I need help setting up: AIO in docker w/ Caddy as reverse

augenauf · April 2, 2025, 3:51pm

Hi,
I am trying to set up Nextcloud server on docker on an Ubuntu 24.04 host.
As I will be running some other docker containers (like vaultwarden, pihole, …), I thought it would be a good idea to run Caddy as reverse proxy.

The host is running tailscale.

I am obviously running into some problems (otherwise not posting here). Thanks a lot in advance to take a look at my config and help me out.

I read all-in-one/reverse-proxy.md at main · nextcloud/all-in-one · GitHub and even tried some AI bot to help me out, but so far no success.

My initial goal was to create two separate .yml files for caddy and nc, I have since merged this into a single one:

services:
  caddy:
    image: caddy:alpine
    restart: unless-stopped
    container_name: caddy
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./certs:/certs
      - ./config:/config
      - ./data:/data
      - ./sites:/srv
    network_mode: "host"

  nextcloud:
    image: nextcloud/all-in-one:latest
    restart: unless-stopped
    container_name: nextcloud-aio-mastercontainer
    ports:
      - "8080:8080"
    environment:
      - APACHE_PORT=11000
      - APACHE_IP_BINDING=127.0.0.1
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    depends_on:
      - caddy

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

Here is my Caddyfile:


# Nextcloud on local LAN and Tailscale IP
10.7.8.15 {
    reverse_proxy nextcloud:11000
    tls internal
}

100.YY.YY.YY {
    reverse_proxy abc.taile15def.ts.net:11000
    tls internal
}

I can get to the the AIO web interface at https://10.7.8.15:8080 and at the tailescale domain name, but I not sure what domain to provide next. I have have tried various local network names as well as the tailescale domain name without success.

Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. (‘sudo docker logs -f nextcloud-aio-mastercontainer’),

logs

NOTICE: PHP message: The response of the connection attempt to "https://abc.taile15def.ts.net:443" was: 
NOTICE: PHP message: Expected was: 69202ae7e37afddb139a7c2cf61dbadbd61645270c46b583
NOTICE: PHP message: The error message was: TLS connect error: error:0A000438:SSL routines::tlsv1 alert internal error
NOTICE: PHP message: Please follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things in order to debug things!

Any hints or ideas how to proceed would be very much appreciated?

szaimen · April 2, 2025, 3:53pm

Hi, please compare your config with this one: Caddy Docker Compose Example · nextcloud/all-in-one · Discussion #575 · GitHub

augenauf · April 3, 2025, 10:18am

the only difference in the docker file I could spot is:

      - APACHE_IP_BINDING=127.0.0.1

which I think isn’t the issue here.

However, my Caddyfile looks different, maybe I should remove the tls internal as nc is already providing self-signed certs?
and replace nextcloud:11000 with localhost:11000?

szaimen · April 3, 2025, 10:33am

Yes, the caddyfile is the culprit. You need to align it to fit the docs one.

augenauf · April 3, 2025, 11:58am

Thanks for your reply!

In the Caddyfile example in the linked discussion (“docs”), the system is installed at a proper domain.

My system is local and tailscale connected.

I tried entering

localhost.local which doesnt return anything in the logs, and https://nc.taile15abc.ts.net, which returns:

NOTICE: PHP message: The response of the connection attempt to "https://nc.taile15abc.ts.net:443" was: 
NOTICE: PHP message: Expected was: 69202ae7e37afddb139a7c2cf61dbadbd61645270c46b583
NOTICE: PHP message: The error message was: TLS connect error: error:0A000438:SSL routines::tlsv1 alert internal error
NOTICE: PHP message: Please follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things in order to debug things!

What does this error message mean, and what domain name is expected for a local machine or tailescale machine?

szaimen · April 3, 2025, 12:48pm

Please follow Tailscale (and Caddy as a sidecar) Reverse Proxy · nextcloud/all-in-one · Discussion #5439 · GitHub then.

augenauf · April 3, 2025, 3:46pm

Thanks for your help. Unfortunately, setting up Nextcloud on Docker is way beyond my knowledge and skills. Ive even tried the AIO without reverse proxy and 5 out of 6 containers ended up with errors. Its sad, but I have to give up at this stage…