for development purposes either you need a domain to use https or just go with php built-in server or non tls. then for production use php_fastcgi directive.
i basically got 1 domain, i create a subdomain and use it in caddy.
So like Apache or Nginx, I can’t create virtual host and use HTTPS on CaddyServer? Or am I missing something?
you can create anything in caddy but https working with valid domains.
1 Like
for example
domain.com {
php_fastcgi unix://php_sock
}
sub.domain.com {
php_fastcgi unix://php_sock
}
domain2.com {
php_fastcgi unix://php_sock
}
1 Like
Let me ask one more question if you don’t mind,
Say, I’ve a microservice in PHP that only accepts HTTPS and runs on HTTPS only.
Using nginx/apache I can create virtual host name and add https. For e.g. random.site and add https with local generated SSL Keys and everything works fine…
Please let me know if it’s possible with Caddy Server as well. If yes, then how would I do that?
well we are using caddy because you don’t need to do that config.
in your Caddyfile (equivalent is nginx.conf or default)
yourdomain.com {
php_fastcgi unix//run/php/php7.4-fpm.sock
file_server
}
done. you got https running on yourdomain.com
everything can be configured in same file. you don’t need sites-available sites-enabled etc.
I’m sorry if my question was not clear at first 
I agree with how Caddy Server works. Also I found that I can work with any public domains as you’ve mentioned above.
Just wondering if it’s possible to setup https for non-public domain like random localhost names: abc.xys. with Caddy
it’s very extreme use case, as who needs https in development environment.
There are cases when application needs to be tested and running on https on development environment.
I’ve same scenario/use case where one of the service needs to https connection for it’s working.
Not extreme use case really, HTTPS default is the way of the internet, so to replicate production usage, it is common sense to replicate HTTPS usage on dev environment too.
If the domain names used aren’t valid domains and only for local dev testing, you can override both server and your PC’s DNS using /etc/hosts file on server and equivalent on your PC depending on OS. That is what I did at Caddy V2 tls internal only work when port 80/443 are free? just needed help with the internal SSL cert setup routine by setting http_port and htps_port for local SSL certs on ports other than 80/443 for my usage on domains on port 81/4444.
So for my virtualbox install, for invalid domains used for local testing, I edited my server’s /etc/hosts and my Windows 10 pc’s C:\Windows\System32\drivers\etc\hosts
192.168.0.18 ngx.domain.com
192.168.0.18 caddy.domain.com
curl -I http://caddy.domain.com:81/caddy-index.html
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 12226
Content-Type: text/html; charset=utf-8
Etag: "q9xapl9fm"
Last-Modified: Wed, 06 May 2020 18:44:09 GMT
Server: Caddy
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Powered-By: caddy centminmod
X-Xss-Protection: 1; mode=block
Date: Fri, 08 May 2020 17:25:52 GMT
curl -Ik https://caddy.domain.com:4444/caddy-index.html
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 12226
Content-Type: text/html; charset=utf-8
Etag: "q9xapl9fm"
Last-Modified: Wed, 06 May 2020 18:44:09 GMT
Server: Caddy
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Powered-By: caddy centminmod
X-Xss-Protection: 1; mode=block
Date: Fri, 08 May 2020 17:26:08 GMT
3 Likes
As @eva2000 has said, it’s not an extreme usecase. Caddy supports HTTPS in development using tls internal. See the docs:
2 Likes
so he/she needs to go with tls internal
So to use tls for testing purpose, I need to manually generate keys and add to Caddyfile as mentioned in the syntax:
tls [internal|<email>] | [<cert_file> <key_file>] {
protocols <min> [<max>]
ciphers <cipher_suites...>
curves <curves...>
alpn <values...>
load <paths...>
ca <ca_dir_url>
ca_root <pem_file>
dns <provider_name> [<params...>]
on_demand
}
No; look at the examples at the bottom.
Please let me know if it’s the correct syntax of defining tls
testhost.com {
tls internal
respond "Hello, world!"
}
I tried above in Caddyfile but can’t make it work.
2020/05/08 17:54:47.032 INFO using adjacent Caddyfile
2020/05/08 17:54:47.035 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2020/05/08 23:39:47 [INFO][cache:0xc0004f18b0] Started certificate maintenance routine
2020/05/08 17:54:47.045 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2020/05/08 17:54:47.227 INFO pki.ca.local root certificate is already trusted by system {"path": "storage:pki/authorities/local/root.crt"}
2020/05/08 17:54:47.228 INFO tls cleaned up storage units
2020/05/08 17:54:47.228 INFO http enabling automatic TLS certificate management {"domains": ["testhost.com"]}
2020/05/08 23:39:47 [WARNING] Stapling OCSP: no OCSP stapling for [testhost.com]: no OCSP server specified in certificate
2020/05/08 17:54:47.229 INFO autosaved config {"file": "/Users/sujit/Library/Application Support/Caddy/autosave.json"}
2020/05/08 17:54:47.229 INFO serving initial configuration
Successfully started Caddy (pid=32779) - Caddy is running in the background
Service started but the URL is not accessible via:
https://testhost.com
https://testhost.com:443
I can only make it work with localhost:
localhost {
tls internal
respond "Hello, world!"
}
I needed to add to hosts to make it work.
Thanks all! now it seems to work as expected.
Can we make the domain work without adding to hosts file?
1 Like
hosts file edits are required to override DNS for the test domains. Only way.
1 Like
There is an alternative: Split DNS (i.e. run your own DNS resolver inside your LAN that points arbitrary hostnames to your dev server).
Whether you edit your hosts file or your local DNS resolver, though, you will have to add those hostnames manually somewhere.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.