1. Caddy version (caddy version):
v2.3.0
2. How I run Caddy:
systemd + Caddyfile
a. System environment:
Linux Mint 19.1 (ie, Ubuntu 18.04).
b. Command:
caddy start
caddy reload
or
systemctl start caddy
systemctl restart caddy
c. Service/unit/compose file:
/lib/systemd/system/caddy.service
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
realzcyphcloud.com {
root * /var/www/nextcloud
encode gzip zstd
file_server
php_fastcgi unix//run/php/php7.3-fpm.sock {
env PATH /bin
env modHeadersAvailable true
env front_controller_active true
}
log {
output file /tmp/nextcloud.log
format single_field common_log
}
header {
# enable HSTS
Strict-Transport-Security max-age=31536000;
}
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
respond @forbidden 403
}
office.realzcyphcloud.com {
encode gzip
file_server
@collabora {
path /loleaflet/* # Loleaflet is the client part of LibreOffice Online
path /hosting/discovery # WOPI discovery URL
path /hosting/capabilities # Show capabilities as json
path /lool/* # Main websocket, uploads/downloads, presentations
}
reverse_proxy https://127.0.0.1:9980
}
3. The problem I’m having:
My home server has numerous services/applications being hosted, currently served by apache. Decided to try out Caddy as it seemed like it could potentially be better for easier reverse proxying stuff and one less thing to worry about with the HTTPS stuff. It turned out to be the case for some things, but I got stuck being unable to get Nextcloud to work properly with Collabora. I have it working with Apache so I know I must be missing something to configure it correctly in Caddy.
4. Error messages and/or full log output:
When trying to open a document in Nextcloud:
“Collabora Online is not setup yet.
Click here to configure your own server or connect to a demo server.”
Clicking on it goes to the Collabora Online page in settings with error “Could not establish connection to the Collabora Online server.”
“Use your own server - Collabora Online requires a seperate server acting as a WOPI-like Client to provide editing capabilities.” is selected and “office.realzcyphcloud.com” is shown, the same as when it’s working with Apache.
Sorry, I’m not sure how/where to get logs for this, aside from just systemctl status caddy, where I do see something saying “cannot validate certificate”. I feel like this either has to be something to do with Caddy not having permissions for this, or wrong syntax / something missing to reverse proxy that part properly.
The proxy parts of working Apache config for Collabora looks like this:
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
# Endpoint with information about availability of various features
ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
5. What I already tried:
Tried various different setups like the Snap version of Nextcloud and built in Collabora plugin, the Docker version of Nextcloud and the Docker version of Collabora, but even with Apache those other setups give me a lot of trouble so I always circle back to the full non-docker version of Nextcloud. With a fully working setup on Apache (latest Nextcloud + the collabora/code docker on 9980), I:
systemctl stop apache2
systemctl start caddy
Nextcloud works. I can add other sites/services and they work. I’ve tried using http://127.0.0.1, https://127.0.0.1, localhost instead of 127.0.0.1, 192.x.x.x instead, etc for the Collabora reverse proxy config in the Caddyfile. Same result in each case.
It’s probably something really stupid and obvious that I’m overlooking, I’m hoping someone here has been through it and can point it out. If not, any help on how to dig into this better would be greatly appreciated! Love the concept for Caddy, will fully switch over if I can iron this out I think. Thanks in advance!