Sorry, I don’t know or use NextCloud, so I won’t be of much help. If it’s uncharted territory you might have to figure it out on your own!
I’m not going to read all 100+ posts in this thread, but, the last log message you posted:
no certificate available for 'cloud.haddock.cc'
means that there isn’t any certificate loaded for that domain name, and/or Caddy isn’t configured to serve that domain.
You can read how automatic HTTPS works here: Automatic HTTPS — Caddy Documentation
Ok thank you. I’ll look into that.
Did you maybe revert your Caddyfile to some version without cloud.haddock.cc as a site label, when you were moving back to Caddy in Docker possibly? Definitely double check the site address is present so Caddy knows to fetch/load a cert for it.
Whoops. I’m dumb. I commented out the Nextcloud part of my Caddyfile. It now looks like this, but I’m back to getting the white screen. Ugh.
{
#acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
cloud.{$DOMAIN} {
reverse_proxy nextcloud:443
}
git.{$DOMAIN} {
reverse_proxy gitea:3000
}
media.{$DOMAIN} {
reverse_proxy jellyfin:8096
}
wiki.{$DOMAIN} {
reverse_proxy bookstack:80
}
start.{$DOMAIN} {
reverse_proxy dashmachine:5000
}
watch.{$DOMAIN} {
reverse_proxy peertube:9000
}
admin.{$DOMAIN} {
reverse_proxy keycloak:8080
}
Error message:
{"level":"error","ts":1591577516.0544076,"logger":"http.log.error","msg":"x509: certificate signed by unknown authority","request":{"method":"GET","uri":"/","proto":"HTTP/2.0","remote_addr":"192.168.50.1:41454","host":"cloud.haddock.cc","headers":{"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":["__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oc_sessionPassphrase=jtGvwQ0k22QOmsGIjtQ9qY3MEURz04m8g90Jv29oH6qIV8Rqt6l2HcPf3tTHklOxFn0Iif3nw2YumdCRMskcwEFrMSZvobHzRxkYGR48gEfxC%2BU2fqtusxs5dko6k9ax; i18next=en-US; oc6mbe5vxaa7=hnb90f9hh1lktfn44p50i0h1cg; ocgiijrqfwz6=qkm9m4jmv2rkp9iadsg3lvnchr"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"cloud.haddock.cc"}},"duration":0.065108629,"status":502,"err_id":"y8ywep0r9","err_trace":"reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:380)"}
Ahh, we’re getting somewhere! Previously it was an issue with sending HTTPS requests to a HTTP listener.
Now we see this: certificate signed by unknown authority. That means Nextcloud is now serving HTTPS on port 443, but it will be self-signed (untrusted).
You must configure Caddy to ignore the lack of trust. This is done with a transport subdirective block for your reverse_proxy.
Something like this:
reverse_proxy nextcloud:443 {
transport http {
tls_insecure_skip_verify
}
}
Woah that actually worked! Thanks! Is there anything else I have to do?
Not that I know of. Run into any other problems?
I don’t think so, besides needing to set HSTS.
This topic was automatically closed after 30 days. New replies are no longer allowed.