Modify URI and then redirect

First off thanks for those who can help. I apologize but I am required to redact information. I hope the information provided gives enough information for the assist.

1. Caddy version (caddy version):

2.5.2

2. How I run Caddy:

Windows Server 2022

a. System environment:

Windows Server 2022

b. Command:

$CaddyProcess = Start-Process -WindowStyle Hidden -LoadUserProfile -PassThru -ErrorAction Stop -FilePath 'C:\choco\bin\caddy.exe'
-ArgumentList ‘start --config c:\Caddy\Caddyfile’ -WorkingDirectory 'C:\Caddy'
-RedirectStandardError ‘C:\Caddy\Caddyconsoleerrorlog.txt’ `
-RedirectStandardOutput ‘C:\Caddy\Caddyconsolelog.txt’

c. Service/unit/compose file:

No using docker

d. My complete Caddyfile or JSON config:

{
	debug
	http_port 80
	https_port 443
	# default_sni <name>
	# order <dir1> first|last|[before|after <dir2>]
	# experimental_http3
	# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory # STAGING API Endpoint Use When Testing
	# acme_ca https://acme-v02.api.letsencrypt.org/directory
	email email@SorryHaveToRedact.org
	admin off
	on_demand_tls {
		interval 6m
		burst 10
	}
	auto_https disable_redirects
}

###################################################
#### HTTP Redirects - WILDCARDS OK
###################################################


#tried uri replace /context ""
#tried uri strip_prefix /context

http://subdomain.SorryHaveToRedact.org {
	uri replace /context ""
	redir https://portal.newdomain.org{uri}
}


###################################################
#### HTTPS Redirects - NO WILDCARDS
###################################################

#tried uri replace /context ""
#tried uri strip_prefix /context
https://subdomain.SorryHaveToRedact.org {
	tls {
		on_demand
		issuer acme
		issuer zerossl
	}
	uri replace /context ""
	redir https://portal.newdomain.org{uri}
}

3. The problem I’m having:

I am trying to set up a redirect of a domain that uses /context at the beginning of the URI to a new domain with the same URI except dropping the /context.

Original URL: http://subdomain.SorryHaveToRedact.org/context/comm/Lookup.jsp?Org=7153&Campaign=203976
Redirected URL: http://portal.newdomain.org/comm/Lookup.jsp?Org=7153&Campaign=203976

/context/comm/Lookup.jsp?Org=7153&Campaign=203976

4. Error messages and/or full log output:

No Errors found.

5. What I already tried:

tried several combinations with URI and considered using rewrite. It seems as though the {uri} is always refers back to the original uri before any manipulation of the uri directive. So I think I need to do this some other way?

6. Links to relevant resources:

Tons of failed google searches looking for examples.

To be clear the URI that could come back could also have a query string that looks like this:

/context/comm/Lookup.jsp?Org=7153&Campaign=203976

Was just reading more about the use of Caddy placeholders to see if I could figure something out and wanted to make sure this was stated.

I strongly suggest not using caddy start. It’s not reliable, because it will not automatically restart when the machine is restarted. Run it as a windows service instead:

This is redundant, these are already the default. You can remove these.

If you turn off the admin endpoint, then you can’t stop or gracefully reload Caddy, forcing you to completely restart it if you change the config, causing downtime. I strongly recommend keeping this on.

This is dangerous. You must use an ask endpoint when enabling on_demand, otherwise you’re at risk of DDoS attacks via forcing your server to continuously issuing certificates. An attacker can point a wildcard to your server, then infinitely make HTTP requests with different subdomains making your server issue a cert for each. This can quickly fill up storage until you run out.

With that said, you aren’t using an https:// site from what you wrote, so you have no reason to use on_demand. That feature should only be used when you don’t know the domains you want to server ahead of time. In your case, it seems like you do know, so you should not use on_demand.

You can remove all this, because those issuers are already the default, and on_demand does not make sense for a site where you’ve explicitly configured the domain.

This is correct.

No, it definitely has the manipulated path. Proof of concept:

:8883 {
    uri strip_prefix /foo
    respond "URI: {uri}"
}
$ curl http://localhost:8883/foo/bar?query=baz
URI: /bar?query=baz
1 Like

Thanks for the info. I’ll let the person know about some of the changes you suggested we should make; especially about the DDos one.

the respond "URI: {uri}" was extremely helpful and pointed me to what my actual issue was. It was working fine but the web server that hasn’t been reconfigured was reapplying the context folder and making it look like it wasn’t working. So we’re all good! Thanks so much!

2 Likes

Wanted to add in that I found that the URI directive has a lower precedence than redir so this wasn’t working until I feed it through the route directive

http://subdomain.SorryHaveToRedact.org {
	route {
		uri strip_prefix /uw-mc
		redir https://portal.newdomain.org{uri}
	}
}
2 Likes

Ah, yeah! You’re right, my bad I should’ve spotted that.

1 Like