Error: You're speaking plain HTTP to an SSL-enabled server port Nextcloud AOI with reverse proxy in Docker

chri_Amm · November 6, 2024, 8:22pm

hello,

i have a problem with setting up nextcloud aoi with a reverse proxy in docker as described on the github page i use caddy, i first tried it with my nginx config, but then read that this should not work and therefore switched to caddy.

The problem is that I get this error when I try to access the cloud via the browser:

Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Apache/2.4.62 (Unix) Server at localhost Port 8080

it must either be a wrong configuration of caddy or i have to disable HTTPS from nextcloud, but i can’t find or see the error

docker-compose.yml

services:
  nextcloud-master:
    image: nextcloud/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      cloud:
    environment:
      APACHE_PORT: 8080
      APACHE_IP_BINDING: 0.0.0.0
      NEXTCLOUD_UPLOAD_LIMIT: 10G
      SKIP_DOMAIN_VALIDATION: true
      NEXTCLOUD_DATADIR: /data/nextcloud
      NEXTCLOUD_MOUNT: /data/
      NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER}
      NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
    logging:
      options:
        max-size: ${DOCKER_LOGGING_MAX_SIZE}
        max-file: ${DOCKER_LOGGING_MAX_FILE}

  caddy:
    image: caddy:alpine
    pull_policy: always
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    environment:
      TLS_DOMAINS: ${TLS_DOMAINS}
      ADMIN_EMAIL: ${ADMIN_EMAIL}
    networks:
      cloud:
    volumes:
      - caddy_certs:/certs
      - caddy_config:/config
      - caddy_data:/data
      - caddy_sites:/srv
      - ./Caddyfile:/etc/caddy/Caddyfile
    logging:
      options:
        max-size: ${DOCKER_LOGGING_MAX_SIZE}
        max-file: ${DOCKER_LOGGING_MAX_FILE}
    healthcheck:
      test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "127.0.0.1:2019/metrics" ]
      interval: 10s
      retries: 3
      start_period: 5s
      timeout: 5s

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer
  caddy_certs:
  caddy_config:
  caddy_data:
  caddy_sites:

networks:
  cloud:
    driver: bridge
    attachable: true

Caddyfile:

{
	email {$ADMIN_EMAIL}
}

{$TLS_DOMAINS} {
    reverse_proxy http://nextcloud-master:8080

	root * /var/www/html

	php_fastcgi app:9000 {
		env front_controller_active true
	}

	file_server

	redir /.well-known/carddav /remote.php/dav/ 301
	redir /.well-known/caldav /remote.php/dav/ 301

	respond /.well-known/acme-challenge 404
	respond /.well-known/pki-validation 404

	redir /.well-known/* /index.php{uri} 301

	header {
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

		Referrer-Policy "no-referrer"
		X-Content-Type-Options "nosniff"
		X-Download-Options "noopen"
		X-Frame-Options "SAMEORIGIN"
		X-Permitted-Cross-Domain-Policies "none"
		X-Robots-Tag "noindex, nofollow"
		X-XSS-Protection "1; mode=block"

		-X-Powered-By

		Location http:// https://
	}

	@static {
		file
		path *.css *.js *.svg *.gif
	}

	header @static {
		Cache-Control "max-age=360"
	}

	@fonts {
		path /core/fonts
	}

	header @fonts {
		Cache-Control "max-age=604800"
	}

	encode {
		gzip 4
		minimum_length 256

		match {
			header Content-Type application/atom+xml*
			header Content-Type application/javascript*
			header Content-Type application/json*
			header Content-Type application/ld+json*
			header Content-Type application/manifest+json*
			header Content-Type application/rss+xml*
			header Content-Type application/vnd.geo+json*
			header Content-Type application/vnd.ms-fontobject*
			header Content-Type application/x-font-ttf*
			header Content-Type application/x-web-app-manifest+json*
			header Content-Type application/xhtml+xml*
			header Content-Type application/xml*
			header Content-Type font/opentype*
			header Content-Type image/bmp*
			header Content-Type image/svg+xml*
			header Content-Type image/x-icon*
			header Content-Type application/atom+xmlapplication/javascript*
			header Content-Type text/*
		}
	}

	@forbidden {
		path /.htaccess
		path /.user.ini
		path /.xml
		path /3rdparty/*
		path /autotest
		path /build/*
		path /config/*
		path /console
		path /console.php
		path /data/*
		path /db_
		path /db_structure
		path /indie
		path /issue
		path /lib/*
		path /occ
		path /README
		path /templates/*
		path /tests/*
	}

	respond @forbidden 404

    respond {
        http_status 301
        header Location https://{http.request.host}{uri}
    }
}
```

Thank you very much in advance

jtr · November 6, 2024, 8:53pm

reverse_proxy http://nextcloud-master:8080

This does not look right. It would generally be 11000. And 8080 overlaps with the admin port.

And your Caddyfile should be like <5 lines. You appear to be trying to use a web server config rather than a pure reverse proxy config. I suspect that isn’t really what your goal is (certainly not with AIO).

See all-in-one/reverse-proxy.md at main · nextcloud/all-in-one · GitHub

i use caddy, i first tried it with my nginx config, but then read that this should not work and therefore switched to caddy.

Not sure what you’re referring to here.

chri_Amm · November 6, 2024, 9:47pm

@jtr
Thanks for the quick reply, but now I get an error connection refused error in the caddy container to the 11000 port.
I have changed it in the docker-compose.yml and also in the caddyfile