Default domain (redirect all domain)

How to redirect all request to one domain?
For example if visitor enter server IP address in the address bar, they will be redirected to default domain.
Or if one visitor enter one domain that doesn’t exist/registered on the server then it will be redirected.
Any help would be greatly appreciated.

You can implement catch-all redirects to a specific domain pretty simply:

http://, https:// {
  tls self_signed

This redirection will be used for any site that you have not explicitly configured (so if you then define the site below that in your Caddyfile, this catch-all won’t apply to it).

Bear in mind this catch-all won’t have valid HTTPS, though. You can look at On-Demand TLS if you’re interested in that, but there’s a bit of complexity involved.

Hi @Whitestrake, I’ve tried put the code before or after my domain, but caddy wont start.

Oct 01 11:13:15 --- systemd[1]: Started Caddy HTTP/2 web server.
-- Subject: Unit caddy.service has finished start-up
-- Defined-By: systemd
-- Support:
-- Unit caddy.service has finished starting up.
-- The start-up result is RESULT.
Oct 01 11:13:15 --- caddy[24155]: 2019/10/01 11:13:15 [INFO][cache:0xc000088870] Started certificate maintenance routine
Oct 01 11:13:15 --- caddy[24155]: 2019/10/01 11:13:15 self-signed: certificate has no names
Oct 01 11:13:15 --- systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE                                             Oct 01 11:13:15 ora-in1-jkta-org systemd[1]: caddy.service: Failed with result 'exit-code'.

Below is my Caddyfile:

dom.ext {
        tls mail@dom.ext
        root /var/www/dom.ext
        fastcgi / php
        rewrite {
                if {path} not_match ^\/wp-admin
                to {path} {path}/ /index.php?{query}

http://, https:// {
        tls self_signed
        redir https://dom.ext

Oh, uhh. Well, looking further into it, I now realise it’s not that simple, haha.

OK, so, we can’t do https:// with tls self_signed.

We can cheat a bit, though - we can use your main domain’s certificate, since we know it’ll be there and managed and that’s what we’re redirecting to anyway. It’ll still be invalid for an IP address or a random domain, naturally, but no loss there. We just need a cert, any cert, to negotiate TLS and then issue the redirection.

That, or you use On-Demand TLS. This is probably simpler.

You’ll need the format tls cert key, and you need to look in your CADDYPATH for the location. Since you’re running Caddy as a systemd service on Ubuntu, you likely used the systemd guide in the examples repository. If that’s the case, you’re looking for the cert and key in /etc/ssl/caddy. Replace cert with the absolute path of the cert and key with the absolute path of the key for tls cert key. Start it up again and you should be good to go…

If I use tls mail@dom.ext,
will the result be same as what you suggested above?
I tried tls mail@dom.ext, caddy is up and running, but I’m not sure what is the expected result :smile:

tls mail@dom.ext just sets the LetsEncrypt account email to mail@dom.ext. In terms of a HTTPS certificate for this catch-all, it is identical to not having tls at all. It’s not going to help.

Thank you @Whitestrake, the redirection is working!

1 Like


OKay i know this is considered a necrobump, but… why not jsut do

:80 {
    redir https://dom.ext

? like you dont even need tls for that, anything that connects to http://*, as long as it points to the server’s IP, it will be redirected?

Ahh, but then the issue is that HTTPS requests won’t be redirected.

:80 is just one half of the equation; the http:// part, specifically.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.