1. Caddy version (caddy version
):
Caddy v1.0.5 (h1:5B1Hs0UF2x2tggr2X9jL2qOZtDXbIWQb9YLbmlxHSuM=)
2. How I run Caddy:
I am setting up a Kopano environment defined here: https://github.com/zokradonh/kopano-docker
Caddy is executed like this: https://github.com/zokradonh/kopano-docker/blob/master/web/wrapper.sh#L23
$ docker ps -a
1dc870cb532a ghcr.io/linuxserver/swag "/init" 2 hours ago Up 41 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp swag
c75628f88802 zokradonh/kopano_web:latest "wrapper.sh" 2 hours ago Up About an hour (healthy) 80/tcp, 443/tcp, 0.0.0.0:2015->2015/tcp, :::2015->2015/tcp kopano_web_1
$ docker exec -it kopano_web_1 sh
/srv # ps aux
PID USER TIME COMMAND
1 root 0:01 kwebd caddy -conf /etc/kweb.cfg -agree
$ kwebd caddy --version
[DEV NOTICE] Registered directive 'alias' at end of list
[DEV NOTICE] Registered directive 'configjson' at end of list
[DEV NOTICE] Registered directive 'fastcgi2' before 'fastcgi'
[DEV NOTICE] Registered directive 'folderish' before 'redir'
[DEV NOTICE] Registered directive 'staticpwa' at end of list
Caddy v1.0.5 (h1:5B1Hs0UF2x2tggr2X9jL2qOZtDXbIWQb9YLbmlxHSuM=)
The idea here is to use Linuxserver.io SWAG as a frontend to multiple services, but ultimately to make the /
location point to the kopano docker-compose
setup that’s running https on port 2015. Here’s the details on SWAG if you are unfamiliar: https://docs.linuxserver.io/general/swag#subfolder-proxy-conf
I am wanting to do something like this (swag/config/nginx/proxy-confs/caddy.subfolder.conf
):
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app kopano_web_1;
set $upstream_port 443;
set $upstream_proto https;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# ssl self-signed
proxy_ssl_verify off;
proxy_ssl_server_name on;
}
Here’s more detailed information on my modifications: https://gist.github.com/nfaction/4391e05bae1ed95971e1975bc0cee838
The ultimate Caddy config that’s being used can be found here: https://github.com/zokradonh/kopano-docker/blob/master/web/kweb.cfg
Here’s the error from the error.log
from the sway setup:
FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: <redacted>, server: _, request: "POST /webapp/kopano.php?service=fingerprint HTTP/2.0", upstream: "fastcgi://127.0.0.1:9000", host: "<redacted>", referrer: "https://<redacted>/webapp/"
a. System environment:
Docker running on Debian 10 via docker-compose.yml
b. Command:
https://github.com/zokradonh/kopano-docker/blob/master/web/wrapper.sh#L23
# This is what's running inside the container
kwebd caddy -conf /etc/kweb.cfg -agree
c. Service/unit/compose file:
Here’s the relevant information from the docker-compose.yml
:
version: "3.5"
services:
swag:
image: ghcr.io/linuxserver/swag
container_name: swag
cap_add:
- NET_ADMIN
environment:
- PUID=1002
- PGID=1002
- URL=<domain>
- SUBDOMAINS=nextcloud,onlyoffice
- VALIDATION=http
- EMAIL= #optional
- ONLY_SUBDOMAINS=false #optional
- EXTRA_DOMAINS= #optional
- STAGING=false #optional
- MAXMINDDB_LICENSE_KEY= #optional
volumes:
- ./swag/config:/config
ports:
- 443:443
- 80:80 #optional
networks:
- kopano-net
- web-net
restart: unless-stopped
web:
image: ${docker_repo:-zokradonh}/kopano_web:${KWEB_VERSION:-latest}
read_only: true
restart: unless-stopped
environment:
- DEFAULTREDIRECT=${DEFAULTREDIRECT:-/webapp}
- EMAIL=${EMAIL:-off}
- FQDN=${FQDN}
- TLS_MODE=tls_auto
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
# - web:/.kweb
- type: bind
source: ./web/kweb.cfg
target: /etc/kweb.cfg
networks:
web-net:
aliases:
- ${FQDNCLEANED:-domain.invalid}
d. My complete Caddyfile or JSON config:
Again, located here: kopano-docker/kweb.cfg at master · zokradonh/kopano-docker · GitHub
3. The problem I’m having:
Basically what’s happening is that I’m using the Swag container to handle SSL/Single termination endpoint for a multitude of services. The idea would be to host Kopano + Nextcloud + OnlyOffice as well as many other dockerized services under one single endpoint. Yes, I understand that I could just write a Caddy config to do this, but I’m not interested in doing that. Caddy for me has been far too complicated, and I plan to move this setup to K8s, which would be harder to do with caddy for me.
I am attempting to come up with a way to configure the Nginx SWAG container to redirect location /
to point to the Caddy v1 config defined under the kweb.cfg
listed multiple times above. With the listed caddy.subfolder.conf
reverse_proxy
setup, I am able to load all the CSS + HTML, but none of the other PHP code is executing properly. When I load the page: https://, I get properly redirected to https:///webapp, it loads the CSS + basic web html, but fails to load all the authentication backend components. I will detail the errors I am seeing in the next section.
4. Error messages and/or full log output:
# SWAG error.log from nginx
FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: <redacted>, server: _, request: "POST /webapp/kopano.php?service=fingerprint HTTP/2.0", upstream: "fastcgi://127.0.0.1:9000", host: "<redacted>", referrer: "https://<redacted>/webapp/"
5. What I already tried:
I have tried many modifications, but this was as far as I was able to get. Here’s an attempt to get support from SWAG discord: Discord
I keep getting 404 for Referrer Policy: strict-origin-when-cross-origin
, which is actually a 405 from the caddy relay
6. Links to relevant resources:
https://github.com/zokradonh/kopano-docker
https://kopano.com/blog/using-docker-to-spin-up-a-kopano-environment/
https://gist.github.com/nfaction/4391e05bae1ed95971e1975bc0cee838
https://docs.linuxserver.io/general/swag#subfolder-proxy-conf