Caddy handles http://{IP} but Caddyfile only specifies {DOMAIN}. Intended?

Kangaroux · September 25, 2025, 1:54pm

Marked as General since I’m not experiencing any issues. Just looking for some clarification.

My Caddyfile defines a site block for a domain (which works fine):

domain.com {
  # ...
}

However if I visit the IP of said domain e.g. http://{IP}, Caddy issues a redirect to https://{IP} which then returns a cert error, which is expected.

I understand that Caddy will only match domains based on the Host header. But is it intended that Caddy is handling the request when no site blocks match the Host header (or when the Host header is missing entirely)? It seems like Caddy is adding its own catch-all :80, :443 block

Caddy 2.10

matt · September 26, 2025, 3:59am

Caddy redirects all HTTP to HTTPS. That way it doesn’t leak as easily over a plaintext connection what sites it actually answers to. It may not mean much in practice, but it’s easier and better for it to be consistent and minimal over HTTP as much as possible.