Using Swag container as frontend to Caddy-v1

1. Caddy version (caddy version):

Caddy v1.0.5 (h1:5B1Hs0UF2x2tggr2X9jL2qOZtDXbIWQb9YLbmlxHSuM=)

2. How I run Caddy:

I am setting up a Kopano environment defined here:

Caddy is executed like this:

$ docker ps -a
1dc870cb532a            "/init"                  2 hours ago   Up 41 minutes        >80/tcp, :::80->80/tcp,>443/tcp, :::443->443/tcp swag
c75628f88802   zokradonh/kopano_web:latest         ""             2 hours ago   Up About an hour (healthy)     80/tcp, 443/tcp,>2015/tcp, :::2015->2015/tcp kopano_web_1

$ docker exec -it kopano_web_1 sh
/srv # ps aux
    1 root      0:01 kwebd caddy -conf /etc/kweb.cfg -agree

$ kwebd caddy --version
[DEV NOTICE] Registered directive 'alias' at end of list
[DEV NOTICE] Registered directive 'configjson' at end of list
[DEV NOTICE] Registered directive 'fastcgi2' before 'fastcgi'
[DEV NOTICE] Registered directive 'folderish' before 'redir'
[DEV NOTICE] Registered directive 'staticpwa' at end of list
Caddy v1.0.5 (h1:5B1Hs0UF2x2tggr2X9jL2qOZtDXbIWQb9YLbmlxHSuM=)

The idea here is to use SWAG as a frontend to multiple services, but ultimately to make the / location point to the kopano docker-compose setup that’s running https on port 2015. Here’s the details on SWAG if you are unfamiliar:

I am wanting to do something like this (swag/config/nginx/proxy-confs/caddy.subfolder.conf):

location / {
    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_app kopano_web_1;
    set $upstream_port 443;
    set $upstream_proto https;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    # ssl self-signed
    proxy_ssl_verify off;
    proxy_ssl_server_name on;

Here’s more detailed information on my modifications:

The ultimate Caddy config that’s being used can be found here:

Here’s the error from the error.log from the sway setup:

FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: <redacted>, server: _, request: "POST /webapp/kopano.php?service=fingerprint HTTP/2.0", upstream: "fastcgi://", host: "<redacted>", referrer: "https://<redacted>/webapp/"

a. System environment:

Docker running on Debian 10 via docker-compose.yml

b. Command:

# This is what's running inside the container
kwebd caddy -conf /etc/kweb.cfg -agree

c. Service/unit/compose file:

Here’s the relevant information from the docker-compose.yml:

version: "3.5"

    container_name: swag
      - NET_ADMIN
      - PUID=1002
      - PGID=1002
      - URL=<domain>
      - SUBDOMAINS=nextcloud,onlyoffice
      - VALIDATION=http
      - EMAIL= #optional
      - ONLY_SUBDOMAINS=false #optional
      - EXTRA_DOMAINS= #optional
      - STAGING=false #optional
      - MAXMINDDB_LICENSE_KEY= #optional
      - ./swag/config:/config
      - 443:443
      - 80:80 #optional
      - kopano-net
      - web-net
    restart: unless-stopped

    image: ${docker_repo:-zokradonh}/kopano_web:${KWEB_VERSION:-latest}
    read_only: true
    restart: unless-stopped
      - EMAIL=${EMAIL:-off}
      - FQDN=${FQDN}
      - TLS_MODE=tls_auto
      - /etc/machine-id:/etc/machine-id
      - /etc/machine-id:/var/lib/dbus/machine-id
      # - web:/.kweb
      - type: bind
        source: ./web/kweb.cfg
        target: /etc/kweb.cfg
          - ${FQDNCLEANED:-domain.invalid}

d. My complete Caddyfile or JSON config:

Again, located here: kopano-docker/kweb.cfg at master · zokradonh/kopano-docker · GitHub

3. The problem I’m having:

Basically what’s happening is that I’m using the Swag container to handle SSL/Single termination endpoint for a multitude of services. The idea would be to host Kopano + Nextcloud + OnlyOffice as well as many other dockerized services under one single endpoint. Yes, I understand that I could just write a Caddy config to do this, but I’m not interested in doing that. Caddy for me has been far too complicated, and I plan to move this setup to K8s, which would be harder to do with caddy for me.

I am attempting to come up with a way to configure the Nginx SWAG container to redirect location / to point to the Caddy v1 config defined under the kweb.cfg listed multiple times above. With the listed caddy.subfolder.conf reverse_proxy setup, I am able to load all the CSS + HTML, but none of the other PHP code is executing properly. When I load the page: https://, I get properly redirected to https:///webapp, it loads the CSS + basic web html, but fails to load all the authentication backend components. I will detail the errors I am seeing in the next section.

4. Error messages and/or full log output:

# SWAG error.log from nginx
FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: <redacted>, server: _, request: "POST /webapp/kopano.php?service=fingerprint HTTP/2.0", upstream: "fastcgi://", host: "<redacted>", referrer: "https://<redacted>/webapp/"

5. What I already tried:

I have tried many modifications, but this was as far as I was able to get. Here’s an attempt to get support from SWAG discord: Discord

I keep getting 404 for Referrer Policy: strict-origin-when-cross-origin , which is actually a 405 from the caddy relay

6. Links to relevant resources:

Caddy v1 is no longer supported, it’s been EOL since October 2020. Please upgrade to Caddy v2.

That’s not something I can do. It’s not something that I implemented, and I have no interest in migrating. Again, I just need help getting the php resources to load.

You’ll need to get help from the kopano-docker project then.

Like I said, we no longer support Caddy v1. There’s no benefit to us or the community for us to continue supporting it.

Caddy v2 has a significantly better design and fixes countless numbers of bugs which existed due to the way Caddy v1 was designed (or rather lack of design because it was just the product of continually adding features on top of others until it became unsustainable). It required a rewrite and redesign to unwind and simplify. We’ve put it behind us and we want to move forwards.

This topic was automatically closed after 30 days. New replies are no longer allowed.