I think other than /callback routing is HTTP, the other routes are HTTPS, but I have been trying for a long time, but it can not work

zuijiaoluo · May 27, 2018, 1:58pm

http://xxx.xxx.com {
    proxy /api/callback api.local
    log /var/log/caddy.log
    gzip
}

xxx.xxx.com {
    proxy / api.local
    log /var/log/caddy.log
    gzip
    tls xxx@xxx.com
}

Whitestrake · May 28, 2018, 1:00am

I’m having a bit of trouble understanding your title, exactly, but I think you mean that you want /api/callback to be accessible over HTTP while everything else is HTTPS-only.

In the example you gave, I can see that a problem would occur where HTTP requests to your website would not be proxied upstream unless they began with /api/callback, and would not be redirected to HTTPS.

Try something like this:

http://example.com/api/callback {
  proxy / api.local
  log /var/log/caddy.log
  gzip
}

example.com {
  proxy / api.local
  log /var/log/caddy.log
  gzip
  tls example@example.com
}

Which should leave non-/api/callback routes to be upgraded to HTTPS and all requests should be served normally via upstream API.

zuijiaoluo · May 28, 2018, 2:58am

Yes, you are right. I’ll try and thank you. I give you feedback in the evening

zuijiaoluo · May 28, 2018, 1:03pm

404 Site xxx.xxx.com is not served on this interface, I used the configuration you gave, “api/callback” worked very well, But other routes can’t ok

Whitestrake · May 29, 2018, 5:31am

Does xxx.xxx.com match the domain name in the second site block?

When Caddy starts up, it prints a list of domain names it’s serving. Does xxx.xxx.com appear there?

zuijiaoluo · May 29, 2018, 3:52pm

http://example.com/api/callback {
  proxy / api.local
  log /var/log/caddy.log
  gzip
}

example.com {
  proxy / api.local
  log /var/log/caddy.log
  gzip
  tls example@example.com
}

other.com {
  proxy / api.local
  log /var/log/caddy.log
  gzip
  tls example@example.com
}

log

http://example.com/api/callback
2018-05-29T15:47:43.613708662Z 2018/05/29 15:47:43 http://example.com/api/callback

https://example.com/api/callback
2018-05-29T15:47:43.613770258Z 2018/05/29 15:47:43 https://example.com

http://other.com
2018-05-29T15:47:43.613708662Z 2018/05/29 15:47:43 http://other.com

https://other.com
2018-05-29T15:47:43.613770258Z 2018/05/29 15:47:43 https://other.com

This seems to be missing “http://example.com”

I think he may be in conflict with “http://example.com/api/callback”

Whitestrake · May 29, 2018, 11:05pm

Hmm, you might be right about some kind of conflict; it’s serving the HTTPS site but seems to have skipped the HTTP site (perhaps because it thinks you’ve defined it yourself, despite the HTTP block being only for /api/callback).

Add this block to your Caddyfile:

http://example.com {
  redir https://example.com{uri}
}

The longest matching site label wins, so all we’re doing here is re-implementing the HTTP->S upgrade redirection that seems to have been skipped for non-/api/callback endpoints.

zuijiaoluo · May 31, 2018, 1:19am

Or there will be some problems, “/api/callback” this route is forwarded to the “/” of api.local

Whitestrake · May 31, 2018, 11:05am

Hmm, try proxy / api.local/api/callback

system · August 29, 2018, 11:05am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.