1. Caddy version (caddy version
):
docker.io/caddy/caddy:2.2.1-alpine
2. How I run Caddy:
TLS termination
a. System environment:
AWS ECS/fargate
b. Command:
caddy run --config /config/caddy/autosave.json
c. Service/unit/compose file:
"name": "caddy-prd",
"image": "${caddyImage}",
"essential": true,
"portMappings": [{
"protocol": "tcp",
"containerPort": 80,
"hostPort": 80
}, {
"protocol": "tcp",
"containerPort": 443,
"hostPort": 443
}, {
"protocol": "tcp",
"containerPort": 8081,
"hostPort": 8081
},
{
"protocol": "tcp",
"containerPort": 2020,
"hostPort": 2020
}
],
"command": [
"caddy",
"run",
"--config",
"/config/caddy/autosave.json"
],
"mountPoints": [
{
"sourceVolume": "caddy-storage",
"containerPath": "/config"
},
{
"sourceVolume": "caddy-storage",
"containerPath": "/data"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/caddy",
"awslogs-region": "${awsRegion}",
"awslogs-stream-prefix": "ecs"
}
}
}
d. My complete Caddyfile or JSON config:
{
"admin": {
"config": {
"persist": true
},
"listen": "0.0.0.0:2020",
"origins": [
"115.70.195.253",
"52.64.48.128",
"13.210.211.75"
]
},
"apps": {
"http": {
"https_port": 443,
"servers": {
"socket-stg": {
"automatic_https": {
"disable_redirects": true
},
"listen": [
":8081"
],
"routes": [
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "ec2-54-79-52-98.ap-southeast-2.compute.amazonaws.com:8081"
}
]
}
]
}
]
}
],
"match": [
{
"host": [
"global.schoolbox.cloud"
]
}
],
"terminal": true
}
]
},
"web-stg": {
"listen": [
":443"
],
"routes": [
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Host": [
"{http.request.host}"
],
"X-Forwarded-For": [
"{http.request.remote}"
],
"X-Forwarded-Host": [
"{http.request.host}"
],
"X-Forwarded-Port": [
"{server_port}"
],
"X-Forwarded-Proto": [
"{http.request.scheme}"
],
"X-Forwarded-Ssl": [
"on"
],
"X-Real-Ip": [
"{http.request.remote}"
],
"X-Url-Scheme": [
"{http.request.scheme}"
]
}
}
},
"upstreams": [
{
"dial": "ec2-54-79-52-98.ap-southeast-2.compute.amazonaws.com:80"
}
]
}
]
}
]
}
],
"match": [
{
"host": [
"global.schoolbox.cloud"
]
}
]
}
]
}
}
}
},
"logging": {
"logs": {
"default": {
"level": "DEBUG"
}
}
}
}
3. The problem I’m having:
when ever i browse to http / port 80 it redirects to 8081 which is not what i expected from auto HTTPS. It looks like it is getting the first match rather than the server listening on the 443 port even with the https port explicitly set (it fails without it as well)
4. Error messages and/or full log output:
browsing to http://global.schoolbox.cloud/ gets a “308 Permanent Redirect” from caddy to https://global.schoolbox.cloud:8081/
5. What I already tried:
added the “https_port”: 443
added disabling https redirects to the socket server
have replicated on 2 different caddy servers (haven’t supplied config for the other as it’s quite verbose. with 400+ routes on it)