I have an instance of caddyserver serving as a reverse proxy. Whenever I use a web browser (from outside my LAN) & go to my website via HTTPS (ie. https://mydomian.foobar) everything works fine. However when I try to attempt to connect via HTTP (ie. http://mydomain.foobar, or just mydomain.foobar in some browsers) I get prompted to download a 7 byte file whose name is a string of letters & numbers. The contents of this file (as seen in notepad++) is . I’m assuming this is useless as the underlying data probably isn’t characters or a string.
Caddy logs doesn’t give me anything but looking at systemd logs gives me the following:
2018/02/15 21:08:00 http: TLS handshake error from public_ip_address:42076: tls: first record does not look like a TLS handshake
So does this means Caddy assumes my http connections should be attempting to authenticate via TLS? How do I prevent this then? Redirect HTTP connections to HTTPS? (ultimately I would like to only use HTTPS)
Let me know If I can provide anymore information or if something I said is clear as mud. Thanks.
Shouldn’t be! Your Caddyfile, assuming mycustomdomain.foobar is a real and publicly accessible domain name, should be issuing redirects over HTTP to requests on port 80.
Can you post the output of curl -IL mycustomdomain.foobar? (It should be, if everything is working correctly, two sets of headers - firstly for a HTTP redirect, then for a HTTPS site).
Could be DNS, but maybe not your settings, per se. I get the same result you do from my machine, and Caddy’s issuing a 301 over HTTP just fine and accepting the HTTPS request.
Can you run dig peterhansen.tech on both the machine that returned no result, and the machine that successfully connected to Caddy from within the LAN?
I just figured it out. It was my Router’s port forwarding settings. I accidentally forwarded port 80 on the WAN interface to port 443 of the VM. I use PfSense so I guess I accidentally chose “HTTPS” instead of “HTTP”.
If you try the curl command again it returns the headers now and connecting to my website via HTTP redirects to HTTPS. Thanks for the help, I wouldn’t of even thought of checking my router settings but seeing the difference between WAN & LAN systems when running curl made me curious if I had screwed something else up.
Excellent! pfSense is great, I run Caddy behind mine as well and also run split DNS resolution. Can get a bit weird sometimes, but once it’s all set up, it’s rock solid.
I assumed I could either rewrite or redirect …/graphics to …/graphics/ and everything would work but I did that and it had no effect. I’m going to try it again real quick now that my first problem is solved but any thoughts on what I should poke around with?
All my traffic on WAN port 80 & 443 is routed to a caddy server on it’s own VM which serves as a reverse proxy (the one I was initially having troubles with). Lets Call it VM1.
I have another VM (VM2) which hosts my graphics page & files like you saw. VM1 handles all the TLS/SSL & HTTPS encryption as it sits in between the WAN & LAN. All of my other services are not encrypted as they are on my LAN, but since they pass through my reverse proxy to get to anywhere on the WAN they become encrypted.
I just realised I made one tiny mistake in my proposed VM2 Caddyfile that you should address if you haven’t already, @silverensign;
The filemanager directive should instead start with filemanager /graphics/upload /www/frontpage/graphics to respect the web root shuffling around. Otherwise uploads would go to the old location, whoops