:443 responds as http instead of https

Caddy docker using tag :alpine

Caddy is serving plain http traffic over both ports with this configuration. Why is port 443 not https?

I am trying to get tls on demand for any host name that hits the instance with automatic https. But I still want plain http traffic passed to the backend as not all requests are https. So I have disabled automatic http to https redirect

Config:

{
    "admin": {
        "disabled": true
    },
    "apps": {
        "http": {
            "servers": {
                "srv0": {
                    "automatic_https": {
                        "disable_redirects": true
                    },
                    "listen": [
                        ":80",
                        ":443"
                    ],
                    "routes": [
                        {
                            "handle": [
                                {
                                    "handler": "subroute",
                                    "routes": [
                                        {
                                            "handle": [
                                                {
                                                    "buffer_requests": true,
                                                    "handler": "reverse_proxy",
                                                    "upstreams": [
                                                        {
                                                            "dial": "web:5000"
                                                        }
                                                    ]
                                                }
                                            ]
                                        }
                                    ]
                                }
                            ],
                            "terminal": true
                        }
                    ]
                }
            }
        },
        "tls": {
            "automation": {
                "policies": [
                    {
                        "issuer": {
                            "email": "foo@example.com",
                            "module": "acme"
                        },
                        "on_demand": true
                    }
                ]
            }
        }
    },
    "logging": {
        "logs": {
            "default": {
                "level": "DEBUG"
            }
        }
    }
}

Woot. Worked it out →

{
    "admin": {
        "disabled": true
    },
    "apps": {
        "http": {
            "servers": {
                "srv0": {
                    "automatic_https": {
                        "disable_redirects": true
                    },
                    "listen": [
                        ":80",
                        ":443"
                    ],
                    "routes": [
                        {
                            "handle": [
                                {
                                    "handler": "subroute",
                                    "routes": [
                                        {
                                            "handle": [
                                                {
                                                    "buffer_requests": true,
                                                    "handler": "reverse_proxy",
                                                    "upstreams": [
                                                        {
                                                            "dial": "web:5000"
                                                        }
                                                    ]
                                                }
                                            ]
                                        }
                                    ]
                                }
                            ],
                            "terminal": true
                        }
                    ],
                    "tls_connection_policies": [
                        {
                            "default_sni": "example.com"
                        }
                    ]
                }
            }
        },
        "tls": {
            "automation": {
                "policies": [
                    {
                        "issuer": {
                            "email": "foo@example.com",
                            "module": "acme"
                        },
                        "on_demand": true
                    }
                ]
            }
        }
    },
    "logging": {
        "logs": {
            "default": {
                "level": "DEBUG"
            }
        }
    }
}

To clarify, if you have no hostnames in your config, then you need to specify a TLS connection policy to enable TLS. An empty one will do: {} but it looks like you wanted to set a default SNI anyway. Either way should work fine.

Even the empty TLS conn policy isn’t necessary if the server is listening only on the HTTPS port – maybe we should extend that logic to include HTTPS and HTTP port, since Caddy will skip TLS for the HTTP port no matter what.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.