Disable autoredirect to https for some paths

Cinerar · November 16, 2016, 9:17pm

I’m trying to move my website to caddy, but some paths on my site need to be accesible over http, not https
for example i want requests to Home - Ownwebsite were serverd over http and not automatically redirected to https://mywebsite.com/api

Are there any options to disable TLS not for whole site, but only for some paths on it?

matt · November 16, 2016, 9:48pm

You can describe the http:// version of the site in the Caddyfile, which will disable the auto redirects, and then set up only the redirects you want.

Cinerar · November 16, 2016, 10:47pm

Thanks. Will give this aproach a try.

btw thank you for this whole project.

tobya · November 17, 2016, 2:06pm

Is it worth exploring why you need some paths (particuarily api) to be http? There really should be no reason to use http rather than https.

Perhaps there is an alternative solution to your issue?

Cinerar · November 17, 2016, 3:35pm

Long story short - Backward compatibility

matt · November 17, 2016, 10:56pm

I say let 'em break.

tobya · November 18, 2016, 8:02am

I’m not sure if this is your issue, but I had to call an api from a webhost that didnt work with the latest TLS when calling file_get_contents or curl from php .

the following in my caddy file solved the issue.

   example.com {
    tls {
      protocols tls1.0 tls1.2
    }

    #other directives
  }

This tells caddy to offer earlier versions of TLS rather than just the latest. This is worth a try at least.

Whitestrake · November 21, 2016, 1:13am

This is what I used when I set up a small website for temporary image sharing (a la imgur), I wanted to set it up to use with ShareX but the program does not like newer protocols.

Depado · December 5, 2016, 3:26pm

Hey there.

I’m also facing the same issue as one of my instrumented application is using Prometheus. Prometheus can get the metrics using TLS, but it leaks file descriptors, making it unstable (like, it’s eating file descriptors like M&Ms). So I would like to have a single endpoint /metrics to be served over HTTP and not HTTPS. Is that possible ? Or not ?

My need is not to disable HTTPS for said endpoint, but to disable auto-redirect, so Prometheus can fetch the data.

Thanks a bunch

(Related Prometheus issue : Too many open files (established connections to same nodes) · Issue #1873 · prometheus/prometheus · GitHub)

Whitestrake · December 5, 2016, 11:29pm

Including a separate configuration for http://your.domain.com/metrics in your Caddyfile will cause Caddy to use the more specific configuration block over the generic your.domain.com.

Requests to https:// will still go to the generic block, because it won’t match the http:// of the specific block.

your.domain.com {
    # Config
}
http://your.domain.com/metrics {
    # http-only config
}

Depado · December 6, 2016, 9:29am

Thanks a lot, I’ll give that a try

system · March 6, 2017, 9:29am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.