TLDR:
wanna do https://domain.tld/well-known/carddav -> https://domain.tld/remote.php/dav/. No worky. Why?
- "traefik.http.middlewares.redirectDavServices.redirectRegex.regex=https://(.*)/.well-known/(card|cal)dav"
- "traefik.http.middlewares.redirectDavServices.redirectRegex.replacement=https://$${1}/remote.php/dav/"
- "traefik.http.middlewares.redirectDavServices.redirectRegex.permanent=true"
. . . . . .
- "traefik.http.routers.${CONTAINER_NAME}-tls.middlewares=redirectDavServices@docker"
I am setting up Nextcloud, behind a Traefik instance. The goal is to forward https://domain.tld/well-known/caldav and https://domain.tld/well-known/carddav to https://domain.tld/remote.php/dav/.
Unfortunately, despite the middleware configuration I'm using here being what everyone says to use for this, it doesn't seem to actually do anything. It is trying to do the forwarding, but only at the .htaccess/apache.conf level, and it incorrectly tries to forward to plain http. Changing the replacement to some other domain does not change behavior.
Full docker-compose.yml:
version: '2'
volumes:
nextcloud:
db:
services:
db:
user: ${DB_UID}:${DB_GID}
networks:
- internal
image: mariadb
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- ${DATA_PATH}/db:/var/lib/mysql
environment:
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
app:
user: ${APP_UID}:${APP_GID}
networks:
- internal
- proxy
image: nextcloud
restart: always
links:
- db
volumes:
- ${DATA_PATH}/data:/var/www/html
environment:
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db
expose:
- ${MAIN_SERVICE_PORT}
labels:
## GENERAL
- "traefik.enable=true"
- "traefik.docker.network=proxy"
## MIDDLEWARES
# redirect fixes caldav/carddav issue without relying on .htaccess
- "traefik.http.middlewares.redirectDavServices.redirectRegex.regex=https://(.*)/.well-known/(card|cal)dav"
- "traefik.http.middlewares.redirectDavServices.redirectRegex.replacement=https://$${1}/remote.php/dav/"
- "traefik.http.middlewares.redirectDavServices.redirectRegex.permanent=true"
# whitelist local network (for testing)
#- "traefik.http.middlewares.${CONTAINER_NAME}-whitelist.ipWhiteList.sourceRange=${SUBNET_WHITELIST}"
# traditional user password prompt
#- "traefik.http.middlewares.basicauth.basicauth.users=${AUTH_USERS}
# hardening SSL
- "traefik.http.middlewares.httpHeaders.headers.stsSeconds=15552000"
- "traefik.http.middlewares.httpHeaders.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.httpHeaders.headers.stsPreload=true"
- "traefik.http.middlewares.httpHeaders.headers.forceSTSHeader=true"
## SERVICES
- "traefik.http.services.${CONTAINER_NAME}-http.loadbalancer.server.port=${MAIN_SERVICE_PORT}"
## ROUTERS
# https routers
- "traefik.http.routers.${CONTAINER_NAME}-tls.tls=true"
- "traefik.http.routers.${CONTAINER_NAME}-tls.rule=Host(`${HOST_NAME}`)"
- "traefik.http.routers.${CONTAINER_NAME}-tls.entrypoints=websecure"
- "traefik.http.routers.${CONTAINER_NAME}-tls.service=${CONTAINER_NAME}-http"
- "traefik.http.routers.${CONTAINER_NAME}-tls.middlewares=redirectDavServices@docker"
- "traefik.http.routers.${CONTAINER_NAME}-tls.middlewares=httpHeaders@docker"
#- "traefik.http.routers.${CONTAINER_NAME}-tls.middlewares=${CONTAINER_NAME}-whitelist@docker"
networks:
proxy:
external: true
internal:
internal: true
.env
# user/group
DB_UID=10310
DB_GID=10310
APP_UID=10311
APP_GID=10311
# container
CONTAINER_NAME=nextcloud
MAIN_SERVICE_PORT=80
SUBNET_WHITELIST=192.168.0.0/24
# domain names
HOST_NAME=domain.tld
# paths
COMPOSE_PATH=/docker/nextcloud/
DATA_PATH=/data/nextcloud
# auth
MYSQL_ROOT_PASSWORD=SomeSQLPasswordButForTheRootAccount
MYSQL_PASSWORD=SomeSQLPassword
