Redirect all unregistered subdomain to a proper 404 error page

chateau · April 11, 2021, 11:02am

1. Caddy version (`caddy version`):

Caddy v1.0.1 (h1:oor6ep+8NoJOabpFXhvjqjfeldtw1XSzfISVrbfqTKo=)

2. How I run Caddy:

a. System environment:

Ubuntu 18.04.5 LTS

b. Command:

service caddy start

c. My Caddyfile

yolo.org {
    root /var/www
}

sub.yolo.org {
    proxy / https://somewhere {
        transparent
        insecure_skip_verify
    }
}

other.yolo.org {
    proxy / https://somewhereelse {
        transparent
        insecure_skip_verify
    }
}

3. The problem I’m having:

The behaviour I’m trying to achieve, is that if someone visits any subdomain of yolo.org that is not registered in my Caddyfile, they get to see a proper 404 error page.

For example, if a user asks for:

yolo.org/something.html => all good they see the /var/www/something.html file
sub.yolo.org => all good they see the appropriate app
other.yolo.org => all good they see the appropriate app
somethingelse.yolo.org => they see the /var/www/404.html file
qwertyqwerty.yolo.org => they see the /var/www/404.html file

Ideally, if the user could not be redirected that would be great. But I doubt it’s achievable easily, for certificates purposes. So redirecting to yolo.org/404.html?askedsubdomain.yolo.org would already be a nice achievement to me.

4. Error messages and/or full log output:

At the moment, when someone tried to connect to an unregistered subdomain (for example somethingelse), this is what’s logged:

2021/04/11 12:43:56 http: TLS handshake error from XX.XX.XX.XXX:XXXXX: no certificate available for 'somethingelse.yolo.org'

And the browser shows:

Secure Connection Failed
An error occurred during a connection to somethingelse.yolo.org. Peer reports it experienced an internal error.
Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

5. What I already tried:

I tried using the following syntaxes:

*.yolo.org {
  root /var/www/404.html{host}
}

and

*.yolo.org {
  redir https://yolo.org/404.html{host}
}

When I do so, caddy reports that the caddyfile is valid, but then fails to start the service if I try.

6. Links to relevant resources and side notes:

I found many posts and issues related to this issue, but usually very specific to a situation, and I wasn’t able to understand them enough to actually figure out the proper syntax I should use (for example: v2: HTTP-only wildcard sites still redirect to HTTPS if another site is configured with automatic HTTPS · Issue #3212 · caddyserver/caddy · GitHub, Caddyfile Concepts — Caddy Documentation).
I’m aware that my issue is a fairly standard issue, and I’m sorry I wasn’t able to figure it out without having to ask on the forum. But maybe this question can become a good future resource for people in my situation.

At the moment, I’m trying to achieve this using caddy v1, because this is what is installed on the server and I don’t have the possibility to change it at the moment. But recommendations on how to do it both with caddy v1 and v2 would be great as well, for future developments.

Thanks a lot for the consideration

francislavoie · April 11, 2021, 12:29pm

Caddy v1 is EOL and no longer supported. Please upgrade to Caddy v2. You can find the upgrade guide here:

chateau · April 13, 2021, 6:21pm

Thank you for the advice, at the moment I don’t have the immediate possibility of doing the update. That’s the reason why I was asking this question.
Also I don’t know if the config I was trying would even work in caddy 2, but whenever I can test it I will try.

system · May 11, 2021, 11:03am

This topic was automatically closed after 30 days. New replies are no longer allowed.