Can't access Apache container through Caddy

Been struggling for the last two days to get Nextcloud installed on my system. Nothing seems to work but using the AIO is the closest I’ve gotten to potentially having everything I need.

Currently, my reverse proxy, Caddy, is unable to proxy to the Apache container.

Here’s what I’m using:

docker-compose.yml:

services:
  nextcloud:
    image: nextcloud/all-in-one:latest
    restart: unless-stopped
    container_name: nextcloud-aio-mastercontainer
    ports:
      - "8080:8080"
    environment:
      - APACHE_PORT=11000
      - APACHE_IP_BINDING=0.0.0.0  
      - NEXTCLOUD_DATADIR=/nextcloud/data
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

Caddyfile

https://nc.domain.com:443 {
        reverse_proxy localhost:11000
}

I am able to use curl to get the Apache container’s contents using localhost, the container IP address and the IP address of the system on my local network.

However when I attempt to use curl https://nc.domain.com to access it’s contents, I am met with this error:

curl: (35) OpenSSL/3.0.13: error:0A000438:SSL routines::tlsv1 alert internal error 

welcome to the community :handshake:
please follow AiO reverse proxy

Hey, thank you for the welcome.

I’ve already read the reverse proxy guide several times.

That’s why I’m here looking for support, as I was unable to resolve the issue myself. Over the last two days, I have been unsuccessful with getting the Apache container to talk through my reverse proxy. I’ve tried adjusting APACHE_IP_BINDING, and I’ve also tried adding the following to my Caddyfile:

https://nc.domain.com:443 {
        reverse_proxy localhost:11000 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

As per the file in this post.

Nothing seems to work.

I’m able to verify connection with the Apache container with the following commands:

nc -z localhost 11000; echo $?
nc -z <container-ip> 11000; echo $?
nc -z <lan-ip> 11000; echo $?

will never succeed as long AiO and caddy run on different systems (e.g. host and container or two different containers).
In the docker compose you advise Apache to listen on port 11000 but only expose 8080 to the host… this way you could access Apache through Docker network but you didn’t provide this details.

sounds you are missing understanding of docker and networking in general - I would recommend you familiarize yourself with this technologies.

Hey,

Seems like you don’t understand how the AIO container works. Maybe you should familiarize yourself with it.

When I connect to the AIO container on port 8080 and give it the password that generates. The AIO creates the Apache container and publishes the port specified by APACHE_PORT.

Like I said, in my post, I was able to access the Apache container from not just the host, but the container. The problem is not what you’re thinking it is.

I even swapped reverse proxies to NPM and was able to get it working with the configuration I had.

Sadly, the performance was not what I wanted and I am in the process of switching to a bare metal install.

For future reference, before leaving a comment insinuating that the person you are talking to is ignorant, maybe try spending some time double checking yourself.

EDIT: Also, please follow AIO Reverse Proxy, it clearly states that one can use a host-based RP.

Thanks!

1 Like