How to do NGINX style SNI

josh-hemphill · March 29, 2021, 3:27pm

I’m looking at adapting my applications running in NGINX to using Caddy, but the docs don’t make it clear how to do basic SNI based servers.
I usually have a dozen or so individual domains/servers hosted on the same ports all only distinguished by SNI with one root site being the default and handling any failed SNI.
In NGINX I just have to set the server name(s) in the server block and set them all to listen on the same ports, but in the Caddy JSON docs it says:

Listener addresses must be unique; they cannot be repeated across all defined servers.

So I’m not clear on how to do something similar.

An example of the NGINX config I’m trying to replicate is the following:

server {
        allow   192.168.0.0/16;
        deny    all;

        server_name     index index.local;

        listen 80 default_server;
        listen [::]:80 default_server;
        listen 443 default_server;

        ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
        ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

        include         /etc/nginx/snippets/error_pages.conf;

        root            /var/www/index/;
        index           index.html;

}

francislavoie · March 29, 2021, 4:18pm

If you’re using JSON, then you configure host matchers.

If you’re using the Caddyfile, then you use site addresses (which map to host matchers when adapting to JSON).

If you’re just getting started with Caddy, I highly recommend going through the tutorials in the docs. Also the Caddyfile is more approachable for a start, and you can use the caddy adapt command to see what your Caddyfile will adapt to.

josh-hemphill · March 29, 2021, 4:37pm

Thank you, so then a server listen directive isn’t required? I guess I just assumed it would be.

I had tried to use the Nginx config adapter to convert my configs, but my extensive use of deny / allow and include statements across lots of files (which isn’t supported by the adapter) that are otherwise pretty simple configs, led me to just manually creating a template I can copy for each site.

I’m rather fond of JSON for configuration, and I’ve been looking at ways to define my project/site-specific info and automatically/programmatically register it’s handlers/endpoint with an instance of Caddy upon a new git push; so I’ll probably be trying to use the API with a static JSON file.

EDIT:
Ooooh, well there’s a face palm moment… The listen Addresses is the host names / server_name equivalent. I saw address and just assumed IP Addresses.

francislavoie · March 29, 2021, 4:41pm

It is required in JSON, Caddy needs to know the port to listen on.

The JSON configuration is pretty explicit. If you want something shorter and easier to write, use the Caddyfile; that’s its purpose.

Like I said, the best way to learn how JSON is structured is by first writing a Caddyfile that does what you want (much easier), then running caddy adapt --pretty on it to see what JSON that adapts to.

system · April 28, 2021, 3:27pm

This topic was automatically closed after 30 days. New replies are no longer allowed.