My question is when using the following caddyfile, if port is not defined after www.sample.com, caddy only listen to default ports 443 for https and 80 for http. All the rest of ports are closed. Anybody could shed some light on how to make caddy listen to other ports? How to make caddy listen to a range of ports?
2. Error messages and/or full log output:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
3. Caddy version:
v2.6.4
4. How I installed and ran Caddy:
a. System environment:
b. Command:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
c. Service/unit/compose file:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
d. My complete Caddy config:
www.sample.com {
root * /home
encode gzip
file_server
tls {
dns cloudflare {api_token}
}
reverse_proxy /rev localhost:10000
log {
output file /var/log/caddy/access.log {
roll_keep_for 1d
}
}
}
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
I got error message "Error: adapting config using caddyfile: server block 3, key 0 (example.com:8000-8005): determining listener address: parsing key: invalid port ‘8000-8005’: strconv.Atoi: parsing “8000-8005”: invalid syntax
I remember two years ago when using caddy older version, if ports are not specified, caddy will listen all opened ports. However, the latest version caddy only listen to 80 and 443 if ports are not specified.
Oh, you know, I wonder if port ranges like that are supported in the Caddyfile. It might be JSON-only (because it’s not a very popular feature).
Caddy never listened to “all open ports” – the behavior here with v1 and v2 are identical as far as I know. Listening on “all open ports” doesn’t even make sense, we’d have to have a loop that iterates the entire 65,000+ port range and calls Listen(). I’ve never written code like that.
Caddy does bind to all interfaces by default, but this is the same between v1 and v2. Maybe that’s what you’re referring to, but interfaces are orthogonal to ports.
I find that it is stated in the documents that “Not all config fields accept port ranges.”:
“The port may be a single value (:8080 ) or an inclusive range (:8080-8085 ). A port range will be multiplied into singular addresses. Not all config fields accept port ranges. The special port :0 means any available port.”
If Caddy does not listen to all ports, then what ports will it listen to when “example:0” is written in the code?
What interfaces does Caddy bind to? And how should I define ports for the interfaces?
I was trying to do is, I would like to change port for connecting to my server periodically, from a ports range. In stead of changing caddyfile to modify port number every time, I want to make caddy to listen to a ports range. Is there any way of doing that by means of using the interfaces method?
Yes, but the site address in a Caddyfile is not the same as a network address in Caddy’s native JSON config. The Caddyfile is an adapter that generates JSON config, and the Caddyfile format is different.
A random available port. (This is not unique to Caddy, but is a feature of OS kernels.)
Yes, in the JSON you can easily listen to a port range, that for sure works. (You can always use caddy adapt to convert your Caddyfile to JSON, then tweak it.)
By default, if port is not defined after the server “example.com”, does Caddy only listen to “:80”
for http:// and “:443” for https://? “:0” will only listen to one of these two ports, if no ports are specified in JSON. Am I getting the right concept?
But why are the ports being blocked? Why does this matter? Can’t you just use a tunnel instead to get around that? Try using Cloudflare tunnels, SSH tunnel, WireGuard/Tailscale.
Yeah that’s the point of the tunnel. You initiate a tunnel on the server you run Caddy on to another server which doesn’t have traffic blocking problems, then traffic gets routed through the tunnel to your Caddy server, then it responds back through the tunnel, etc.
I guess I didn’t explain my problem clear. I will try to describe it again.
The port of the traffic (websocket to server with caddy) gets blocked by the firewall of the IPS every now and then. So I need to change ports when its blocked.
I guess the same thing will also affect communication through tunnel, I will still have to change ports for tunnel when it gets blocked. If my understanding of the working mechanism of tunnel is correct.
Not sure anyone’s ever done that, because I can’t imagine why that’d be useful or make sense…