First off thanks for those who can help. I apologize but I am required to redact information. I hope the information provided gives enough information for the assist.
{
debug
http_port 80
https_port 443
# default_sni <name>
# order <dir1> first|last|[before|after <dir2>]
# experimental_http3
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory # STAGING API Endpoint Use When Testing
# acme_ca https://acme-v02.api.letsencrypt.org/directory
email email@SorryHaveToRedact.org
admin off
on_demand_tls {
interval 6m
burst 10
}
auto_https disable_redirects
}
###################################################
#### HTTP Redirects - WILDCARDS OK
###################################################
#tried uri replace /context ""
#tried uri strip_prefix /context
http://subdomain.SorryHaveToRedact.org {
uri replace /context ""
redir https://portal.newdomain.org{uri}
}
###################################################
#### HTTPS Redirects - NO WILDCARDS
###################################################
#tried uri replace /context ""
#tried uri strip_prefix /context
https://subdomain.SorryHaveToRedact.org {
tls {
on_demand
issuer acme
issuer zerossl
}
uri replace /context ""
redir https://portal.newdomain.org{uri}
}
3. The problem I’m having:
I am trying to set up a redirect of a domain that uses /context at the beginning of the URI to a new domain with the same URI except dropping the /context.
tried several combinations with URI and considered using rewrite. It seems as though the {uri} is always refers back to the original uri before any manipulation of the uri directive. So I think I need to do this some other way?
6. Links to relevant resources:
Tons of failed google searches looking for examples.
I strongly suggest not using caddy start. It’s not reliable, because it will not automatically restart when the machine is restarted. Run it as a windows service instead:
This is redundant, these are already the default. You can remove these.
If you turn off the admin endpoint, then you can’t stop or gracefully reload Caddy, forcing you to completely restart it if you change the config, causing downtime. I strongly recommend keeping this on.
This is dangerous. You must use an ask endpoint when enabling on_demand, otherwise you’re at risk of DDoS attacks via forcing your server to continuously issuing certificates. An attacker can point a wildcard to your server, then infinitely make HTTP requests with different subdomains making your server issue a cert for each. This can quickly fill up storage until you run out.
With that said, you aren’t using an https:// site from what you wrote, so you have no reason to use on_demand. That feature should only be used when you don’t know the domains you want to server ahead of time. In your case, it seems like you do know, so you should not use on_demand.
You can remove all this, because those issuers are already the default, and on_demand does not make sense for a site where you’ve explicitly configured the domain.
This is correct.
No, it definitely has the manipulated path. Proof of concept:
:8883 {
uri strip_prefix /foo
respond "URI: {uri}"
}
Thanks for the info. I’ll let the person know about some of the changes you suggested we should make; especially about the DDos one.
the respond "URI: {uri}" was extremely helpful and pointed me to what my actual issue was. It was working fine but the web server that hasn’t been reconfigured was reapplying the context folder and making it look like it wasn’t working. So we’re all good! Thanks so much!
Wanted to add in that I found that the URI directive has a lower precedence than redir so this wasn’t working until I feed it through the route directive