Infinite Redirect Loop when behind apache2 proxy in docker

Hi there,

I am using Docker with apache2 and nextcloud. I configured apache2 to act as a reverse proxy for nextcloud, serving https. But when I open my domain, I will get an infinite redirect to the same URL (https://nextcloud.mydomain.com/ 301 --> https://nextcloud.mydomain.com/)

Here is my configuration:

docker-compose.yml

...
db:
   image: mariadb
   command: --default-authentication-plugin=mysql_native_password
   restart: always
   volumes:
     - data/mysql/:/var/lib/mysql
   ports:
     - 3306
   environment:
     - MYSQL_ROOT_PASSWORD=abc
     - MYSQL_PASSWORD=abc
     - MYSQL_DATABASE=nextcloud
     - MYSQL_USER=nextcloud

nextcloud:
  image: nextcloud:17.0
  ports:
    - 80
  links:
    - db
  volumes:
    - data/nextcloud/:/var/www/html
  restart: always

proxy:
  build: './proxy/'
  ports:
    - '80:80'
    - '443:443'
  hostname: "nextcloud.mydomain.com"
  depends_on:
    - db
    - nextcloud

and this my vhost config in apache2:

<VirtualHost *:80>
    ServerName nextcloud.mydomain.com

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =nextcloud.mydomain.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
  <VirtualHost *:443>
    ProxyPreserveHost On
    ProxyRequests Off
    ServerName nextcloud.mydomain.com

    RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
    RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
    ProxyPass / http://nextcloud:80/ retry=0
    ProxyPassReverse / http://nextcloud:80/
    ProxyPassReverseCookiePath / /


    # serve ssl cert
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/nextcloud.mydomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.mydomain.com/privkey.pem
  </VirtualHost>
</IfModule>

As mentioned above, when I now acces https://nextcloud.mydomain.com/ I will be redirected to https://nextcloud.mydomain.com/ (same site).
Logs from apache container:

proxy_1        | nextcloud.mydomain.com:80 172.18.0.5 - - [25/Dec/2019:23:04:37 +0100] "GET / HTTP/1.1" 301 588 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.94 Safari/537.36"
proxy_1        | nextcloud.mydomain.com:443 <my clients IP> - - [25/Dec/2019:23:04:37 +0100] "GET / HTTP/1.1" 301 716 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.94 Safari/537.36"

Logs from apache container:
none

I added following lines to my config/config.php:

'trusted_domains' => 
   array (
    0 => 'nextcloud.mydomain.com',
   ),
'trusted_proxies' => ['proxy','172.0.0.0/8'],
'overwritehost' => 'nextcloud.mydomain.com',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/',
'overwrite.cli.url' => 'https://nextcloud.mydomain.com/',
'overwritecondaddr' => '^172\.\d+\.\d+\.\d+$',

I have no idea where the redirect comes from. Can someone help, please? :slight_smile:

Well I found the error.
The proxy container was not able to resolve the IP of the nextcloud container and did a redirect to itself on port 80, which redirects to 443, , which redirects to 80, , which redirects to 443, …

That’s all. Thank you anyway!

I have the same problem without containers, using the snap install on Ubuntu 20.04 behind a reverse proxy. Your solution is a huge clue as to what’s going. Can you maybe provide more details? I can’t work what you mean by “The proxy container was not able to resolve the IP of the nextcloud container”.

I for example am confident is not the reverse proxy that is sending a 301 redirect back to same address, but the Nextcloud itself. Empirical evidence of that is if I shut down the Nextcloud sever the Reverse Proxy issues a 501 Service unavailable. Of course, I’m only confident not certain.

Alas, I tested it with http://www.redirect-checker.org and it’s not the same as your issue. 443 is redirecting to 443 …

https://mynextcloud.mydomain.tld/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently
https://mynextcloud.mydomain.tld:443/
301 Moved Permanently