Need help with caddyfile https redirection

karthik · April 27, 2021, 1:16pm

1. Caddy version (`caddy version`):

v2.3.0

2. How I run Caddy:

a. System environment:

Docker

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

(cors) {
	@origin header Origin {args.0}
	header @origin Access-Control-Allow-Origin "{args.0}"
	header @origin Access-Control-Request-Method GET
}

{$SITE_ADDRESS} {

import cors {$SITE_ADDRESS}

# gkwebapp
reverse_proxy * gnukhata:6544

# gkcore
handle_path /api/* {
	rewrite /api /api/
	reverse_proxy gnukhata:6543
    }
}

3. The problem I’m having:

http urls are not redirected to https://

4. Error messages and/or full log output:

5. What I already tried:

I have tried header Location http:// https:// but no use

Please help me with the issue. The wsgi server is waitress

matt · April 27, 2021, 7:16pm

CSP is blocking the HTTP request from being made at all; that’s not Caddy not redirecting.

francislavoie · April 27, 2021, 7:48pm

You need to make sure your site is loading assets over the same protocol as the initial request (i.e. HTTPS). Those errors are complaining because your site is trying to make HTTP requests while the site is loaded over HTTPS (see in your address bar, https://localhost)

karthik · April 28, 2021, 3:27am

Yes, I found this issue in production. So, I reproduced this on local host. Anything we could do tor redirect those requests ro https?

This is the config of the server gnukhata:6544 in Caddyfile production.ini · master · GNUKhata / gkwebapp · GitLab

francislavoie · April 28, 2021, 3:39am

No. The HTML must either use // or https:// as the scheme (the former will make the browser make the requests with the same scheme as the originating page). The browser is preventing the request from even happening, because the HTML contents are trying to load insecure content.

system · May 27, 2021, 1:17pm

This topic was automatically closed after 30 days. New replies are no longer allowed.