Redirect http to https on non 80 and 443 port

tarkky · May 13, 2019, 5:47am

Hello,
My VPS has no 80 and 443 ports available for me.
I have to use two non-standard ports for http and https.
I’ve installed the latest caddy with DNS changeling plugin.
I want to realize, all http traffic redirect to https
Here’s my caddyfile.

http://mydomain:8080 {
tls off
gzip
redir https://mydomain:8081{uri}
}

https://mydomain:8081 {
tls {
dns cloudflare
}
gzip
timeouts none
proxy / https://google.com {

}

import sites/*

I use caddy -conf /etc/caddy/Caddyfile -http-port 8080 to start caddy service
dnow,
the http request returns 500 internal privoxy error
the https works fine with google displays.

So could anyone help me out http request?
I hope http request will goes automaticlly to https8081, which should return google
thanks,
Jane

Whitestrake · May 13, 2019, 5:51am

Hi @tarkky, welcome to the Caddy community.

What’s the output when you run curl -IL http://mydomain:8080 ?

tarkky · May 13, 2019, 5:57am

Hi @Whitestrake
here’s the output

curl -IL http://mydomain:8080

HTTP/1.1 301 Moved Permanently
Connection: close
Content-Type: text/html; charset=utf-8
Location: https://mydomain:8081/
Server: Caddy
Date: Mon, 13 May 2019 05:54:53 GMT

HTTP/2 200
age: 771733
cache-control: public, max-age=0, must-revalidate
content-type: text/html; charset=UTF-8
date: Sat, 04 May 2019 07:32:43 GMT
etag: “a689665c0fa374b5ee7a63cb030e0d0b-ssl”
link: </static/css/style.d6daa8a167d72ec0d64c155c70d5a6be.css>; rel=preload; as=style, </static/js/bundle.min.135568517fe511bf4317aac5e56fb8e3.js>; rel=preload; as=script
server: Caddy
server: Netlify
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-dns-prefetch-control: on
x-nf-request-id: 2c86588f-de74-4714-9cdf-2b06d2fd60c7-216371876
content-length: 4989

tarkky · May 13, 2019, 5:58am

And when I tries in browser,
http://mydomain:8080
it seems redirects to https://mydomain:8080
why the port is not redirected to 8081?

Whitestrake · May 13, 2019, 6:02am

Could be a bad browser cache. The cURL results look pretty good.

Try with another browser.

tarkky · May 13, 2019, 6:05am

Hi @Whitestrake
I tried with IE, the first time it works fine, but I opened another tab, tried again, this time,
the http://mydomain:8080 goes to https://mydomain:8080
same error.

Whitestrake · May 13, 2019, 6:13am

What’s in import sites/*?

Edit: Actually, I don’t need to know that. I know why your browser goes to https://mydomain:8080.

The first time you connect, everything works. You connect to HTTP on port 8080, Caddy tells you to go to HTTPS on port 8081, all working.
Caddy tells your browser never to connect over HTTP, always use HTTPS. (this is Strict-Transport-Security at work)
You browse to http://mydomain:8080 for the second time.
Your browser remembers not to bother with HTTP. It changes the scheme automatically.
However, you’ve manually specified the port. Normally, the port is unspecified, so changing scheme implies changing port. But not in this case. Your browser doesn’t change the port to 8081 because it doesn’t remember which port HTTPS is on for this specific site.

This is going to keep happening as long as you use HSTS on non-standard ports.

tarkky · May 13, 2019, 6:55am

thanks @Whitestrake for your so kindly help. it’s really very clear for me now.

Whitestrake · May 13, 2019, 6:57am

No worries! Glad I could help.

system · August 11, 2019, 7:06am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.