I think other than /callback routing is HTTP, the other routes are HTTPS, but I have been trying for a long time, but it can not work


(Zuijiaoluo) #1
http://xxx.xxx.com {
    proxy /api/callback api.local
    log /var/log/caddy.log
    gzip
}

xxx.xxx.com {
    proxy / api.local
    log /var/log/caddy.log
    gzip
    tls xxx@xxx.com
}

(Matthew Fay) #2

I’m having a bit of trouble understanding your title, exactly, but I think you mean that you want /api/callback to be accessible over HTTP while everything else is HTTPS-only.

In the example you gave, I can see that a problem would occur where HTTP requests to your website would not be proxied upstream unless they began with /api/callback, and would not be redirected to HTTPS.

Try something like this:

http://example.com/api/callback {
  proxy / api.local
  log /var/log/caddy.log
  gzip
}

example.com {
  proxy / api.local
  log /var/log/caddy.log
  gzip
  tls example@example.com
}

Which should leave non-/api/callback routes to be upgraded to HTTPS and all requests should be served normally via upstream API.


(Zuijiaoluo) #3

Yes, you are right. I’ll try and thank you. I give you feedback in the evening


(Zuijiaoluo) #4

404 Site xxx.xxx.com is not served on this interface, I used the configuration you gave, “api/callback” worked very well, But other routes can’t ok


(Matthew Fay) #5

Does xxx.xxx.com match the domain name in the second site block?

When Caddy starts up, it prints a list of domain names it’s serving. Does xxx.xxx.com appear there?


(Zuijiaoluo) #6
http://example.com/api/callback {
  proxy / api.local
  log /var/log/caddy.log
  gzip
}

example.com {
  proxy / api.local
  log /var/log/caddy.log
  gzip
  tls example@example.com
}

other.com {
  proxy / api.local
  log /var/log/caddy.log
  gzip
  tls example@example.com
}

log

http://example.com/api/callback
2018-05-29T15:47:43.613708662Z 2018/05/29 15:47:43 http://example.com/api/callback

https://example.com/api/callback
2018-05-29T15:47:43.613770258Z 2018/05/29 15:47:43 https://example.com

http://other.com
2018-05-29T15:47:43.613708662Z 2018/05/29 15:47:43 http://other.com

https://other.com
2018-05-29T15:47:43.613770258Z 2018/05/29 15:47:43 https://other.com

This seems to be missing “http://example.com

I think he may be in conflict with “http://example.com/api/callback


(Matthew Fay) #7

Hmm, you might be right about some kind of conflict; it’s serving the HTTPS site but seems to have skipped the HTTP site (perhaps because it thinks you’ve defined it yourself, despite the HTTP block being only for /api/callback).

Add this block to your Caddyfile:

http://example.com {
  redir https://example.com{uri}
}

The longest matching site label wins, so all we’re doing here is re-implementing the HTTP->S upgrade redirection that seems to have been skipped for non-/api/callback endpoints.


(Zuijiaoluo) #8

Or there will be some problems, “/api/callback” this route is forwarded to the “/” of api.local


(Matthew Fay) #9

Hmm, try proxy / api.local/api/callback