Redirect with CNAME not working

ajfriesen · January 4, 2022, 4:12pm

1. Caddy version (`caddy version`):

latest caddy:2 docker image

2. How I run Caddy:

a. System environment:

Docker on ubuntu host

c. Service/unit/compose file:

version: '3'

services:

  caddy:
    image: caddy:2
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - $PWD/blog/Caddyfile:/etc/caddy/Caddyfile
      - caddy-data:/data
    networks:
      - docker-network
  ghost:
    image: ghost:4
    restart: always
    environment:
      # see https://ghost.org/docs/config/#configuration-options
      database__client: mysql
      database__connection__host: db
      database__connection__database: ghost
      database__connection__user: ghost
      database__connection__password: "${MYSQL_PASSWORD}"
      # this url value is just an example, and is likely wrong for your environment!
      url: https://www.ajfriesen.com
      mail__transport: "${MAIL_TRANSPORT}"
      mail__options__host: "${MAIL_HOST}"
      mail__options__port: "${MAIL_PORT}"
      mail__options__secureConnection: "${MAIL_SECURE_CONNECTION}"
      mail__options__auth__user: "${MAIL_USER}"
      mail__options__auth__pass: "${MAIL_PASSWORD}"
[...]

d. My complete Caddyfile or JSON config:

{
    # Global options block. Entirely optional, https is on by default
    # Optional email key for lets encrypt
    email my-mail 
    # Optional staging lets encrypt for testing. Comment out for production.
    # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}

www.ajfriesen.com {
    reverse_proxy ghost:2368
}

ajfriesen.com {
    redir https://www.ajfriesen.com{uri}
}

www.andrej-friesen.com {
    redir https://www.ajfriesen.com{uri}
}

3. The problem I’m having:

I am running a blog on my domain without any issues regarding caddy on www.ajfriesen.com

Now I wanted to add another domain I own www.andrej-friesen.com

I created a CNAME from www.andrej-friesen.com to ajfriesen.com but can not reach my site with that domain.

ping ajfriesen.com
PING ajfriesen.com (116.203.153.211) 56(84) bytes of data.

PING www.ajfriesen.com (116.203.153.211) 56(84) bytes of data.
64 bytes from static.211.153.203.116.clients.your-server.de (116.203.153.211): icmp_seq=1 ttl=52 time=19.1 ms


PING ajfriesen.com (116.203.153.211) 56(84) bytes of data.
64 bytes from static.211.153.203.116.clients.your-server.de (116.203.153.211): icmp_seq=1 ttl=52 time=18.6 ms

curl -v www.andrej-friesen.com
*   Trying 116.203.153.211:80...
* TCP_NODELAY set
* Connected to www.andrej-friesen.com (116.203.153.211) port 80 (#0)
> GET / HTTP/1.1
> Host: www.andrej-friesen.com
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://www.andrej-friesen.com/
< Server: Caddy
< Date: Tue, 04 Jan 2022 15:59:35 GMT
< Content-Length: 0
< 
* Closing connection 0

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

matt · January 4, 2022, 4:14pm

That seems to be working fine, Caddy is responding to your requests. What is the problem exactly?

ajfriesen · January 4, 2022, 4:30pm

Sorry, thought it was obvious
The blog is not available via www.andrej-friesen.com but is fine on www.ajfriesen.com

francislavoie · January 4, 2022, 4:43pm

Are you certain you’re using the latest version?

Run docker-compose exec caddy caddy version to see the actual version number. Latest is v2.4.6 currently.

Are you sure you reloaded Caddy after making config changes? It seems like the server doesn’t have a certificate for www.andrej-friesen.com.

You can perform a graceful config reload by running docker-compose exec -w /etc/caddy caddy caddy reload

Check the container logs with docker-compose logs caddy, and make sure the logs show that Caddy loaded with the domain www.andrej-friesen.com listed in the log with the message "enabling automatic TLS certificate management"

matt · January 4, 2022, 4:46pm

What do you mean by “not available” though? What indicates that? (You left numbers 4, 5, and 6 empty in the help template.) As far as I can tell everything is working fine. What happens when you follow the redirect?

ajfriesen · January 4, 2022, 5:06pm

I am managing the docker-compose files via ansible and was assuming that a change will restart the container. I could have sworn I had done that already because I added and removed domains over the last few months there.
My mistake, it does not do that automatically. Nothing caddy-related.

When I followed www.andrej-friesen.com I got Chrome saying ERR_SSLPROTOCOL_ERROR and not showing my blog.
That is what I mean by “redirect does not work”.

Now the reload is done everything works as expected.
So I got the config right in the first place but was fooled by my assumption of the autoreload for my ansible:

    - name: "Create docker network"
      docker_network:
        name: "docker-network"

    - name: Sync blog
      ansible.posix.synchronize:
        src: blog/
        dest: /home/andrej/blog

    - name: Create and start docker services
      community.docker.docker_compose:
        project_src: /home/andrej/blog
        state: present
        restarted: yes # <------ Was missing this.

Again nothing caddy-related.
Mea Culpa!

matt · January 4, 2022, 5:07pm

Excellent, thanks for the follow-up! Glad you figured it out.

system · February 3, 2022, 4:13pm

This topic was automatically closed after 30 days. New replies are no longer allowed.