Docker AIO install with Caddy proxy (not docker) on same server

Docker version: 24.0.7
Operating system and version: Debian 11 (bullseye)
Caddy version: v2.7.5

The issue you are facing:
Hi, i’m trying to install nextcloud AIO with docker on my server which have already Caddy installed which already serve static sites.
i’m following this doc :
But i probably missing something :sob:

so i set the caddy config : {
    reverse_proxy localhost:11000

Then lauching to command :

# For Linux:
sudo docker run \
--init \
--sig-proxy=false \
--name nextcloud-aio-mastercontainer \
--restart always \
--publish 8080:8080 \
--env APACHE_PORT=11000 \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \

then i’ve got this messsage :

But when i open, i have http 502 response :
if i open, browser loading until timeout.

no more logs coming in container.

  • DNS are well configured
  • i restart caddy after every change
  • i disabled all firewall rules.
  • i tryed to change APACHE_IP_BINDING to
  • the ports seems free
sudo ss -tulwn | grep LISTEN
tcp   LISTEN 0      4096*          
tcp   LISTEN 0      128*          
tcp   LISTEN 0      4096*          
tcp   LISTEN 0      4096            [::]:8080         [::]:*          
tcp   LISTEN 0      4096               *:80              *:*          
tcp   LISTEN 0      128             [::]:22           [::]:*          
tcp   LISTEN 0      4096               *:443             *:*  

i tried to change caddy config to: {
    reverse_proxy localhost:8080

i got this errors :

My full Caddyfile:

(common) {
    header /* {
} {
    reverse_proxy localhost:11000
} {
	#@notFound `{err.status_code} == 404`
	#rewrite @notFound /home/gitlab-runner/gurso/index.html
	root * /home/gitlab-runner/gurso/
	encode gzip
	try_files {path} /index.html
	header Cache-Control max-age=31536000
	header /index.html Cache-Control max-age=60

	import common
} {
	root * /home/gitlab-runner/gb-app/
	encode gzip
} {
	root * /home/gitlab-runner/vm/
	encode gzip

i don’t know what i miss. i feel it’s caddy problem but i don’t know what to do, any help is welcome.

Thx by advance

Hi, can you follow

thx for your reactivity, i tryed few times to reset and following steps again, i have sames result (even with --env SKIP_DOMAIN_VALIDATION=true)

some more infos:

  • i don’t think being concern by CGNAT stuff
  • i have IPV4

Did you see

i tryed, but i can’t access to the interface, with IP or domain…

Did you try to use port https://ip.address.of.server:8080 as adviced?

yes i tried also this…

on my server, if i do : curl -v localhost:8080
i’ve got:

* Connected to localhost ( port 8080 (#0)
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.74.0
> Accept: */*
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< Date: Sat, 11 Nov 2023 15:42:02 GMT
< Server: Apache/2.4.58 (Unix)
< Content-Length: 437
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<title>400 Bad Request</title>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
 Instead use the HTTPS scheme to access this URL, please.<br />
<address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address>
* Closing connection 0

and if i do curl -v https://localhost:8080, i’ve got:

*   Trying
* Connected to localhost ( port 8080 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here:

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Yes, you need to accept the self-signed certificate

:open_mouth: how can i do that ? it’s not make automatically with Caddy ? (Thx again to be so reactive)

You need to accept it in the browser. Usually click on more or advanced and then continue or accept)

arf, i have this result with curl from the server, from my browser i still get a timeout error

Something i don’t understand in the doc is the config provide for caddy is :

https://<your-nc-domain>:443 {
    reverse_proxy localhost:11000

but in the docker command, the apache port is not published:

# For Linux:
sudo docker run \
--init \
--sig-proxy=false \
--name nextcloud-aio-mastercontainer \
--restart always \
--publish 8080:8080 \
--env APACHE_PORT=11000 \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \

How caddy can redirect request from localhost:11000 ? i probably missing something and my low skill in english doesn’t help…

maybe find the problem (not the solution :sob: .

i tried to:

  • disable caddy (sudo systemctl stop caddy)
  • launch very simple apache container. (docker run -dit --name my-apache-app -p 8080:80 -v /home/debian/test:/usr/local/apache2/htdocs/ httpd:2.4) in a folder with a simple index.html.

So if i do curl http://localhost:8080 on the server, i get the index.html file content, but i can’t get it from the browser.
if i do the same on my laptop, i can get localhost:8080 without problem.

i going to look for in this direction, If someone have a idea.

OK Work in progress, i didn’t know that my vps provider has a firewall which is configurable on dashboard… :sweat_smile:.

i’m going to try again with any rule (for real this time)

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.