Force HTTPS and strip www

(John Topley) #1

Is it possible to have Caddy force HTTPS (which I believe it does by default) and redirect from the www URL to the non-www URL?

In my Caddyfile I have: {
} {

I noticed that when accessing I get an error. cURL reports it as curl: (7) Failed to connect to port 80: Connection refused.

(Matthew Fay) #2

Hi @johntopley!

To be unambiguous, your Caddyfile configuration should actually have two redirects when accessing the www subdomain over HTTP:

  1. from to
  2. from to{uri}

So it definitely should be handling HTTP on port 80.

I’d be inclined to investigate your firewall.

(Matt Holt) #3

I think that first redirect from HTTP->HTTPS should be handled automatically though; doesn’t need to be explicitly stated in the Caddyfile.

I too suspect a firewall issue.

(Matthew Fay) #4

Yeah, it’s not explicit, it’s just a result of Automatic HTTPS. My wording might have been a bit ambiguous; instead of “your Caddyfile configuration should actually have two redirects”, I possibly should have said “your Caddyfile should technically result in two redirects”.

(John Topley) #5

The only firewall I have is a standard AWS EC2 security group with ports 80 and 443 open for, as well as SSH of course.

(Matthew Fay) #6

What output does Caddy give when you start it up with this Caddyfile? You should see a list of sites it’s configured to serve.

Check also that both the www and the apex DNS records point to the same location (your Caddy server host).

Try also running curl -I http://localhost/ -H "" on the Caddy host directly to test whether Caddy is in fact binding to port 80 and serving the site correctly.

(John Topley) #7

The output is:

I have “A” DNS records in AWS Route 53 for and, both pointing to the IP address of my EC2 instance.

Running curl -I http://localhost/ -H "" returns curl: (52) Empty reply from server

(Matthew Fay) #8

Caddy definitely shouldn’t be giving an empty reply.

How do you run Caddy?

Run sudo sh -c 'netstat -tulpn | grep 80' just to check that Caddy’s actually listening on the right port.

(John Topley) #9
$ sudo sh -c 'netstat -tulpn | grep 80'
tcp6       0      0 :::443                  :::*                    LISTEN      16801/docker-proxy  
tcp6       0      0 :::80                   :::*                    LISTEN      16813/docker-proxy  
udp6       0      0 fe80::57:e3ff:fe63::546 :::*                                3795/dhclient    

It’s running within a Docker container:

docker run -d -p 80:2015 -p 443:443 -v /home/ec2-user/dotcaddy:/root/.caddy:rw --name caddy --ulimit nofile=8192:8192 --restart always example/

(Matthew Fay) #10

Doesn’t look like you’ve connected port 80 on the host to port 80 on the container.

Automatic HTTPS hosts your site on ports 80 and 443. Port 2015 is used as a default when Automatic HTTPS has been disabled.

443 is hooked up correctly, so curl -I --resolve should give a good result.

(John Topley) #11

That was it! Thank you. For some reason I’d missed the fact that Caddy listens on port 80 when using automatic HTTPS rather than port 2015.