[SOLVED: it was probably DNS] NextCloud AIO + Caddy - what am I missing

Software & Operating Systems
,
1

Lately I’ve been looking into alternative messaging services to get my text conversations with my partner off of facebook messenger. Nextcloud seems like a reasonable self-hosted choice, and I have been considering a browser-accessible file sharing platform, so I’m giving it a shot.
The problem: AIO page is accessible locally, components were started with domain validation disabled, but all I get is a blank page at https://nextcloud.my.domain. I’m reasonably sure that caddy is set up correctly because a) my photos website works and b) not much to get wrong with a caddyfile.

My network:

image
image1670×1263 157 KB

Caddyfile:

photos.my.domain {
        reverse_proxy localhost:2342
}
nextcloud.my.domain {
        reverse_proxy localhost:11000 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

docker-compose.yaml:

services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, >
    ports:
      #- 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/n>
      - 8080:8080
      - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.co>
    environment: # Is needed when using any of the options below
      - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github>
      - APACHE_IP_BINDING=0.0.0.0 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is>
      - SKIP_DOMAIN_VALIDATION=true
      
volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate->
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work

Tail end of journalctl -u caddy:

Nov 10 12:52:48 harbor caddy[17661]: {"level":"error","ts":1699642368.8867114,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"51872","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:52:48"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.004747331,"status":502,"err_id":"ht9wwt11e","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 12:53:49 harbor caddy[17661]: {"level":"error","ts":1699642429.1751697,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"49608","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:53:48"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.005340934,"status":502,"err_id":"ehbfhdk1j","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 12:54:49 harbor caddy[17661]: {"level":"error","ts":1699642489.2740834,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"53904","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:54:49"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.007511079,"status":502,"err_id":"qv7g16uhx","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 12:55:49 harbor caddy[17661]: {"level":"error","ts":1699642549.4179468,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"55504","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:55:49"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.003359198,"status":502,"err_id":"0u9zbru7n","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 12:56:49 harbor caddy[17661]: {"level":"error","ts":1699642609.5814478,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"40284","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:56:49"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.005987108,"status":502,"err_id":"mfkez3n55","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 12:57:49 harbor caddy[17661]: {"level":"error","ts":1699642669.6967576,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"50880","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:57:49"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.025612831,"status":502,"err_id":"1c13k6ujj","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 12:58:49 harbor caddy[17661]: {"level":"error","ts":1699642729.76921,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"37906","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:58:49"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.011906385,"status":502,"err_id":"00pndkci2","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 12:59:49 harbor caddy[17661]: {"level":"error","ts":1699642789.8884137,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"59446","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 18:59:49"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.006955564,"status":502,"err_id":"y37rkc96u","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:00:50 harbor caddy[17661]: {"level":"error","ts":1699642850.011282,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"42774","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:00:49"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.009723604,"status":502,"err_id":"4ytiqxj2z","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:01:50 harbor caddy[17661]: {"level":"error","ts":1699642910.2319815,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"53586","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:01:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.003415346,"status":502,"err_id":"yak8wfvr9","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:02:50 harbor caddy[17661]: {"level":"error","ts":1699642970.3420093,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"39810","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:02:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.011209071,"status":502,"err_id":"vqvchi3gz","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:03:50 harbor caddy[17661]: {"level":"error","ts":1699643030.4488668,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"47798","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:03:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.054097832,"status":502,"err_id":"zxas07beq","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:04:50 harbor caddy[17661]: {"level":"error","ts":1699643090.6626523,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"60866","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:04:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.006357252,"status":502,"err_id":"b43w61qd9","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:05:50 harbor caddy[17661]: {"level":"error","ts":1699643150.7125652,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"33532","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:05:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.006327332,"status":502,"err_id":"ht8bhzb1p","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:06:50 harbor caddy[17661]: {"level":"error","ts":1699643210.8183107,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"34904","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:06:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.010425985,"status":502,"err_id":"wzjfdwj6j","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:07:50 harbor caddy[17661]: {"level":"error","ts":1699643270.9604888,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"35678","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:07:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.004015088,"status":502,"err_id":"w0c6d44xm","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:08:51 harbor caddy[17661]: {"level":"error","ts":1699643331.1087682,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"36874","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:08:50"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.008204878,"status":502,"err_id":"xei1ma0ub","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:09:34 harbor caddy[17661]: {"level":"error","ts":1699643374.216428,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"56308","proto":"HTTP/2.0","method":"GET","host":"nextcloud.my.domain","uri":"/","headers":{"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Accept-Language":["en-US,en;q=0.5"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"nextcloud.my.domain"}},"duration":0.066439152,"status":502,"err_id":"1v3wazqv4","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:09:51 harbor caddy[17661]: {"level":"error","ts":1699643391.2253077,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"52300","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:09:51"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.011006296,"status":502,"err_id":"9d1du8phm","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:09:51 harbor caddy[17661]: {"level":"info","ts":1699643391.9427652,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"60504","headers":{"Accept-Encoding":["gzip"],"Content-Length":["511"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Nov 10 13:09:51 harbor caddy[17661]: {"level":"info","ts":1699643391.9433656,"msg":"config is unchanged"}
Nov 10 13:09:51 harbor caddy[17661]: {"level":"info","ts":1699643391.9436388,"logger":"admin.api","msg":"load complete"}
Nov 10 13:10:03 harbor caddy[17661]: {"level":"error","ts":1699643403.5579994,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"56308","proto":"HTTP/2.0","method":"GET","host":"nextcloud.my.domain","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"nextcloud.my.domain"}},"duration":0.063941598,"status":502,"err_id":"rb9zngate","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:10:51 harbor caddy[17661]: {"level":"error","ts":1699643451.3401368,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"51664","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:10:51"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.008709908,"status":502,"err_id":"3ijm8beqe","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:11:51 harbor caddy[17661]: {"level":"error","ts":1699643511.4672248,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"53086","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"],"Date":["Fri, 10 Nov 2023 19:11:51"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.007777095,"status":502,"err_id":"ru58stpys","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:12:51 harbor caddy[17661]: {"level":"error","ts":1699643571.5597756,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"47634","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:12:51"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.004794896,"status":502,"err_id":"7a7503n6c","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:13:51 harbor caddy[17661]: {"level":"error","ts":1699643631.714676,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"46126","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:13:51"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.063069105,"status":502,"err_id":"teccdg8z3","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:14:51 harbor caddy[17661]: {"level":"error","ts":1699643691.822694,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"43710","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:14:51"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.011112869,"status":502,"err_id":"p0is723tb","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:15:51 harbor caddy[17661]: {"level":"error","ts":1699643751.9903257,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"48072","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:15:51"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.002037883,"status":502,"err_id":"cmdwj8v02","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:16:52 harbor caddy[17661]: {"level":"error","ts":1699643812.0927017,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"45628","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:16:52"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.010388553,"status":502,"err_id":"dhtryd56u","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:17:52 harbor caddy[17661]: {"level":"error","ts":1699643872.1867986,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"33560","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:17:52"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.007130087,"status":502,"err_id":"m8zqjr8ty","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:18:52 harbor caddy[17661]: {"level":"error","ts":1699643932.3345964,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"60120","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:18:52"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.034122467,"status":502,"err_id":"7dhc7ydjy","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:19:52 harbor caddy[17661]: {"level":"error","ts":1699643992.4348547,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"60324","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:19:52"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.010537684,"status":502,"err_id":"aqas6bztb","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:20:52 harbor caddy[17661]: {"level":"error","ts":1699644052.575161,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"45166","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:20:52"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.008753955,"status":502,"err_id":"q6hhpjiai","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
Nov 10 13:21:53 harbor caddy[17661]: {"level":"error","ts":1699644113.1202228,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.88.1","remote_port":"51168","proto":"HTTP/1.1","method":"GET","host":"nextcloud.my.domain","uri":"/apps/richdocuments/settings/fonts.json","headers":{"Date":["Fri, 10 Nov 2023 19:21:52"],"User-Agent":["COOLWSD HTTP Agent 23.05.5.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"nextcloud.my.domain"}},"duration":0.206251144,"status":502,"err_id":"5wkuvefie","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}

Is there an obvious step that I’m missing? I’ve been following this guide from the nextcloud docs. I’m sure it’s either something simple or a nuance with nextcloud and caddy that I’m not aware of.

2

What’s wrong about Signal?

2 Likes
3

Signal is really the best answer. Unless you just really want to self host.

As far as the reverse proxy. I use HAProxy so I can’t really speak to Caddy. I would double/triple check your Nextcloud stuff. Maybe set APACHE_IP_BINDING=localhost

2 Likes
4

Tried out signal this morning, seems like a great solution :ok_hand:

I’d still like to figure out what I’m missing with nextcloud. I would think that it would ‘just work’ with caddy pointing to the Apache server, but there must be another layer preventing that from working.

5

Got it working this morning. For posterity, my working configuration:

Caddyfile:



photos.my.domain {
        reverse_proxy localhost:2342
}
nextcloud.my.domain {
        reverse_proxy localhost:11000 
}

docker-compose.yaml:

services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
    ports:
      - 8080:8080
    environment: # Is needed when using any of the options below
      - APACHE_PORT=11000
      - APACHE_IP_BINDING=0.0.0.0 

volumes: 
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

I can (and should) probably change the apache ip binding to 127.0.0.1.

I would have sworn I tried this exact configuration first yesterday. Maybe I tried it before my DNS entry had thoroughly propagated, and when that cleared up the errors persisted because I had subsequently broken it different-ly.

6

It’s always dns