Cannot change default http and https ports

1. Caddy version (caddy version): v2.4.6

2. How I run Caddy: caddy run --config Caddyfile

a. System environment: alpine

3. Caddy config file:

{
        https_port 8443
        http_port 8080
}

:1234 { 
        root * /var/www
        file_server
}



http://, https://
tls internal {
    on_demand
}

Error that I receive:

run: adapting config using caddyfile: automation policy from site block is also default/catch-all policy because of key without hostname, and the two are in conflict: []certmagic.Issuer(nil) != []certmagic.Issuer{(*caddytls.InternalIssuer
)(0xc00007ff20)}

This is inside a docker containe and I’d like my internal ports to not be 80 and 443 but 8443 and 8080

This isn’t a problem with your global options, but instead a problem with this part:

The first issue is that you’re not using a block here, you must do so if you’re using more than one site block in your Caddyfile. See the docs on the structure of the Caddyfile:

The second is that you’re using the tls directive with http:// which doesn’t make sense. If you need special handling for http:// then it needs to be a separate site block.

But if I’ll change 8080 and 8443 with something else will work, is it there a reason why?

I’m not sure it’s worth theorizing when there’s clearly invalid things elsewhere in your config.

Can you please help me with a good solution for this?

Have you tried fixing your Caddyfile according to my suggestions?

This is what I did but I’m having same problem

:8443 {
  tls internal {
    on_demand
  }
}

Is that your entire Caddyfile? What are your full logs?

Please be as detailed as possible. If you only share partial information, it’s hard to help you debug or replicate the problem.

This is the file:

{
        https_port 8443
        http_port 8080
}

:8000 { 
        root * /app/cdn/documentation
        file_server
}



:8443 {
    tls internal {
        on_demand
    }
}

This is the output:

2022/01/19 12:11:29.876 INFO    using provided configuration    {"config_file": "/tmp/Caddyfile", "config_adapter": ""}
run: adapting config using caddyfile: automation policy from site block is also default/catch-all policy because of key without hostname, and
 the two are in conflict: []certmagic.Issuer(nil) != []certmagic.Issuer{(*caddytls.InternalIssuer)(0xc000183d70)}

Want to mention that using http://,https:// tls [config from first post] … on version 2.1 it is working without any issue
The problem came with 2.4 version

FYI, it’s ok to use http:// and https:// still, it’s usually better since it will match the global options for those ports implicitly instead of having to explicitly use the same ports.

Okay I dug a bit more and I see where the issue is happening. I think the adapter is being a bit too aggressive in its check for automation policies since what you have should be valid.

As a workaround since you’re only using internal certs, you can use the local_certs global option which will just tell the adapter that all the policies should/will be internal.

{
        https_port 8443
        http_port 8080
        local_certs
}

:1234 {
        root * /var/www
        file_server
}

https:// {
        tls internal {
                on_demand
        }
}

That should do the trick. I’ll run some more tests.
Thank you

This topic was automatically closed after 30 days. New replies are no longer allowed.