Redir didn't work as expected. What should I do?

nonovbvb · February 18, 2024, 4:33pm

1. The problem I’m having:

How do I redir to port 443 when I only have an https server running on port 8443?
I’m trying to make all requests to port :80 redir to :443. but none of them work except for some configurations. It just redir to 8443. What should I do?

2. Error messages and/or full log output:

None

3. Caddy version:

v2.7.6

4. How I installed and ran Caddy:

a. System environment:

centos 6.8

d. My complete Caddy config:

{
	auto_https disable_redirects
	https_port 443
	servers 127.0.0.1:5000 {
		listener_wrappers {
			proxy_protocol
		}
		protocols h1 h2 h2c h3
	}
}

# dummy server, automatic certificate renewal needed. Blocked by firewall.
new.com:8443 {
	root * /usr/share/caddy
	file_server
}

:80 {
	redir https://new.com:443{uri} permanent # doesn't work, always redir to :8443
	#redir https://{host}:443{uri} # work
}

http://new.com:5000 {
	root * /usr/share/caddy
	file_server
	log
	bind 127.0.0.1
}

francislavoie · February 18, 2024, 4:41pm

I’m not sure I follow.

Please show an example request with curl -v. Enable the debug global option and show your logs.

nonovbvb · February 18, 2024, 4:53pm

Thanks for your reply. It works fine now. And I will post the newest Caddyfile I use.
And I still have question about why it doesn‘t work before.

{
	auto_https disable_redirects
	servers 127.0.0.1:5000 {
		listener_wrappers {
			proxy_protocol
		}
		protocols h1 h2 h2c h3
	}
}

sth.example.com:8443 {
	root * /usr/share/caddy
	file_server
}

:80 {
	redir https://{host}{uri} permanent
}

http://sth.example.com:5000 {
	root * /usr/share/caddy
	file_server
	log
	bind 127.0.0.1
}

francislavoie · February 18, 2024, 4:58pm

Why are you disabling redirects if you’re just re-adding them by hand? I don’t understand.

nonovbvb · February 18, 2024, 5:09pm

Servers located on port 5000 are not allowed to use https. then I was hoping that the auto https feature would work either way. I tried it and now it works, so I guess I better leave it alone
For some reason, this problem no longer occurs. Even when I re-enabled the configuration that was previously considered problematic, and tested with curl, fiddler failed to reproduce the previous issue again. Thanks again for your reply!

francislavoie · February 18, 2024, 5:10pm

Using http:// on your site address ensures that it uses HTTP. So there’s no need to touch auto_https for that reason.

nonovbvb · February 18, 2024, 5:16pm

I tried. And then it redir to 8443 port again.

# curl -v sth.example.com
* About to connect() to sth.example.com port 80 (#0)
*   Trying a.b.c.d...
* Connected to sth.example.com (a.b.c.d) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: sth.example.com
> Accept: */*
> 
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://sth.example.com:8443/
< Server: Caddy
< Date: Sun, 18 Feb 2024 17:14:08 GMT
< Content-Length: 0
< 
* Closing connection 0

nonovbvb · February 18, 2024, 5:17pm

It happend again:

# curl -v sth.example.com
* About to connect() to sth.example.com port 80 (#0)
*   Trying a.b.c.d...
* Connected to sth.example.com (a.b.c.d) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: sth.example.com
> Accept: */*
> 
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://sth.example.com:8443/
< Server: Caddy
< Date: Sun, 18 Feb 2024 17:14:08 GMT
< Content-Length: 0
< 
* Closing connection 0

nonovbvb · February 18, 2024, 5:30pm

I understand. For caddy’s auto https, the automatic redir to the first https enabled site is the default behavior. It doesn’t matter if that site’s port is 443. So I need:
auto_https disable_redirects
and:

:80 {
	redir https://{host}{uri} permanent
}

francislavoie · February 18, 2024, 5:33pm

I’m confused. Why do you want it to redirect to 443? Caddy isn’t serving 443 with your current Caddyfile.

nonovbvb · February 18, 2024, 5:40pm

I forgot to add more background description, sorry. port 443 is occupied by other application. caddy only handles port 5000, port 80. port 8443 is used to spoof caddy to issue certificates for the whole site.

francislavoie · February 18, 2024, 5:41pm

Why not just change the port of that app to something else, then have Caddy proxy to it? Much simpler if Caddy has ports 80+443, especially for solving ACME challenges.

nonovbvb · February 18, 2024, 5:44pm

I couldn’t find a way to properly configure that program, so I had to leave it on port 443. By the way, I accidentally gave away my site ip in a reply. Is there any way to remove it?

francislavoie · February 18, 2024, 5:46pm

What program?

I hid it.

nonovbvb · February 18, 2024, 6:12pm

Thank a lot. Some kind of dashboard I guess? The network configuration seems to be hardcoded inside the program. I didn’t find anything about it in the documentation anyway.

francislavoie · February 18, 2024, 6:18pm

Dashboard for what?

system · March 19, 2024, 6:19pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.