Nextcloud instance I’d like to publish. My idea is to use Tailscale to bypass the NAT and then Caddy to proxy a subdomain. I’m using Caddy both on the server as a proxy as well as on the machine to connect to php_fastcgi
.
The problem I’m facing is that the machine doesn’t have a way to generate the SSL.
I can’t figure out the problem, even if I use tls crt key
I’m still unable to get the SSL working. I’m sure that this configuration is correct because if I put it on the server with tls email
I can successfully access the Nextcloud.
2. Error messages and/or full log output:
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
3. Caddy version:
caddy:2.6.4-alpine
4. How I installed and ran Caddy:
a. System environment:
I’m running Caddy on Docker Compose.
b. Command:
c. Service/unit/compose file:
caddy:
image: caddy:2.6.4-alpine
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- $PWD/Caddyfile:/etc/caddy/Caddyfile
- $PWD/caddy_data:/data
- $PWD/caddy_config:/config
- ./nextcloud/html:/nextcloud/var/www/html
- ./nextcloud/data:/nextcloud/var/www/html/data
- ./nextcloud/custom_apps:/nextcloud/var/www/html/custom_apps
- ./ssl:/ssl
d. My complete Caddy config:
https://* {
tls internal
encode gzip
root * /nextcloud/var/www/html
file_server
php_fastcgi nextcloud:9000
{
root /var/www/html
env front_controller_active true
}
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
respond @forbidden 404
}