Caddy fallback to 80

Hi guys,

I have a configuration which currently assumes 443 myresponder/Caddyfile at master · kaihendry/myresponder · GitHub

But sometimes it’s deployed behind a proxy (i.e. another Caddy instance), e.g.:,,,, {
 proxy / myresponder:80 {

So in the case it’s deployed behind a proxy, I need it to fallback to 80 without exiting like it does here:

docker run --rm --name myresponder --env-file envfile -p 80:80 -v /home/hendry/myresponder/data:/srv/data -v /home/hendry/.caddy:/root/.caddy hendry/myresponder
Activating privacy features...^E^E^E^E^E^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y2016/10/09 06:10:59 [] failed to get certificate: acme: Error 400 - urn:acme:error:connection - Failed to connect to for TLS-SNI-01 challenge
Error Detail:
        Validation for
        Resolved to:

Or am I missing a trick?

If you don’t want Caddy to use port 443 (which is the default for production sites), you need to specify http:// or :80 in the address in the Caddyfile or use tls off in your site description.

1 Like

Hi Matt,

I don’t want to change the configuration is what I am asking for here.

Port 443 not exposed or not working? Use Port 80.

80+443 exposed & working, use 443.

Does that make sense? :slight_smile:

I guess you could fork Caddy and change the auto https feature, but that’s not something I’m going to do for mainline Caddy.

So you prefer Caddy to be a bit draconian with error handling?

If a configuration fails on nginx/apache it still “carries on” IIRC

Neither apache nor nginx automatically use ACME to obtain a certificate and if you configure them to serve HTTPS without a certificate (the equivalent of what you are doing here), they will hard fail.

I am definitely with matt here, if I configure my webserver just so and it cannot do what I have asked it to, I would prefer it to fail than silently decide to do something else. Draconian is exactly what I want.

But, as a possible solution to your woes, you could maybe use an environment variable so your config is static but the tls option is configured externally.

Fail silently? I.e. use port 80 if there is some failure with SSL? I think this is common sense. Oh well.

The fail hard software approach has known the be a failzone too. Checkout XHTML.

Could you please give me an example of that?

Thank you,

You can use environment variables in your Caddyfile so if you write


Then you can start the process with

TLS_CONFIG=off caddy ...

and it will start without trying to serve TLS.