How to set priority in caddyfile?

Help
1

Hello, I have caddyfile like this:

:80 {
respond "Hello, this is proxy server"
}

test.domain.com {
reverse_proxy domain.com:port
}

And I have the problem that when I visit http://test.domain.com I got “Hello, this is proxy server”, when I visit https://test.domain.com it is proxied like I want.

I would like to write “Hello, this is proxy server” only on domains that are not set in Caddyfile, not on domains where is some site or reverse proxy.
How to set some higher priority to test.domain.com so when I go to http://test.domain.com it will redirect me to https://test.domain.com and not show “Hello, this is proxy server” text?

2

Please fill out the help topic template. Your version of Caddy is important to this discussion. This behaviour should be fixed since v2.4.0:

https://github.com/caddyserver/caddy/pull/4033

3

Caddy uses HTTPS by default, so access your named site with https://.

4

I know, but is it possible that when someone use http for that domain it be auto redirected to https

5

Yes, see the issue I linked. Since v2.4.0, that should work without any extra effort. Please check your Caddy version. And next time, please properly fill out the help topic template, it’ll save time for both you and us, and avoid us having to make any assumptions up-front.

6 
/etc/caddy$ caddy version
v2.4.3
7

Will adding this solve it?

 @http { 
protocol http
 }
   redir @http https://{hostport}{uri}

EDIT: I have tried, but it does not work

8

Okay, interesting. I did some additional testing, the PR above fixes it, but only if you have another HTTP-only site defined; this is a quirk in how I implemented the change in that PR.

For example, this will work:

:80 {
	respond "Hello, this is proxy server"
}

http://something.entirely.unrelated.com {
	respond "Unrelated"
}

test.domain.com {
	reverse_proxy domain.com:port
}

Then making a request with curl -v http://test.domain.com will return an HTTP->HTTPS redirect.

I’ll look into writing a fix for this; but for now, there’s two things you can do in the meantime:

  • Add a dumb extra http:// or :80 suffix site block for now (which doesn’t need to be a real domain you manage, could even be an IP address block which would never reach your server)
http://10.0.0.0 {
	respond "Temporary bugfix"
}
  • Explicitly perform the redirect using a site block like this:
http://text.example.com {
	redir https://{hostport}{uri}
}
9

Alright, I have a proposed fix:

https://github.com/caddyserver/caddy/pull/4243

You can try out this build if you’d like; you can download a build from the CI artifacts (once the tests are done, in a few minutes)

https://github.com/caddyserver/caddy/actions/runs/1020283203

10

To clarify, your Caddyfile explicitly defines the behavior to use for port 80 (i.e. no redirect). I’m still conflicted on this, since it feels wrong to override explicit configuration with implicit behavior. :man_shrugging: But we’re trying it since people seem to want that (and Francis is brave enough to implement it).

11

The way I see it, from most user’s perspective, they expect explicitly configuring Caddy to serve a domain to inherit all the niceties that come with that when using Caddy. It can been seen as an unintended sideeffect for configuring another site block to “override” the auto-https behaviour.

It’s a matter of perspective.

:man_shrugging: it’s pretty simple tbh, I just missed one small edgecase.

1 Like
12

I don’t want to do this for every site where is reverse proxy. when it will be fixed?

http://text.example.com {
	redir https://{hostport}{uri}
}
13

You only need a site block like that once to work around the issue, not for each site.

If you really need the fix it right away, grab the build from CI above as I said, or build Caddy from source. I can’t guarantee any timeline.

1 Like
14

This topic was automatically closed after 30 days. New replies are no longer allowed.