How to set up Caddy To Deny Serving Any Hostname?

hrichiksite · March 13, 2021, 5:05pm

Is there any way to set up Caddyfile to deny serving certain domain names such as the ask feature in on_demand_tls?

francislavoie · March 13, 2021, 5:28pm

We’ll need more context here. Please fill out the help topic template.

hrichiksite · March 14, 2021, 4:03am

Hello @francislavoie,
I am asking that if it’s possible to do any config for Caddy that will allow it to do a quick get request to check if it can serve this domain at the first level, while the handshake is ongoing for the first time, just like how on_demand_tls’ ask automation works.

It does a quick HTTP Get request to my endpoint, and if it’s 200 OK then it makes the cert and serves it, else any other status code will make it deny making the cert.

francislavoie · March 14, 2021, 4:08am

I don’t understand. How is that any different than on-demand? Isn’t on-demand exactly what you want?

Again, please fill out the help topic template (click New Topic for the “Help” category, then copy the template into this thread, and fill it out), it’ll help us better understand where you’re coming from. Without your config, version, etc, we have no context for your question.

hrichiksite · March 14, 2021, 4:18am

Ya, the on_demand_tls solves my problem a bit, but I am making a URL shortener service, so I need to turn off automatic HTTP redirects (as it adds some extra time to do the redirect) so, If I do that, any domain pointing to my server’s IP (in http://) would work and eat up some of my node JS resources if he does it many times. So how can block HTTP requests like on_demand_tls’ ask automation works

I guess it’s not related as I am asking a general question not related to my caddy instance, still, if you need it, I am giving that in the next reply

hrichiksite · March 14, 2021, 4:34am

1. Caddy version (`caddy version`):

v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=

2. How I run Caddy:

a. System environment:

b. Command:

sudo systemctl start caddy

c. Service/unit/compose file:

d. My complete Caddyfile or JSON config:

# Caddyfile
{
        admin 0.0.0.0:1234
}

:443 {
        tls ssl@mydomain.xyz {
                on_demand
        }
        on_demand_tls {
                ask localhost:8888/askforcert
                interval 0
                burst 0
        }

        reverse_proxy * localhost:8888
}

3. The problem I’m having:

I am having no problem, just asking if it is possible to set up caddy to deny serving any domain

4. Error messages and/or full log output:

No logs

5. What I already tried:

I tried to google it but didn’t find any results

6. Links to relevant resources:

francislavoie · March 14, 2021, 4:37am

These are global options, not site directives. They go in the global option block at the top of your config. Is that the piece you’re missing?

hrichiksite · March 15, 2021, 4:56am

I will try that

system · May 12, 2021, 5:06pm

This topic was automatically closed after 60 days. New replies are no longer allowed.