[SOLVED: it was probably DNS] NextCloud AIO + Caddy - what am I missing

Lately I’ve been looking into alternative messaging services to get my text conversations with my partner off of facebook messenger. Nextcloud seems like a reasonable self-hosted choice, and I have been considering a browser-accessible file sharing platform, so I’m giving it a shot.
The problem: AIO page is accessible locally, components were started with domain validation disabled, but all I get is a blank page at https://nextcloud.my.domain. I’m reasonably sure that caddy is set up correctly because a) my photos website works and b) not much to get wrong with a caddyfile.

My network:

Caddyfile:

photos.my.domain {
        reverse_proxy localhost:2342
}
nextcloud.my.domain {
        reverse_proxy localhost:11000 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

docker-compose.yaml:

services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, >
    ports:
      #- 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/n>
      - 8080:8080
      - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.co>
    environment: # Is needed when using any of the options below
      - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github>
      - APACHE_IP_BINDING=0.0.0.0 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is>
      - SKIP_DOMAIN_VALIDATION=true
      
volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate->
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work

Tail end of journalctl -u caddy:

Nov 10 12:52:48 harbor caddy[17661]: {"level":"error","ts":1699642368.8867114,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"51872","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:52:48"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.004747331,"status":502,"err_id":"ht9wwt11e","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 12:53:49 harbor caddy[17661]: {"level":"error","ts":1699642429.1751697,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"49608","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:53:48"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.005340934,"status":502,"err_id":"ehbfhdk1j","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 12:54:49 harbor caddy[17661]: {"level":"error","ts":1699642489.2740834,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"53904","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:54:49"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.007511079,"status":502,"err_id":"qv7g16uhx","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 12:55:49 harbor caddy[17661]: {"level":"error","ts":1699642549.4179468,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"55504","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:55:49"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.003359198,"status":502,"err_id":"0u9zbru7n","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 12:56:49 harbor caddy[17661]: {"level":"error","ts":1699642609.5814478,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"40284","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:56:49"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.005987108,"status":502,"err_id":"mfkez3n55","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 12:57:49 harbor caddy[17661]: {"level":"error","ts":1699642669.6967576,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"50880","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:57:49"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.025612831,"status":502,"err_id":"1c13k6ujj","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 12:58:49 harbor caddy[17661]: {"level":"error","ts":1699642729.76921,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"37906","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:58:49"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.011906385,"status":502,"err_id":"00pndkci2","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 12:59:49 harbor caddy[17661]: {"level":"error","ts":1699642789.8884137,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"59446","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:59:49"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.006955564,"status":502,"err_id":"y37rkc96u","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:00:50 harbor caddy[17661]: {"level":"error","ts":1699642850.011282,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"42774","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:00:49"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.009723604,"status":502,"err_id":"4ytiqxj2z","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:01:50 harbor caddy[17661]: {"level":"error","ts":1699642910.2319815,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"53586","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:01:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.003415346,"status":502,"err_id":"yak8wfvr9","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:02:50 harbor caddy[17661]: {"level":"error","ts":1699642970.3420093,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"39810","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:02:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.011209071,"status":502,"err_id":"vqvchi3gz","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:03:50 harbor caddy[17661]: {"level":"error","ts":1699643030.4488668,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"47798","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:03:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.054097832,"status":502,"err_id":"zxas07beq","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:04:50 harbor caddy[17661]: {"level":"error","ts":1699643090.6626523,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"60866","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:04:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.006357252,"status":502,"err_id":"b43w61qd9","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:05:50 harbor caddy[17661]: {"level":"error","ts":1699643150.7125652,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"33532","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:05:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.006327332,"status":502,"err_id":"ht8bhzb1p","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:06:50 harbor caddy[17661]: {"level":"error","ts":1699643210.8183107,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"34904","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:06:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.010425985,"status":502,"err_id":"wzjfdwj6j","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:07:50 harbor caddy[17661]: {"level":"error","ts":1699643270.9604888,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"35678","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:07:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.004015088,"status":502,"err_id":"w0c6d44xm","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:08:51 harbor caddy[17661]: {"level":"error","ts":1699643331.1087682,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"36874","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:08:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.008204878,"status":502,"err_id":"xei1ma0ub","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:09:34 harbor caddy[17661]: {"level":"error","ts":1699643374.216428,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"56308","proto":"HTTP/2.0","method":"GET","host":"nextcloud.my.domain","uri":"/","headers":{"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Accept-Language":["en-US,en;q=0.5"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"nextcloud.my.domain"}},"duration":0.066439152,"status":502,"err_id":"1v3wazqv4","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:09:51 harbor caddy[17661]: {"level":"error","ts":1699643391.2253077,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"52300","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:09:51"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.011006296,"status":502,"err_id":"9d1du8phm","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:09:51 harbor caddy[17661]: {"level":"info","ts":1699643391.9427652,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"60504","headers":{"Accept-Encoding":["gzip"],"Content-Length":["511"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Nov 10 13:09:51 harbor caddy[17661]: {"level":"info","ts":1699643391.9433656,"msg":"config is unchanged"}
Nov 10 13:09:51 harbor caddy[17661]: {"level":"info","ts":1699643391.9436388,"logger":"admin.api","msg":"load complete"}
Nov 10 13:10:03 harbor caddy[17661]: {"level":"error","ts":1699643403.5579994,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"56308","proto":"HTTP/2.0","method":"GET","host":"nextcloud.my.domain","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"nextcloud.my.domain"}},"duration":0.063941598,"status":502,"err_id":"rb9zngate","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:10:51 harbor caddy[17661]: {"level":"error","ts":1699643451.3401368,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"51664","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:10:51"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.008709908,"status":502,"err_id":"3ijm8beqe","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:11:51 harbor caddy[17661]: {"level":"error","ts":1699643511.4672248,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"53086","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"],"Date":["Fri, 10 Nov 2023 19:11:51"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.007777095,"status":502,"err_id":"ru58stpys","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:12:51 harbor caddy[17661]: {"level":"error","ts":1699643571.5597756,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"47634","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:12:51"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.004794896,"status":502,"err_id":"7a7503n6c","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:13:51 harbor caddy[17661]: {"level":"error","ts":1699643631.714676,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"46126","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:13:51"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.063069105,"status":502,"err_id":"teccdg8z3","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:14:51 harbor caddy[17661]: {"level":"error","ts":1699643691.822694,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"43710","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:14:51"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.011112869,"status":502,"err_id":"p0is723tb","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:15:51 harbor caddy[17661]: {"level":"error","ts":1699643751.9903257,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"48072","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:15:51"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.002037883,"status":502,"err_id":"cmdwj8v02","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:16:52 harbor caddy[17661]: {"level":"error","ts":1699643812.0927017,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"45628","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:16:52"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.010388553,"status":502,"err_id":"dhtryd56u","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:17:52 harbor caddy[17661]: {"level":"error","ts":1699643872.1867986,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"33560","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:17:52"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.007130087,"status":502,"err_id":"m8zqjr8ty","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:18:52 harbor caddy[17661]: {"level":"error","ts":1699643932.3345964,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"60120","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:18:52"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.034122467,"status":502,"err_id":"7dhc7ydjy","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:19:52 harbor caddy[17661]: {"level":"error","ts":1699643992.4348547,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"60324","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:19:52"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.010537684,"status":502,"err_id":"aqas6bztb","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:20:52 harbor caddy[17661]: {"level":"error","ts":1699644052.575161,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"45166","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:20:52"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.008753955,"status":502,"err_id":"q6hhpjiai","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:21:53 harbor caddy[17661]: {"level":"error","ts":1699644113.1202228,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"51168","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:21:52"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.206251144,"status":502,"err_id":"5wkuvefie","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}

Is there an obvious step that I’m missing? I’ve been following this guide from the nextcloud docs. I’m sure it’s either something simple or a nuance with nextcloud and caddy that I’m not aware of.

What’s wrong about Signal?

2 Likes

Signal is really the best answer. Unless you just really want to self host.

As far as the reverse proxy. I use HAProxy so I can’t really speak to Caddy. I would double/triple check your Nextcloud stuff. Maybe set APACHE_IP_BINDING=localhost

2 Likes

Tried out signal this morning, seems like a great solution :ok_hand:

I’d still like to figure out what I’m missing with nextcloud. I would think that it would ‘just work’ with caddy pointing to the Apache server, but there must be another layer preventing that from working.

Got it working this morning. For posterity, my working configuration:

Caddyfile:



photos.my.domain {
        reverse_proxy localhost:2342
}
nextcloud.my.domain {
        reverse_proxy localhost:11000 
}


docker-compose.yaml:

services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
    ports:
      - 8080:8080
    environment: # Is needed when using any of the options below
      - APACHE_PORT=11000
      - APACHE_IP_BINDING=0.0.0.0 

volumes: 
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer 

I can (and should) probably change the apache ip binding to 127.0.0.1.

I would have sworn I tried this exact configuration first yesterday. Maybe I tried it before my DNS entry had thoroughly propagated, and when that cleared up the errors persisted because I had subsequently broken it different-ly.

It’s always dns