Https on non-standard port, keeps wanting to bind on 80

I’m trying to get Caddy working on a different https port, but even tough, based on my understanding of the documentation and the different answers I’ve found around the web, defining no http listener and a DNS plugin should make the auto-ssl part not bind to 80.

Yet with the following config caddy still tries to bind to 80:

https://*, {
  tls {
	dns route53

  root /home/domain/www


  header / {
	alt-svc "quic=\":443\"; ma=2592000; v=\"44,43,39\""

  proxy / {
	except /img /wp-includes/js /wp-content/themes/domain/js /wp-content/themes/domain/images /wp-content/themes/domain/font /wp-includes/fonts /wp-includes/css /wp-includes/images
	header_downstream server "nginx"
	header_downstream x-proxied "Caddy; QUIC"

  log / /var/log/caddy_access.log "{combined}" {
	rotate_size 1000
	rotate_age 90
	rotate_keep 20

Getting me:

# caddy -conf=/etc/caddy/Caddyfile -quic
Activating privacy features... done.
2019/09/24 07:36:49 Listen: listen tcp :80: bind: address already in use

What am I doing wrong?

Hi @Znuff, welcome to the Caddy community!

Caddy will always try to bind a redirect listener on port 80 unless you disable Automatic HTTPS.

You could use -http-port to move the default port somewhere inconsequential and leave it firewalled.

Could you please clarify on the first part?

I’ve read that before, but there’s no actual example on how to do it (disable automatic https).

I would like to NOT to use -http-port while still using the DNS plugin (route53) to get a valid wildcard certificate.

These are the criteria under which Automatic HTTPS is enabled:

  • The hostname:
    • is not empty
    • is not localhost
    • is not an IP address
    • has no more than 1 wildcard (*)
    • wildcard must be left-most label
  • The port is not explicitly 80
  • The scheme is not explicitly http
  • TLS is not turned off in site’s definition
  • Certificates and keys are not provided by you
  • Caddy is able to bind to ports 80 and 443 (unless you use the DNS challenge)

Automatic HTTPS — Caddy Documentation

Breaking any of these conditions will disable Automatic HTTPS (except the last one, that will just have Caddy exit out). Basically, good options are to provide your own keys (or use self-signed, although those self-signed certs are short-lived and not renewed, so this isn’t good long term) or turn TLS off.

-http-port will not break your DNS challenges. It just moves the redirect listener to a different port, essentially (as a side-effect of changing the default HTTP port for all sites).

1 Like

This doesn’t seem exactly on-point. If Caddy can’t bind to 80 and/or 443, it just exits.

As much as I understand, my config should do exactly that.

Er, that is true I suppose, as not exiting is itself a prerequisite to enabling automatic HTTPS. I see what you mean about why this is confusing.

Caddy 1 also enables HTTP->HTTPS redirects, using the -http-port flag to know what the HTTP port is supposed to be. Because web browsers still default to HTTP, Caddy 1 doesn’t allow these automatic redirects to be disabled. (But Caddy 2 does, FWIW.)

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.