So mainly I’m worried about the http to https redirect I have at the bottom here. On my end it doesn’t appear to be working as expected.
On the https config for “domain” it’s proxying over to a non-SSL domain (providing an SSL layer for it). That’s working as expected.
However, when I access “domain” over http, instead of redirecting, it’s throwing a 404 error (and yet this is essentially the same config I have running on an older version of Caddy that works properly). So I’m not sure if this is due to the newer version of Caddy or if it’s something I’ve overlooked, but I’m not sure what the solution is.
Any insight would be appreciated, thanks!.
The version of Caddy I’m using in this instance was downloaded less than a week ago (I think I grabbed it on Monday actually) so I believe it was version 0.9.3.
### example domain
https://domain.com {
proxy / http://non-ssl-domain.com {
proxy_header Host {host}
proxy_header X-Real-IP {remote}
proxy_header X-Forwarded-Proto {scheme}
}
tls C:/caddy/ssl/our.pem C:/caddy/ssl/our_key.pem
errors {
log logs/domain_error.log {
size 50 # Rotate after 50 MB
age 30 # Keep rotated files for 30 days
keep 5 # Keep at most 5 log files
}
}
log logs/domain_access.log {
rotate {
size 100 # Rotate after 100 MB
age 14 # Keep log files for 14 days
keep 10 # Keep at most 10 log files
}
}
#gzip
}
# Redirect HTTP requests to HTTPS
http://domain.com {
redir https://domain.com{uri} 301
log logs/domain_http_access.log {
rotate {
size 100 # Rotate after 100 MB
age 14 # Keep log files for 14 days
keep 10 # Keep at most 10 log files
}
}
}
I spent a bit more time this evening trying out different things to see if I could figure out what’s up, but didn’t come up with any solutions.
It’s very odd. The SSL hosts are working exactly as expected. I’m just not sure why the redirects from HTTP to HTTPS aren’t.
The example I’m providing above is one where the HTTPS URL is proxying off to a different domain, but I actually have another domain defined in this same file as well, and that one is not doing a proxy a basic static site using the “root” option and it’s behaving exactly the same way (with the HTTP to HTTPS redirect not working, and simply a 404 error being returned).
I also noticed one of the threads where Matt indicates that the HTTP to HTTP redirect is handled automatically if I were to remove the protocol part out front and I did try that as well and it seemed to behave worse so I ended up reverting back to my original Caddyfile similar to the above since I knew that at least this had worked at one point, on the other server I’m currently using Caddy on (older 0.8.x version in that case though).
Start by stripping your Caddyfile down to almost nothing. Take out the proxy, take out the other site descriptions, etc. Just the bare minimum, then try again, and see what happens. (When it comes to HTTPS, redirects, etc, I’m always suspicious of proxying. It’s almost always the backend.)
Also be sure to use curl unless you feel comfortable taming your browser’s caching behavior and using the network inspector tools.
Thanks for the replies, but as mentioned above I have already run several of the tests suggested and this isn’t localized to just a situation where a proxy is being used, it’s also occurring in a direct situation with a static site running via Caddy (I didn’t include that config above since it’s mostly redundant, aside from the usage of root vs. proxy).
As far as caching is concerned, I’m running my tests in a separate Incognito window of Chrome and closing that between runs (I’ve found that Chrome’s Incognito mode does a good job of avoiding HTTP caching so you can see exactly what’s occurring). Not that I can’t install curl too here on Windows, but it’s an extra layer that I don’t think is necessary for testing this particular thing out.
This is pretty barebones and it actually results in nothing (ERR_CONNECTION_REFUSED in Chrome) like the server isn’t even running, even though it is. And I tried it with tls off and with tls on with my custom cert/key and neither worked.
I then restore my configuration as I have it currently and at least HTTPS works for me (and this can be tested immediately upon updating the config and restarting Caddy in a new Chrome Incognito window), though the HTTP to HTTPS redirect is not.
From everything I can tell though on my end things should be working more properly as I would expect, so I’m really not sure why they aren’t and was hoping you guys might have some better ideas.
However, my guess is that some of the ambiguity of the above statement resulted in some tweaks in the newer version, which prevents the redir line from working as shown above in v0.9.3+.
The fix is simply to remove the 301 portion of that line above:
From Matt:
The valid syntaxes for the redir directive:
redir from to [code]
redir to
redir [code] {
from to [code]
}
redir [code] {
if a cond b
if_op [and|or]
...
}
Notice that redir to code is not one of them. This is because it is ambiguous with redir from to, which is far more common. So you want either redir https://domain.com{uri} or redir / https://domain.com{uri} 301, which should do the same thing.
The 404 you’re getting is because the “from” path of your current configuration is “https://domain.com{uri}” and the “to” is “301”.
