Force HTTPS and strip www

Is it possible to have Caddy force HTTPS (which I believe it does by default) and redirect from the www URL to the non-www URL?

In my Caddyfile I have: {
} {

I noticed that when accessing I get an error. cURL reports it as curl: (7) Failed to connect to port 80: Connection refused.

Hi @johntopley!

To be unambiguous, your Caddyfile configuration should actually have two redirects when accessing the www subdomain over HTTP:

  1. from to
  2. from to{uri}

So it definitely should be handling HTTP on port 80.

I’d be inclined to investigate your firewall.

1 Like

I think that first redirect from HTTP->HTTPS should be handled automatically though; doesn’t need to be explicitly stated in the Caddyfile.

I too suspect a firewall issue.

Yeah, it’s not explicit, it’s just a result of Automatic HTTPS. My wording might have been a bit ambiguous; instead of “your Caddyfile configuration should actually have two redirects”, I possibly should have said “your Caddyfile should technically result in two redirects”.

The only firewall I have is a standard AWS EC2 security group with ports 80 and 443 open for, as well as SSH of course.

What output does Caddy give when you start it up with this Caddyfile? You should see a list of sites it’s configured to serve.

Check also that both the www and the apex DNS records point to the same location (your Caddy server host).

Try also running curl -I http://localhost/ -H "" on the Caddy host directly to test whether Caddy is in fact binding to port 80 and serving the site correctly.

The output is:

I have “A” DNS records in AWS Route 53 for and, both pointing to the IP address of my EC2 instance.

Running curl -I http://localhost/ -H "" returns curl: (52) Empty reply from server

Caddy definitely shouldn’t be giving an empty reply.

How do you run Caddy?

Run sudo sh -c 'netstat -tulpn | grep 80' just to check that Caddy’s actually listening on the right port.

$ sudo sh -c 'netstat -tulpn | grep 80'
tcp6       0      0 :::443                  :::*                    LISTEN      16801/docker-proxy  
tcp6       0      0 :::80                   :::*                    LISTEN      16813/docker-proxy  
udp6       0      0 fe80::57:e3ff:fe63::546 :::*                                3795/dhclient    

It’s running within a Docker container:

docker run -d -p 80:2015 -p 443:443 -v /home/ec2-user/dotcaddy:/root/.caddy:rw --name caddy --ulimit nofile=8192:8192 --restart always example/

Doesn’t look like you’ve connected port 80 on the host to port 80 on the container.

Automatic HTTPS hosts your site on ports 80 and 443. Port 2015 is used as a default when Automatic HTTPS has been disabled.

443 is hooked up correctly, so curl -I --resolve should give a good result.

1 Like

That was it! Thank you. For some reason I’d missed the fact that Caddy listens on port 80 when using automatic HTTPS rather than port 2015.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.