1. Caddy version:
from docker-compose exec caddy caddy version
:no configuration file provided: not found
From “inspect” v2.6.2
2. How I installed, and run Caddy:
I can run Nextcloud and access it just fine via docker run --sig-proxy=false --name nextcloud-aio-mastercontainer --restart always --publish 80:80 --publish 8080:8080 --publish 8443:8443 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config --volume //var/run/docker.sock:/var/run/docker.sock:ro nextcloud/all-in-one:latest
However when I try to add caddy I’m unable to access at all.
a. System environment:
Windows 11 on Docker-desktop v4.16.2
b. Command:
docker-compose up -d
c. Service/unit/compose file:
services:
caddy:
image: caddy:alpine
restart: unless-stopped
container_name: caddy
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- ./certs:/certs
- ./config:/config
- ./data:/data
- ./sites:/srv
network_mode: "host"
nextcloud:
image: nextcloud/all-in-one:latest
restart: unless-stopped
container_name: nextcloud-aio-mastercontainer
ports:
- "8080:8080"
environment:
- APACHE_PORT=11000
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- //var/run/docker.sock://var/run/docker.sock:ro
depends_on:
- caddy
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer
d. My complete Caddy config:
https://nextcloud.weme.wtf:443 {
header Strict-Transport-Security max-age=31536000;
reverse_proxy localhost:11000
}
3. The problem I’m having:
- It’s acting like my firewalls blocking the ports for acme-challenge
- It’s saying there’s no config?
- I don’t even see 80 and 443 being listened on.
4. Error messages and/or full log output:
2023-01-26 21:27:39 {"level":"error","ts":1674793659.4830575,"logger":"http.acme_client","msg":"validating authorization","identifier":"nextcloud.weme.wtf","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"24.10.145.50: Fetching http://nextcloud.weme.wtf/.well-known/acme-challenge/mZQ1Nq81Neti9C5bn-3cU5aUFtNzYWJr7jRwyaERnoQ: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/84890263/6816273823","attempt":2,"max_attempts":3}
2023-01-26 21:27:39 {"level":"error","ts":1674793659.4830747,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"nextcloud.weme.wtf","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 24.10.145.50: Fetching http://nextcloud.weme.wtf/.well-known/acme-challenge/mZQ1Nq81Neti9C5bn-3cU5aUFtNzYWJr7jRwyaERnoQ: Timeout during connect (likely firewall problem)"}
2023-01-26 21:27:44 {"level":"info","ts":1674793664.0261712,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"nextcloud.weme.wtf","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
2023-01-26 21:27:59 {"level":"error","ts":1674793679.8731074,"logger":"http.acme_client","msg":"challenge failed","identifier":"nextcloud.weme.wtf","challenge_type":"http-01","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]}}
2023-01-26 21:27:59 {"level":"error","ts":1674793679.8731427,"logger":"http.acme_client","msg":"validating authorization","identifier":"nextcloud.weme.wtf","problem":{"type":"","title":"","detail":"","instance":"","subproblems":[]},"order":"https://acme.zerossl.com/v2/DV90/order/xAoex9kRbZX8TKUOzsOxFg","attempt":1,"max_attempts":3}
2023-01-26 21:27:59 {"level":"error","ts":1674793679.8731935,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"nextcloud.weme.wtf","issuer":"acme.zerossl.com-v2-DV90","error":"HTTP 0 - "}
2023-01-26 21:27:59 {"level":"error","ts":1674793679.873224,"logger":"tls.obtain","msg":"will retry","error":"[nextcloud.weme.wtf] Obtain: [nextcloud.weme.wtf] solving challenge: nextcloud.weme.wtf: [nextcloud.weme.wtf] authorization failed: HTTP 0 - (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":493.483120303,"max_duration":2592000}
{"level":"info","ts":1674793189.8594553,"msg":"using provided configuration","config_file":"/Caddyfile","config_adapter":""}
{"level":"warn","ts":1674793189.8601122,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/Caddyfile","line":2}
{"level":"info","ts":1674793189.8611803,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"warn","ts":1674793189.8612688,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
{"level":"warn","ts":1674793189.8612738,"logger":"http","msg":"automatic HTTP->HTTPS redirects are disabled","server_name":"srv1"}
{"level":"warn","ts":1674793189.8613467,"logger":"tls","msg":"YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place","docs":"https://caddyserver.com/docs/automatic-https#on-demand-tls"}
{"level":"info","ts":1674793189.8613973,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1674793189.8613966,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000730380"}
{"level":"info","ts":1674793189.8614073,"logger":"http","msg":"enabling HTTP/3 listener","addr":":8443"}
{"level":"info","ts":1674793189.8614342,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/mnt/docker-aio-config/caddy/"}
{"level":"info","ts":1674793189.8614912,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1674793189.8614545,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
{"level":"info","ts":1674793189.8615794,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
{"level":"error","ts":1674793189.8615954,"msg":"unable to create folder for config autosave","dir":"/root/.config/caddy","error":"mkdir /root/.config: permission denied"}
{"level":"info","ts":1674793189.861602,"msg":"serving initial configuration"}
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.0.2. Set the 'ServerName' directive globally to suppress this message
[Fri Jan 27 04:19:49.868783 2023] [ssl:warn] [pid 117] AH01906: 192.168.0.2:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jan 27 04:19:49.868822 2023] [ssl:warn] [pid 117] AH01909: 192.168.0.2:8080:0 server certificate does NOT include an ID which matches the server name
5. What I already tried:
- Tried removing
header Strict-Transport-Security max-age=31536000;
as I’ve seen configs with it not there - Tried cocker-compose.yml: line 23:
- /var/run/docker.sock:/var/run/docker.sock:ro
however this way Nextcloud just kept restarting over and over again. Online someone mentioned to add // before var which got passed that. - removed docker-compose.yml: line 30 as someone’s config in the examples secion on nextcloud all-in-one github said theirs worked and it didn’t have that line under “volumes”
- Cleared out the containers/images/volumes between changes.
- Rebooted/reinstalled docker.
- Ruled out router port-forwarding/firewall by swapping the port-forwarding back to my other server nextcloud-snap instance. which was still working with https.
- Ruled out windows 11 firewall by first resetting FW to defaults and reading rules then just disabling it disabling it
- pwsh:
netstat -a -b
doesn’t show listening on port 80 or 443
Separate (mostly unrelated) issue but my first attempt at revers proxy for nextcloud was with nextcloud-snap on ubuntu (reddit story below). total fail. Honestly i’m exhausted so any help would be appreciated. I’m sold on docker/caddy though if I can get this working.