1. The problem I’m having:
Consider the Caddyfile attached below. The problem is that if I go to http://foo.com, the website will serve me a prompt for basic authentication before upgrading my connection to https. Since this has the danger of sending credentials in plaintext, some browsers, like Safari, will refuse to offer the basic auth prompt http sites at all (only offering it to https sites). This can lead to some browsers, like Safari, entirely unable to access the web-page (unless they manually upgrade http to https):
Safari Can’t Connect to the Server
Safari can’t open the page “foo.com” because Safari can’t connect to the server “foo.com”
The question is: how do I have caddy upgrade http to https before prompting for basic auth?
2. Error messages and/or full log output:
N/A
No errors, I suspect this is intended / expected behavior. I’m not reporting a bug, but asking how to change the behavior.
3. Caddy version:
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
4. How I installed and ran Caddy:
a. System environment:
Docker
b. Command:
docker compose up
c. Service/unit/compose file:
services:
caddy:
image: "caddy"
container_name: "caddy"
restart: unless-stopped
ports:
- 443:443
volumes:
- ./caddy/Caddyfile:/srv/Caddyfile:Z,ro # z probably overrides ro :/
- ./caddy/data:/data:Z
command: ["caddy", "run"]
Dockerfile:
FROM caddy:builder AS builder
RUN xcaddy build --with github.com/caddy-dns/cloudflare
FROM caddy
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
d. My complete Caddy config:
foo.com {
basicauth {
foo $2a$14$WkjDjpbJ48qPK2JeUECpO.D6PSJas2RzDB1V72d9Nk0HqNYrkl5Wm
}
tls myemail@gmail.com
reverse_proxy myhost:12345
}