Finally managed automatic HTTPS redirection – please improve documentation

Sorry for not using your help template, but think that it does not make sense in this case.

I really had trouble getting the automatic HTTP to HTTPS redirection to work. I thought I had made everything correct. In my JSON configuration, I use the “routes” configuration. Within this JSON object, I had defined multiple entries, each one for a domain name, each one consisting of:

       {
            "group": "site selection",
            "match":
            [
              {
                "host": [ "myhost.example" ]
              }
            ],
            "handle":
            [
              {
                "handler": "file_server",
                "root": "/opt/caddy/sites/myhost",
                "index_names": [ "index.html", "index.xml" ]
              }
            ]
          },

Nevertheless, it did not work. When I issued an HTTP request, no redirection occurred. With my nearly-to-nothing knowledge of GO, I reviewed the file autohttps.go and discovered that the code creates additional routes for the HTTP to HTTPS redirections. By chance I got the idea that these routes may be indeed be added, but that they never become active, as my own routes match first. So I limited my own entries to match https requests only.

After changing the match entry to:

       {
            "match":
            [
              {
                "host": [ "myhost.example" ],
                "protocol": "https"
              }
            ],

it finally worked.

This seems to be documented nowhere. So my request is simply to improve the documentation so that other users of the software do not run into the same pitfall.

What’s your entire config? You only showed a small section. Automatic HTTPS rules apply to the entire config.

Please do use the help topic template. It’s important for us to get full context for what you’re reporting.

Here is the full old configuration with the names replaced. I guess you won’t see much interesting stuff… I am running caddy-2.4.6 with no extra features on an x86-64 Ubuntu 21.10.

{ 
  "admin":
  { 
    "disabled": false,
    "config":
    {
      "persist": false
    }
  },
  "logging":
  {
    "sink":
    {
      "writer":
      {
        "output": "file",
        "filename": "/opt/caddy/logs/sink.log",
        "roll": true,
        "roll_size_mb": 100,
        "roll_local_time": true,
        "roll_keep": 0,
        "roll_keep_days": 0
      }
    },
    "logs":
    {
      "default":
      {
        "writer":
        {
          "output": "file",
          "filename": "/opt/caddy/logs/caddy.log",
          "roll": true,
          "roll_size_mb": 100,
          "roll_local_time": true,
          "roll_keep": 0,
          "roll_keep_days": 0
        },
        "level": "debug",
        "encoder": { "format": "json" }
      }
    }
  },
  "storage":
  {
    "module": "file_system",
    "root": "/opt/caddy/store"
  },
  "apps":
  {
    "http":
    {
      "grace_period": "5s",
      "servers": 
      {
        "all":
        {
          "listen":
          [
            ":80",
            ":443"
          ],
          "routes":
          [
            {
              "group": "site selection",
              "match":
              [
                {
                  "host": [ "www.aaaaaa.example", "der.aaaaaa.example" ]
                }
              ],
              "handle":
              [
                {
                  "handler": "file_server",
                  "root": "/opt/caddy/sites/aaaaaa/cur",
                  "index_names": [ "index.html", "index.xml" ]
                }
              ]
            },
            {
              "group": "site selection",
              "match":
              [
                {
                  "host": [ "www.bbbbbb.example" ]
                }
              ],
              "handle":
              [
                {
                  "handler": "file_server",
                  "root": "/opt/caddy/sites/bbbbbb",
                  "index_names": [ "index.html" ]
                }
              ]
            },
            {
              "group": "site selection",
              "match":
              [
                {
                  "host": [ "www.cccccc.example" ]
                }
              ],
              "handle":
              [
                {
                  "handler": "reverse_proxy",
                  "transport":
                  {
                    "protocol": "http",
                    "compression": false,
                    "versions": ["1.1"]
                  },
                  "upstreams":
                  [ 
                    {
                      "dial": "[::1]:1080"
                    }
                  ]
                }
              ]
            },
            {
              "group": "site selection",
              "handle": 
              [
                {
                  "handler": "file_server",
                  "root": "/opt/caddy/sites/default",
                  "index_names": [ "index.html" ]
                }
              ]
            }
          ],
          "logs":
          {
            "default_logger_name": "default"
          }
        }
      }
    }
  }
}

This is your issue. If you want automatic HTTPS to work, you need to make your server only listen on :443, and then Caddy will automatically add a :80 server which performs the redirects.

No, this won’t work, as my last entry in the “routes” array is a fallback microsite that shall be responsible for all visitors that come to me somehow else (e.g. using an IP address). Here, no forwarding shall take place and an HTTP response is desired, as no domain name is available (and the IP address is dynamic, anyway). The solution I mentioned in my first post does work, so everything is fine.

Anyhow, I am still of the opinion that it would be worth to clarify this a little bit more in detail in the documentation (and that’s why I opened this thread).

Then just make a second server that listens for :80 with those routes you need.

The way you configured your server explicitly breaks Caddy’s automatic HTTP->HTTPS redirects.

This topic was automatically closed after 30 days. New replies are no longer allowed.