Caddy Does Not Auto Redirect from HTTP to HTTPS

ricky50575 · March 4, 2023, 11:06am

1. The problem I’m having:

Caddy does not auto redirect from HTTP to HTTPS.

2. Error messages and/or full log output:

● caddy.service - Caddy
     Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2023-03-04 18:57:38 CST; 2min 46s ago
       Docs: https://caddyserver.com/docs/
   Main PID: 2732 (caddy)
      Tasks: 8 (limit: 2160)
     Memory: 10.0M
        CPU: 65ms
     CGroup: /system.slice/caddy.service
             └─2732 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

Mar 04 18:57:38 iZj6cel50obn3u2xe5n08jZ caddy[2732]: {"level":"info","ts":1677927458.0060575,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Mar 04 18:57:38 iZj6cel50obn3u2xe5n08jZ caddy[2732]: {"level":"info","ts":1677927458.0061102,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
Mar 04 18:57:38 iZj6cel50obn3u2xe5n08jZ caddy[2732]: {"level":"info","ts":1677927458.0061612,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Mar 04 18:57:38 iZj6cel50obn3u2xe5n08jZ caddy[2732]: {"level":"info","ts":1677927458.0061824,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Mar 04 18:57:38 iZj6cel50obn3u2xe5n08jZ caddy[2732]: {"level":"info","ts":1677927458.006288,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Mar 04 18:57:38 iZj6cel50obn3u2xe5n08jZ caddy[2732]: {"level":"info","ts":1677927458.0063279,"msg":"serving initial configuration"}
Mar 04 18:57:38 iZj6cel50obn3u2xe5n08jZ caddy[2732]: {"level":"info","ts":1677927458.0065663,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0001f73b0"}
Mar 04 18:57:38 iZj6cel50obn3u2xe5n08jZ caddy[2732]: {"level":"info","ts":1677927458.0065904,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Mar 04 18:57:38 iZj6cel50obn3u2xe5n08jZ caddy[2732]: {"level":"info","ts":1677927458.006751,"logger":"tls","msg":"finished cleaning storage units"}
Mar 04 18:57:38 iZj6cel50obn3u2xe5n08jZ systemd[1]: Started Caddy.

3. Caddy version:

2.6.4

4. How I installed and ran Caddy:

a. System environment:

Ubuntu 22.04
systemd

b. Command:

/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

c. Service/unit/compose file:

# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateDevices=yes
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddy config:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.

:80 {
	# Set this path to your site's directory.
	root * /usr/share/caddy

	# Enable the static file server.
	file_server

	# Another common task is to set up a reverse proxy:
	# reverse_proxy localhost:8080

	# Or serve a PHP site through php-fpm:
	# php_fastcgi localhost:9000
}

hk.zimoe.com {
	root * /var/www/html
	file_server
	tls /var/local/hk.zimoe.com_bundle.crt /var/local/hk.zimoe.com.key
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

5. Links to relevant resources:

Caddy works! (zimoe.com)
ガーリッシュナンバー公式ホームページ｜TBSテレビ (zimoe.com)

ricky50575 · March 4, 2023, 11:45am

I have another server with a Caddyfile as below, it does not have this problem:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.

:80 {
	# Set this path to your site's directory.
	root * /usr/share/caddy

	# Enable the static file server.
	file_server

	# Another common task is to set up a reverse proxy:
	# reverse_proxy localhost:8080

	# Or serve a PHP site through php-fpm:
	# php_fastcgi localhost:9000
}

us1.chitose.ml, chitose.ml, us.zimoe.com {
	root * /var/www/html
	file_server
	tls ricky50575@gmail.com
	
	reverse_proxy /chitose 127.0.0.1:11314 {
		transport http {
			versions h2c
		}
	}
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

Caddy 2.6.2

ricky50575 · March 4, 2023, 11:53am

I resolved this problem as below, but I do not know why it performs differently between my two servers:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.

:80 {
	# Set this path to your site's directory.
	root * /usr/share/caddy

	# Enable the static file server.
	file_server

	# Another common task is to set up a reverse proxy:
	# reverse_proxy localhost:8080

	# Or serve a PHP site through php-fpm:
	# php_fastcgi localhost:9000
}

http://hk.zimoe.com {
  redir https://{host}{uri} permanent
}

https://hk.zimoe.com {
	root * /var/www/html
	file_server
	tls /var/local/hk.zimoe.com_bundle.crt /var/local/hk.zimoe.com.key
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

francislavoie · March 4, 2023, 6:42pm

Remove this from your config. This is preventing HTTP redirects from working.

You’re not meant to leave this in your config, you’re meant to replace it with your own config.

ricky50575:

:80 {
	# Set this path to your site's directory.
	root * /usr/share/caddy

	# Enable the static file server.
	file_server

	# Another common task is to set up a reverse proxy:
	# reverse_proxy localhost:8080

	# Or serve a PHP site through php-fpm:
	# php_fastcgi localhost:9000
}

matt · March 4, 2023, 10:07pm

This is right; but to elaborate, it’s because you’re explicitly listening and serving sites on the HTTP port, port 80, for all hostnames, so your explicit configuration overrides implicit redirects.

system · April 3, 2023, 10:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.