Docker AIO install with Caddy proxy (not docker) on same server

carnival187 · November 11, 2023, 9:50am

Docker version: 24.0.7
Operating system and version: Debian 11 (bullseye)
Caddy version: v2.7.5

The issue you are facing:
Hi, i’m trying to install nextcloud AIO with docker on my server which have already Caddy installed which already serve static sites.
i’m following this doc : https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
But i probably missing something

so i set the caddy config :

https://nextcloud.urso.fr:443 {
    reverse_proxy localhost:11000
}

Then lauching to command :

# For Linux:
sudo docker run \
--init \
--sig-proxy=false \
--name nextcloud-aio-mastercontainer \
--restart always \
--publish 8080:8080 \
--env APACHE_PORT=11000 \
--env APACHE_IP_BINDING=0.0.0.0 \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
nextcloud/all-in-one:latest

then i’ve got this messsage :

But when i open https://nextcloud.urso.fr, i have http 502 response :
if i open https://nextcloud.urso.fr:8443/, browser loading until timeout.

no more logs coming in container.

DNS are well configured
i restart caddy after every change
i disabled all firewall rules.
i tryed to change APACHE_IP_BINDING to 127.0.0.1
the ports seems free

sudo ss -tulwn | grep LISTEN
tcp   LISTEN 0      4096         0.0.0.0:8080      0.0.0.0:*          
tcp   LISTEN 0      128          0.0.0.0:22        0.0.0.0:*          
tcp   LISTEN 0      4096       127.0.0.1:2019      0.0.0.0:*          
tcp   LISTEN 0      4096            [::]:8080         [::]:*          
tcp   LISTEN 0      4096               *:80              *:*          
tcp   LISTEN 0      128             [::]:22           [::]:*          
tcp   LISTEN 0      4096               *:443             *:*

i tried to change caddy config to:

https://nextcloud.urso.fr:443 {
    reverse_proxy localhost:8080
}

i got this errors :

My full Caddyfile:

(common) {
    header /* {
        -Server
    }
}

https://nextcloud.urso.fr:443 {
    reverse_proxy localhost:11000
}

gautier.urso.fr {
	#@notFound `{err.status_code} == 404`
	#rewrite @notFound /home/gitlab-runner/gurso/index.html
	root * /home/gitlab-runner/gurso/
	encode gzip
	try_files {path} /index.html
	file_server
	header Cache-Control max-age=31536000
	header /index.html Cache-Control max-age=60

	import common
}

delphine.urso.fr {
	root * /home/gitlab-runner/gb-app/
	file_server
	encode gzip
}

institut-vahine-minceur.com {
	root * /home/gitlab-runner/vm/
	file_server
	encode gzip
}

i don’t know what i miss. i feel it’s caddy problem but i don’t know what to do, any help is welcome.

Thx by advance

szaimen · November 11, 2023, 10:02am

Hi, can you follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things?

carnival187 · November 11, 2023, 10:32am

thx for your reactivity, i tryed few times to reset and following steps again, i have sames result (even with --env SKIP_DOMAIN_VALIDATION=true)

some more infos:

i don’t think being concern by CGNAT stuff
i have IPV4

szaimen · November 11, 2023, 10:33am

Did you see https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#4-open-the-aio-interface?

carnival187 · November 11, 2023, 10:38am

i tryed, but i can’t access to the interface, with IP or domain…

szaimen · November 11, 2023, 10:53am

Did you try to use port https://ip.address.of.server:8080 as adviced?

carnival187 · November 11, 2023, 3:40pm

yes i tried also this…

carnival187 · November 11, 2023, 3:45pm

on my server, if i do : curl -v localhost:8080
i’ve got:

* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.74.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< Date: Sat, 11 Nov 2023 15:42:02 GMT
< Server: Apache/2.4.58 (Unix)
< Content-Length: 437
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
 Instead use the HTTPS scheme to access this URL, please.<br />
</p>
<hr>
<address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address>
</body></html>
* Closing connection 0

and if i do curl -v https://localhost:8080, i’ve got:

*   Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

szaimen · November 11, 2023, 3:48pm

Yes, you need to accept the self-signed certificate

carnival187 · November 11, 2023, 3:50pm

how can i do that ? it’s not make automatically with Caddy ? (Thx again to be so reactive)

szaimen · November 11, 2023, 3:54pm

You need to accept it in the browser. Usually click on more or advanced and then continue or accept)

carnival187 · November 11, 2023, 3:55pm

arf, i have this result with curl from the server, from my browser i still get a timeout error

carnival187 · November 11, 2023, 4:03pm

Something i don’t understand in the doc is the config provide for caddy is :

https://<your-nc-domain>:443 {
    reverse_proxy localhost:11000
}

but in the docker command, the apache port is not published:

# For Linux:
sudo docker run \
--init \
--sig-proxy=false \
--name nextcloud-aio-mastercontainer \
--restart always \
--publish 8080:8080 \
--env APACHE_PORT=11000 \
--env APACHE_IP_BINDING=0.0.0.0 \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
nextcloud/all-in-one:latest

How caddy can redirect request from localhost:11000 ? i probably missing something and my low skill in english doesn’t help…

carnival187 · November 12, 2023, 5:11pm

maybe find the problem (not the solution .

i tried to:

disable caddy (sudo systemctl stop caddy)
launch very simple apache container. (docker run -dit --name my-apache-app -p 8080:80 -v /home/debian/test:/usr/local/apache2/htdocs/ httpd:2.4) in a folder with a simple index.html.

So if i do curl http://localhost:8080 on the server, i get the index.html file content, but i can’t get it from the browser.
if i do the same on my laptop, i can get localhost:8080 without problem.

i going to look for in this direction, If someone have a idea.

carnival187 · November 12, 2023, 5:19pm

OK Work in progress, i didn’t know that my vps provider has a firewall which is configurable on dashboard… .

i’m going to try again with any rule (for real this time)

system · November 20, 2023, 5:20pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.