How to convert rewrite cond like this into caddy2 configuration

makanSukros · August 7, 2023, 4:21am

1. The problem I’m having:

How do I convert the following values from .htaccess:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^.]+)$ $1.php [NC,L]

RewriteRule ^admin/create create.php [L]
RewriteRule ^lists/(.)$ contacts.php?slug=$1 [QSA]
RewriteRule ^apps/settings/(.)$ apps_settings.php?slug=$1 [QSA]

Into CaddyFile config,

2. Caddy version:

Version: v2.6.4

3. How I installed and ran Caddy:

I follow this links to install caddy:

a. System environment:

Operating System: Ubuntu 20.04.5 LTS
Kernel: 5.4.0-105-generic
Architecture: x64

b. Command:

service caddy start

d. My complete Caddy config:

{
    email support@myapp.my.id
    admin off
}


https:// {
    tls {
        on_demand
    }

   root * /var/www/html/myapp
   file_server
   encode gzip zstd
   php_fastcgi unix//run/php/php7.4-fpm.sock

}

app.myapp.my.id {
    root * /srv/site/broadcast
    log {
        output file /var/log/caddy/app.myapp.my.id.log {
                roll_size 3MiB
                roll_keep 5
                roll_keep_for 48h
        }
        format console
    }

header {
Permissions-Policy interest-cohort=()
Strict-Transport-Security max-age=31536000;
X-XSS-Protection "1; mode=block"
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Proxy-Cache BYPASS
Referrer-Policy no-referrer-when-downgrade
Strict-Transport-Security "max-age=31536000" env=HTTPS
}

    file_server
    encode gzip zstd
    php_fastcgi unix//run/php/php7.4-fpm.sock
    tls support@myapp.my.id

uri strip_suffix .php
}

francislavoie · August 7, 2023, 5:59pm

This seems to add .php if the request path did not include a dot anywhere. I don’t remember what NC,L does (I couldn’t be bothered to re-learn Apache rewrite rules, I rather leave it in the dust)

@addphp path_regexp addphp ^([^.]+)$
rewrite {re.addphp.1}.php

This rewrites everything starting with /admin/create to create.php.

rewrite /admin/create* /admin/create.php

@lists path_regexp lists ^/lists/(.*)$
rewrite @lists /contacts.php?slug={re.lists.1}&{query}

You don’t have any ask endpoint configured. This is now invalid config in the latest version. You must have an ask endpoint, otherwise you’re at risk of DDoS. An attacker could point a wildcard domain at your server then make an infinite amount of requests with different domains, forcing your server to issue useless certificates, exhausting your storage space and hitting rate limits.

makanSukros · August 8, 2023, 2:39am

then what if you want dynamic? for example, is there a new domain that I want to add based on the cname so that the new domain automatically has an automatic SSL the first time you visit it? Any suggestion?

francislavoie · August 8, 2023, 2:51am

You need to maintain an allow-list. That’s the point of the ask endpoint. Have your users register the domain they want to use with you first, then the ask endpoint will check with your server if it’s allowed. Otherwise you’re at risk of DDoS, like I said.

makanSukros · August 8, 2023, 2:55am

Is there an api to add or subtract caddy allow-lists that are api based?

francislavoie · August 8, 2023, 3:33am

No, you handle that yourself. Then you configure the ask endpoint in Caddy, and Caddy makes a request to your server to ask it “should I manage a cert for this domain”. You return either status 200 to say yes, 4xx status for no.

Please read the docs, it’s all explained. Automatic HTTPS — Caddy Documentation

makanSukros · August 8, 2023, 3:40am

Thanks, i will try now

system · September 7, 2023, 3:40am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.