1. Output of caddy version
:
v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=
2. How I run Caddy:
a. System environment:
AWS Lightsail instance, Ubuntu 20.04 LTS
b. Command:
sudo caddy start --envfile .env
d. My complete Caddy config:
{
storage s3 {
host "s3.amazonaws.com"
bucket {$AWS_BUCKET_NAME}
access_id {$AWS_ACCESS_KEY_ID}
secret_key {$AWS_SECRET_ACCESS_KEY}
prefix "ssl"
insecure false
}
on_demand_tls {
ask http://localhost:3000/allowed-domains
interval 2m
burst 5
}
}
*.store.com {
reverse_proxy localhost:3000
tls certificates@store.com
tls {
dns cloudflare {$CLOUDFLARE_TOKEN}
}
encode gzip
}
:443 {
tls certificates@store.com
tls {
on_demand
}
reverse_proxy localhost:3000
encode gzip
}
3. The problem I’m having:
Hi, how do I go about setting up www redirection for wildcard domains?
For Eg. https://www.*.store.com -> https://*.store.com
.
Context: In our system, users can create subdomains under store.com
domain (demo.store.com
, hello.store.com
, etc) & also set up custom domains to be pointed to our server (certs generated using auto ssl).
Currently, only first-level subdomains are being served with the *.store.com
wildcard certificate. This causes www.*.store.com
to have a new certificate created for each *
subdomain.
I want to redirect all https://www.*.store.com -> https://*.store.com
and use the wildcard certificate instead of creating new ones.
Something like this (I understand this is not valid syntax but functionally I want to achieve the same)
www.*.store.com {
redir https://{labels.2}{labels.1}{labels.0}{uri}
}
Can somebody point us in the right direction? Thank you
4. Error messages and/or full log output:
5. What I already tried:
Ok, since the wildcard address block only supports the * at the leftmost side, I tried implementing the check for www inside the :443
block.
:443 {
@www header_regexp Host ^www\.\S*\.store\.com$
redir @www https://{labels.2}{labels.1}{labels.0}{uri}
tls certificates@store.com
tls {
on_demand
}
reverse_proxy localhost:3000
encode gzip
}
The redirect works but only after it creates the SSL certificate for that address. I believe the tls
is taking precedence over the redir
. Is there any way to work around this such that it redirects if the regex matches or else creates/check for the certificate?