[SOLVED] Nextcloud Snap behind Caddy responding with `301 Moved Permanently`

Cross-posted to: sh.itjust.works/post/14975090

Solution

I’m still not really sure exactly what the root cause of the issue was (I would appreciate it if someone could explain it to me), but I disabled HTTPS on the Nextcloud server


<span style="color:#323232;">nextcloud.disable-https
</span>

and it, all of a sudden, started working. My Caddyfile simply contains the following:


<span style="color:#323232;">nextcloud.domain.com {
</span><span style="color:#323232;">    server-LAN-ip:80
</span><span style="color:#323232;">}
</span>

Original Post

I am trying to upgrade my existing Nextcloud server (installed as a Snap) so that it is sitting behind a reverse proxy. Originally, The Nextcloud server handled HTTPS with Let’s Encrypt at domain.com; now, I would like for Caddy to handle HTTPS with Let’s Encrypt at nextcloud.domain.com and to forward the traffic to the Nextcloud server.

With my current setup, I am encountering an error where it is saying 301 Moved Permanently. Does anyone have any ideas on how to fix or troubleshoot this?

Caddyfile:


<span style="color:#323232;">https://nextcloud.domain.com {
</span><span style="color:#323232;">        reverse_proxy 192.168.1.182:443
</span><span style="color:#323232;">        header / Strict-Transport-Security max-age=31536000;
</span><span style="color:#323232;">}
</span>

And here is the output of curl -v https://nextcloud.domain.com/:


<span style="color:#323232;">* Host nextcloud.domain.com:443 was resolved.
</span><span style="color:#323232;">* IPv6: (none)
</span><span style="color:#323232;">* IPv4: public-ip
</span><span style="color:#323232;">*   Trying public-ip:443...
</span><span style="color:#323232;">* Connected to nextcloud.domain.com (public-ip) port 443
</span><span style="color:#323232;">* ALPN: curl offers h2,http/1.1
</span><span style="color:#323232;">* TLSv1.3 (OUT), TLS handshake, Client hello (1):
</span><span style="color:#323232;">*  CAfile: /etc/ssl/certs/ca-certificates.crt
</span><span style="color:#323232;">*  CApath: none
</span><span style="color:#323232;">* TLSv1.3 (IN), TLS handshake, Server hello (2):
</span><span style="color:#323232;">* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
</span><span style="color:#323232;">* TLSv1.3 (IN), TLS handshake, Certificate (11):
</span><span style="color:#323232;">* TLSv1.3 (IN), TLS handshake, CERT verify (15):
</span><span style="color:#323232;">* TLSv1.3 (IN), TLS handshake, Finished (20):
</span><span style="color:#323232;">* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
</span><span style="color:#323232;">* TLSv1.3 (OUT), TLS handshake, Finished (20):
</span><span style="color:#323232;">* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256 / x25519 / id-ecPublicKey
</span><span style="color:#323232;">* ALPN: server accepted h2
</span><span style="color:#323232;">* Server certificate:
</span><span style="color:#323232;">*  subject: CN=nextcloud.domain.com
</span><span style="color:#323232;">*  start date: Feb 21 06:09:01 2024 GMT
</span><span style="color:#323232;">*  expire date: May 21 06:09:00 2024 GMT
</span><span style="color:#323232;">*  subjectAltName: host "nextcloud.domain.com" matched cert's "nextcloud.domain.com"
</span><span style="color:#323232;">*  issuer: C=US; O=Let's Encrypt; CN=R3
</span><span style="color:#323232;">*  SSL certificate verify ok.
</span><span style="color:#323232;">*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using sha256WithRSAEncryption
</span><span style="color:#323232;">*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
</span><span style="color:#323232;">*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
</span><span style="color:#323232;">* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
</span><span style="color:#323232;">* using HTTP/2
</span><span style="color:#323232;">* [HTTP/2] [1] OPENED stream for https://nextcloud.domain.com/
</span><span style="color:#323232;">* [HTTP/2] [1] [:method: GET]
</span><span style="color:#323232;">* [HTTP/2] [1] [:scheme: https]
</span><span style="color:#323232;">* [HTTP/2] [1] [:authority: nextcloud.domain.com]
</span><span style="color:#323232;">* [HTTP/2] [1] [:path: /]
</span><span style="color:#323232;">* [HTTP/2] [1] [user-agent: curl/8.6.0]
</span><span style="color:#323232;">* [HTTP/2] [1] [accept: */*]
</span><span style="color:#323232;">> GET / HTTP/2
</span><span style="color:#323232;">> Host: nextcloud.domain.com
</span><span style="color:#323232;">> User-Agent: curl/8.6.0
</span><span style="color:#323232;">> Accept: */*
</span><span style="color:#323232;">> 
</span><span style="color:#323232;">&lt; HTTP/2 301 
</span><span style="color:#323232;">&lt; alt-svc: h3="public-ip:443"; ma=2592000
</span><span style="color:#323232;">&lt; content-type: text/html; charset=iso-8859-1
</span><span style="color:#323232;">&lt; date: Wed, 21 Feb 2024 07:45:34 GMT
</span><span style="color:#323232;">&lt; location: https://nextcloud.domain.com:443/
</span><span style="color:#323232;">&lt; server: Caddy
</span><span style="color:#323232;">&lt; server: Apache
</span><span style="color:#323232;">&lt; strict-transport-security: max-age=31536000;
</span><span style="color:#323232;">&lt; content-length: 250
</span><span style="color:#323232;">&lt; 
</span><span style="color:#323232;">
</span><span style="color:#323232;">
</span><span style="color:#323232;">301 Moved Permanently
</span><span style="color:#323232;">
</span><span style="color:#323232;"><h1>Moved Permanently</h1>
</span><span style="color:#323232;"><p>The document has moved here.</p>
</span><span style="color:#323232;">
</span><span style="color:#323232;">* Connection #0 to host nextcloud.domain.com left intact
</span>
  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • [email protected]
  • All magazines
    •