Catch-all too greedy?

francislavoie · December 14, 2023, 8:16pm

The order of the routes in the HTTP server when HTTP->HTTPS redirects are enabled is:

User-defined site starting with http:// (e.g. http://example.com)
HTTP->HTTPS redirects for HTTPS site addresses (e.g. example.com)
User-defined catch-all site (e.g. http:// or :80)
Always-included fallback catch-all redirecting HTTP traffic to HTTPS using the incoming Host header

teodorescuserban:

this config works properly over https, but it only serve the error pages defined in my :80 block on http

:80 {
    redir * https://error-pages.newdom.local 301
}

old1.example.local {
    redir /oldpath1* https://newpath1.newdom.local 301
    # ...
    redir * https://error-pages.newdom.local 301
}

old2.example.local {
    redir * https://some.random.domain.local 301
}

In this case, you have no (1), your two HTTPS sites are (2), and you have user-defined (3), and (4) is always included.

Caddy will serve a redirect from http://old1.example.local/ to https://old1.example.local/ first, and then the client after connecting to HTTPS will be served with the redirect from https://old1.example.local/ to https://error-pages.newdom.local/.

Make sure when testing you use the curl -vL (-L meaning Location header, to follow redirects). This is working as intended.

Also, you probably want to add {uri} at the end of all your redirects, to preserve the request URI, otherwise it gets dropped completely from the request. For example:

redir https://error-pages.newdom.local{uri} 301