Listening on port 80 and 443 without host in Caddyfile / https redirect not working

spn · April 24, 2020, 8:10am

1. My Caddy version (`caddy version`):

v2.0.0-rc.3

2. How I run Caddy:

./caddy run

a. System environment:

Debian 9

d. My complete Caddyfile or JSON config:

{
debug

on_demand_tls {
  ask "https://mydomain.com/ask"
  }
}

#Listen
:443 {

reverse_proxy 127.0.0.1:81

#TLS Options
tls myemail@mydomain.com {
  on_demand
}
}

3. The problem I’m having:

Hello, this config just works fine with https only. Now I also want to open port 80, and enable redirection to https. Is this possible with the Caddyfile? I already tried many things, but nothing is working. When i add :80 below the tls options, I get the error:

2020/04/24 07:49:41.243 INFO    using adjacent Caddyfile
run: adapting config using caddyfile: cannot make a TLS automation policy from a server block that has a host-less address when there are other server block addresses lacking a host

Maybe someone here has an idea

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

spn · April 24, 2020, 9:57am

It is working with this json file

Summary

{
   "apps":{
      "http":{
         "servers":{
            "srv0":{
               "listen":[
			      ":80",
                  ":443"
               ],
               "routes":[
                  {
                     "handle":[
                        {
                           "handler":"reverse_proxy",
                           "upstreams":[
                              {
                                 "dial":"127.0.0.1:81"
                              }
                           ]
                        }
                     ]
                  }
               ],
               "tls_connection_policies":[
                  {

                  }
               ]
            }
         }
      },
      "tls":{
         "automation":{
            "on_demand":{
               "ask":"https://mydomain.com/ask"
            },
            "policies":[
               {
                  "issuer":{
                     "email":"myemail@mydomain.com",
                     "module":"acme"
                  },
                  "on_demand":true
               }
            ]
         }
      }
   },
   "logging":{
      "logs":{
         "default":{
            "level":"DEBUG"
         }
      }
   }
}

I think i would be fine with this, but redirection from http to https is not working. According to the documentation it should be enabled by default?

Regards, Stefan

francislavoie · April 24, 2020, 12:29pm

Redirects are only automatically set up if your site qualifies for Automatic HTTPS. This is explained here in the docs

matt · April 24, 2020, 11:41pm

@francislavoie Yes but this should work.

@spn I think I just fixed this. Can you please try building from the latest on master or using a build artifact here: httpcaddyfile: Add nil check to prevent panic, fix validation logic · caddyserver/caddy@97ed9e1 · GitHub

Let me know how it goes!

spn · April 28, 2020, 9:23am

Thanks for the quick reaction!
Unfortunately it is not working.
This WARN message is shown in the log

2020/04/28 09:19:57.896 WARN    http    user server is listening on same interface as automatic HTTP->HTTPS redirects; user-configured routes might override these redirects {"server_name": "srv0", "interface": "tcp/:80"}

I build caddy from master and the config json is the same as shown above.

matt · April 28, 2020, 12:12pm

@spn Is that really your full Caddyfile? Please provide your full and unredacted config so I can investigate. Edit: oh, so wait, are you not using the Caddyfile anymore?

Edit 2: your json defines routes for port 80 that don’t redirect, so obviously it will overwrite caddy’s implicit redirects. Do you want requests on port 80 to be proxied or to redirect?

If you want them to redirect please try with your original Caddyfile or remove the routes on port 80 in your JSON.

spn · April 28, 2020, 12:43pm

@matt yes, this is my full Caddyfile, but I was not able to listen on port 80 and 443 as described in my first post. I thought this is a limitation of the Caddyfile and created the json config. Should this also work with the Caddyfile?

I have removed port 80 from the json config and now also the redirect to https is working. Thank you!

matt · April 28, 2020, 1:39pm

I see. Your original Caddyfile should do what you want now too.

system · May 28, 2020, 1:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.