Redirect www..example.com to .example.com

asifm95 · December 21, 2022, 9:33am

1. Output of `caddy version`:

v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=

2. How I run Caddy:

a. System environment:

AWS Lightsail instance, Ubuntu 20.04 LTS

b. Command:

sudo caddy start --envfile .env

d. My complete Caddy config:

{
        storage s3 {
                host "s3.amazonaws.com"
                bucket {$AWS_BUCKET_NAME}
                access_id {$AWS_ACCESS_KEY_ID}
                secret_key {$AWS_SECRET_ACCESS_KEY}
                prefix "ssl"
                insecure false
        }
        on_demand_tls {
                ask http://localhost:3000/allowed-domains
                interval 2m
                burst 5
        }
}


*.store.com {
        reverse_proxy localhost:3000

        tls certificates@store.com
        tls {
                dns cloudflare {$CLOUDFLARE_TOKEN}
        }
        encode gzip
}

:443 {
        tls certificates@store.com
        tls {
                on_demand
        }
        reverse_proxy localhost:3000
        encode gzip
}

3. The problem I’m having:

Hi, how do I go about setting up www redirection for wildcard domains?
For Eg. https://www.*.store.com -> https://*.store.com.

Context: In our system, users can create subdomains under store.com domain (demo.store.com, hello.store.com, etc) & also set up custom domains to be pointed to our server (certs generated using auto ssl).
Currently, only first-level subdomains are being served with the *.store.com wildcard certificate. This causes www.*.store.com to have a new certificate created for each * subdomain.

I want to redirect all https://www.*.store.com -> https://*.store.com and use the wildcard certificate instead of creating new ones.

Something like this (I understand this is not valid syntax but functionally I want to achieve the same)

www.*.store.com {
  redir https://{labels.2}{labels.1}{labels.0}{uri}
}

Can somebody point us in the right direction? Thank you

4. Error messages and/or full log output:

5. What I already tried:

Ok, since the wildcard address block only supports the * at the leftmost side, I tried implementing the check for www inside the :443 block.


:443 {
        @www header_regexp Host ^www\.\S*\.store\.com$
        redir @www https://{labels.2}{labels.1}{labels.0}{uri}

        tls certificates@store.com
        tls {
                on_demand
        }

        reverse_proxy localhost:3000
        encode gzip
}

The redirect works but only after it creates the SSL certificate for that address. I believe the tls is taking precedence over the redir. Is there any way to work around this such that it redirects if the regex matches or else creates/check for the certificate?

6. Links to relevant resources:

emilylange · December 21, 2022, 11:45am

Is there any particular reason why you want to use wildcard certificates for
www.example.store.com to example.store.com redirects?

Not sure if I understand you right.
Do you want to redirect without a certificate?
Or do you want to create on_demand certificates only for hostnames in that www.*.store.com pattern?

If it is the latter, then you could use the on_demand_tls ask endpoint

asifm95 · December 21, 2022, 12:46pm

We want to enforce www → non-www redirect anyways. So isn’t it redundant to create & manage a new certificate for each www.*.store.com domain when we could just redirect and use the wildcard certificates instead?

Yes. For www.*.store.com domains, I want to redirect without a certificate. Since the redirection is to *.store.com, the wildcard certificate can take over, right? Or am I missing something?

We are already using the on_demand_tls ask since we also have to manage SSL certs of custom domains pointed to our server.

emilylange · December 21, 2022, 1:00pm

Just so we are on the same page:
A redirect from www.example.store.com to example.store.com requires a valid certificate for www.example.store.com.
That can either be an exact match (e.g. www.example.store.com) or *.example.store.com.

*.store.com won’t work for www.example.store.com.
And you also won’t be able to issue a certificate for www.*.store.com.
Both www.example.store.com and *.example.store.com are possible, however.

With that said, do you already have a wildcard certificate for *.example.store.com or just *.store.com?

Also, technically you could redirect without a certificate, but that would be limited to http:// (not https://), which will only confuse your customers.

My bad, seems like I overlooked that in your Caddyfile.

asifm95 · December 21, 2022, 1:43pm

Oh! I see. This is the info that I’ve been looking for.

So looks like this is a good enough solution for handling the redirection I need.

asifm95:

:443 {
        @www header_regexp Host ^www\.\S*\.store\.com$
        redir @www https://{labels.2}{labels.1}{labels.0}{uri}

        tls certificates@store.com
        tls {
                on_demand
        }

        reverse_proxy localhost:3000
        encode gzip
}

Thank you so much for clearing that up for me. Cheers.

emilylange · December 21, 2022, 2:09pm

Glad I could help

Just one small appendix:

I think you have to use dots between each label:

redir @www https://{labels.2}.{labels.1}.{labels.0}{uri}

Also, you could use

@www host www.*.store.com

instead of

@www header_regexp Host ^www\.\S*\.store\.com$

Both do the same, so it’s up to you.
I just find the latter easier to read

Edit: Added the part about the dots between the {labels.*}

asifm95 · December 21, 2022, 2:30pm

Oops! Nice catch. Must have missed those when I refactored.

Awesome! didn’t know the host matcher supported that!

system · January 20, 2023, 9:33am

This topic was automatically closed after 30 days. New replies are no longer allowed.

Redirect www.*.example.com to *.example.com

1. Output of caddy version: