Caddy Certs and Port Specific Redirection SANS HTTPS

1. Caddy version (caddy version):

Caddy 2.4.6
Debian 11.2
Systemd 247.3-6

2. How I run Caddy:

a. System environment:

Debian 11.2 on VPS

b. Command:

systemctl [enable | start | stop | restart ] caddy

c. Service/unit/compose file:

N/A

d. My complete Caddyfile or JSON config:

xmpp.14servers.net:80 {
	# Set this path to your site's directory.
	#root * /opt

	# Enable the static file server.
	file_server

	# Another common task is to set up a reverse proxy:
	reverse_proxy * localhost:5380

	# Add compression
	#encode zstd gzip
}

3. The problem I’m having:

I’m trying to use Caddy to…

  1. obtain https certs for my ejabberd XMPP server’s web console port 5443 and all subdomains of:
    *.14servers.net
  2. reverse proxy http://xmpp.14servers.net:80 to http://xmpp.14servers.net:5380
    In this case I DO NOT want automatic https because this port will be used by the ACME protocol which requires http rather than https.

Question 1:
Is the proper way to tell caddy to use http rather than https for a specific domain/subdomain to declare port 80 after the domain/subdomain as I did above?

Question 2:
Can Caddy automatically obtain wildcard certs usable by other servers, e.g. ejabberd XMPP server, on other subdomains?

4. Error messages and/or full log output:

5. What I already tried:

I’ve been working the problem from the eJabberd-side for a few days after being assured eJabberd did its certs automatically like Caddy.

However I’ve since learned the Debian 11.2 (Bullseye) package of eJabberd enables TLS (Https) for all webports and the http port required for ejabberd to use ACME to obtain certs must be added/configured manually.

Before duplicating much of what Caddy does with an eJabberd work-around, I’d like to learn if Caddy can obtain certs for ALL servers with specified domains and subdomains as well as reverse-proxying specified ports.

6. Links to relevant resources:

Yeah, just specify http:// scheme on the site address, or use the HTTP port, and that domain won’t qualify for Automatic HTTPS:

Yes, but you need to configure Caddy with the appropriate DNS plugin for your DNS provider, and configure a site block with *.14servers.net.

Note that when you use the Caddyfile, there’s no way to tell Caddy to manage a certificate for a domain but not enable an HTTPS server for it. If you need fine grained, control over that, you can use JSON config directly.

1 Like

3 posts were split to a new topic: New acme-dns libdns plugin

This topic was automatically closed after 30 days. New replies are no longer allowed.