Regex redirect for www to non-www without knowing the domain

1. Caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I installed, and run Caddy:

a. System environment:

Ubuntu Package on Ubuntu 22.04.1 LTS ARM version

b. Command:

We have added the following packages:

caddy add-package
caddy add-package

Service edit to inject Environment variables


d. My complete Caddy config:

	admin off
	storage redis
	on_demand_tls {		
		interval "5m"
		burst 100

(proxyNode) {
	reverse_proxy {
		header_up +Host "{}"
		header_up +X-Real-IP "{http.request.remote}"
		header_up +X-Forwarded-For "{}"
		header_up +X-NginX-Proxy "true" # <- Yeah, it sucks but is a backend requirement
	header -X-powered-by

* {
	tls {
		issuer acme {
			dns route53
	handle {
		import proxyNode

:443 {
	tls {

	handle {
		import proxyNode

3. The problem I’m having:

No problem itself, but I’m having a hard time to find an effective way to remove all the www subdomains from hosts.

We don’t know the hosts, because each client may use:

Now, we need to remove the www. preffixes, this is the most common solution that I found in the forum:

@www header_regexp Host ^www\.
redir @www https://{labels.1}{labels.0}{uri}

And thats nice, but it just take care of short TLDs, something like will not be handled correctly (Will redirect to

Maybe, use something like the proxy placeholder may be useful, but i guess that this placeholder may be used just in the reverse_proxy block.

Is there any other way to manipulate the host?

Thanks so much for your hard work team! You rock it :metal:t2:

6. Links to relevant resources:

Why are you turning off admin? If you do so, you won’t be able to reload Caddy’s config gracefully, meaning you will incur downtime on any config change due to having to restart the server.

You don’t need these. Caddy sets the Host and XFF headers automatically.

This is not safe. You’re vulnerable to DDOS by an attacker continually forcing your server to issue certificates for random domains until you run out of storage (or in your case, memory in Redis).

You must use an ask endpoint to validate domains to allow. Your backend should have an endpoint that does a lookup in your database for registered domains for known customers.

You can use regexp capture groups to keep the remainder of the host:

@www header_regexp host Host ^www\.(.*)
redir @www https://{}{uri}

Hi Francis!

Thanks so much for review the entire config file! That’s really appreciated.

True, sorry, that shouldn’t be there. We are in a staging phase, making some tests before migrate from nginx. That was a test, but finaly we have removed that, thanks for the advice!

Originally, I’ve started making the JSO, without the Caddyfile, but for a unknown reason, those headers was not added to the request.
Pretty sure that I was setting some property wrong, I’ll remove those now :slight_smile:

Thanks a lot again! This endpoint is on developing phase right now :blush:

That’s perfect! So obvious :sweat_smile:

Really, thanks so much for your help to the community Francis!

You are awesome!


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.