NextCloud cannot connect to subdomain "curl error 7: failed to connect" (AIO behind Caddy proxy)

Hi all,

I have been trying many things to get my Nextcloud AIO installation behind a Caddy reverse proxy working, but it seems I cannot get it to work.

鈥渃URL error 7: Failed to connect to my domain port 443 after 17 ms: Couldn鈥檛 connect to server [鈥鈥

Any help is appreciated. Thank you!

Hi, can you follow all-in-one/reverse-proxy.md at main 路 nextcloud/all-in-one 路 GitHub?

Hi szaimen,

I am pretty sure I followed that guide to the dot. I have read it multiple times, tried resetting the instance twice, and checked each point in the troubleshooting guide. Maybe I missed something, but I am definitely unsure what that could be.

Thanks for your quick reply!

I see. What happens if you open the domain in a browser? Do you see the Nextcloud web interface?

It simply shows as 鈥淯nable to connect鈥, in line with the logs.

Can you post the docker-compose file that you used here? Also can you post the caddy container logs here? Additionally can you post the Caddyfile that you used here?

Of course. Here you go:

docker-compose.yaml

version: "3.8"

services:
  caddy:
    image: caddy:alpine
    restart: unless-stopped
    container_name: caddy
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./certs:/certs
      - ./config:/config
      - ./data:/data
      - ./sites:/srv
    network_mode: "host"

  nextcloud:
    image: nextcloud/all-in-one:latest
    restart: unless-stopped
    container_name: nextcloud-aio-mastercontainer
    ports:
      - "8081:8080"
    environment:
      - APACHE_PORT=11000
      - APACHE_IP_BINDING=127.0.0.1
      - SKIP_DOMAIN_VALIDATION=true
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    depends_on:
      - caddy

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

Caddyfile

https://cloud.domain.com:443 {
    header Strict-Transport-Security max-age=31536000;
    reverse_proxy localhost:11000
}

Caddy logs

{"level":"info","ts":1707126886.9786472,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1707126887.0057113,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1707126887.045343,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1707126887.0456872,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1707126887.0457323,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1707126887.0462205,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00026b380"}
{"level":"info","ts":1707126887.0747657,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1707126887.0753088,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
{"level":"info","ts":1707126887.0758224,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1707126887.0762637,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1707126887.0762956,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["cloud.domain.com"]}
{"level":"info","ts":1707126887.2237997,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1707126887.2238474,"msg":"serving initial configuration"}
{"level":"warn","ts":1707126887.3623135,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"8f0dd2c8-3beb-452c-a0c4-86de1c36dcb3","try_again":1707213287.3623066,"try_again_in":86399.999997198}
{"level":"info","ts":1707126887.3630536,"logger":"tls","msg":"finished cleaning storage units"}

Is this sufficient?

I hope you adjusted this line to your correct domain that is pointing at your public ip-address?

Based on that it doesnt look like it鈥

I did! Just amended it for privacy :slight_smile: Sorry, should have mentioned that. I just CTRL+F鈥檇 the domain before posting.

Ah I see. Can you check if opening the the chosen domain from a different network works? E.g. from mobile?

Nope, connection times out when trying it on mobile (non-Wifi). I now found something else though: the http version of the domain redirects to my router interface. Does that say anything? Seems a bit odd. Thankfully, this is not the case when trying from mobile (again, when not connected to the network).

EDIT: Wait: it seems it is now working from mobile, but not in the network yet! I can see the Nextcloud login page.

I thought so.

So your router seems ro block local access via your domain. See GitHub - nextcloud/all-in-one: The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance. how to work around the problem.

I see! I am working on the solution, as I already have AdGuard Home running on a different Home Assistant machine. Can I use that for the DNS rewrites? I am unsure how to direct my Caddy proxy to that DNS server, even after looking at the links you provided. Sorry!

yes, I think so