Force HTTPS and strip www

johntopley · February 4, 2019, 7:23pm

Is it possible to have Caddy force HTTPS (which I believe it does by default) and redirect from the www URL to the non-www URL?

In my Caddyfile I have:

www.example.com {
    redir https://example.com{uri}
}

example.com {
  ...
}

I noticed that when accessing http://www.example.com I get an error. cURL reports it as curl: (7) Failed to connect to www.example.com port 80: Connection refused.

Whitestrake · February 5, 2019, 2:36am

Hi @johntopley!

To be unambiguous, your Caddyfile configuration should actually have two redirects when accessing the www subdomain over HTTP:

from http://www.example.com/ to https://www.example.com/
from https://www.example.com/ to https://example.com{uri}

So it definitely should be handling HTTP on port 80.

I’d be inclined to investigate your firewall.

matt · February 5, 2019, 5:05am

I think that first redirect from HTTP->HTTPS should be handled automatically though; doesn’t need to be explicitly stated in the Caddyfile.

I too suspect a firewall issue.

Whitestrake · February 5, 2019, 5:05am

Yeah, it’s not explicit, it’s just a result of Automatic HTTPS. My wording might have been a bit ambiguous; instead of “your Caddyfile configuration should actually have two redirects”, I possibly should have said “your Caddyfile should technically result in two redirects”.

johntopley · February 5, 2019, 7:14pm

The only firewall I have is a standard AWS EC2 security group with ports 80 and 443 open for 0.0.0.0/0, as well as SSH of course.

Whitestrake · February 5, 2019, 11:12pm

What output does Caddy give when you start it up with this Caddyfile? You should see a list of sites it’s configured to serve.

Check also that both the www and the apex DNS records point to the same location (your Caddy server host).

Try also running curl -I http://localhost/ -H "Host:www.example.com" on the Caddy host directly to test whether Caddy is in fact binding to port 80 and serving the site correctly.

johntopley · February 6, 2019, 10:41am

The output is:

http://www.example.com
http://example.com
https://www.example.com
https://example.com

I have “A” DNS records in AWS Route 53 for example.com and www.example.com, both pointing to the IP address of my EC2 instance.

Running curl -I http://localhost/ -H "Host:www.example.com" returns curl: (52) Empty reply from server

Whitestrake · February 6, 2019, 10:59am

Caddy definitely shouldn’t be giving an empty reply.

How do you run Caddy?

Run sudo sh -c 'netstat -tulpn | grep 80' just to check that Caddy’s actually listening on the right port.

johntopley · February 6, 2019, 11:16am

$ sudo sh -c 'netstat -tulpn | grep 80'
tcp6       0      0 :::443                  :::*                    LISTEN      16801/docker-proxy  
tcp6       0      0 :::80                   :::*                    LISTEN      16813/docker-proxy  
udp6       0      0 fe80::57:e3ff:fe63::546 :::*                                3795/dhclient

It’s running within a Docker container:

docker run -d -p 80:2015 -p 443:443 -v /home/ec2-user/dotcaddy:/root/.caddy:rw --name caddy --ulimit nofile=8192:8192 --restart always example/example.com

Whitestrake · February 6, 2019, 11:27am

Doesn’t look like you’ve connected port 80 on the host to port 80 on the container.

Automatic HTTPS hosts your site on ports 80 and 443. Port 2015 is used as a default when Automatic HTTPS has been disabled.

443 is hooked up correctly, so curl -I https://example.com/ --resolve example.com:443:127.0.0.1 should give a good result.

johntopley · February 6, 2019, 12:41pm

That was it! Thank you. For some reason I’d missed the fact that Caddy listens on port 80 when using automatic HTTPS rather than port 2015.

system · May 7, 2019, 12:41pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.