1. Caddy version (caddy version
):
v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=
This includes route53 module, which currently isn’t being used. That’s the step after this
2. How I run Caddy:
sudo ./caddy run --config=new_caddy.json
a. System environment:
MacOS 10.15.7 right now
Eventually Ubuntu 20.14
b. Command:
sudo ./caddy run --config=new_caddy.json
c. Service/unit/compose file:
N/A
d. My complete Caddyfile or JSON config:
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"logs": {
"default_logger_name": "log0"
},
"routes": [
{
"group":"api",
"match": [
{
"host": [
"api.*"
]
}
],
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "127.0.0.1:8000"
}
]
}
]
},
{
"group":"app",
"match": [
{
"host": [
"*"
]
}
],
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "127.0.0.1:5000"
}
]
}
]
}
]
}
}
},
"tls": {
"automation": {
"policies": [
{
"issuers": [
{
"module": "internal"
}
],
"on_demand": true
}
]
}
}
},
"logging": {
"logs": {
"default": {
"level": "DEBUG"
},
"log0": {
"include": [
"http.log.access.log0"
],
"level": "DEBUG",
"writer": {
"filename": "/tmp/caddy_access.log",
"output": "file"
}
}
}
}
}
3. The problem I’m having:
I run a SaaS where customers bring their own domains. For each of their domains I need HTTPS setup automatically and 3 different routes set up for their domain.
api.$domain.com
→ 127.0.0.1:8000
(our API server)
www.$domain.com
→ 127.0.0.1:5000
(our APP server)
$domain.com
→ redirect to www.$domain.com
I’m struggling to figure out how to configure the two backends based on the subdomain. From the log output, I see that I might need TLS connection policies
to get this to work. I’m a bit confused though since I don’t need a connection policy with a single route and no match group. At least, when I used a Caddyfile originally, then output the json, it didn’t have the policy explicitly stated.
4. Error messages and/or full log output:
2021/05/05 15:18:49.575 INFO using provided configuration {"config_file": "/var/www/new_caddy.json", "config_adapter": ""}
2021/05/05 15:18:49.579 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/05/05 15:18:49.581 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc000340a10"}
2021/05/05 15:18:49.592 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2021/05/05 15:18:49.592 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2021/05/05 15:18:49.601 DEBUG http starting server loop {"address": "[::]:443", "http3": false, "tls": true}
2021/05/05 15:18:49.601 DEBUG http starting server loop {"address": "[::]:80", "http3": false, "tls": false}
2021/05/05 15:18:49.671 INFO tls cleaned up storage units
2021/05/05 15:18:49.788 INFO pki.ca.local root certificate is already trusted by system {"path": "storage:pki/authorities/local/root.crt"}
2021/05/05 15:18:49.788 INFO autosaved config {"file": "/Users/josh/Library/Application Support/Caddy/autosave.json"}
2021/05/05 15:18:49.788 INFO serving initial configuration
5. What I already tried:
A simple regex/globbing is my first attempt
"host": [
"api.*"
]
I also tried the placeholder
"host": [
"api.{http.request.host}"
]
I considered the following, but it seemed like it would break on mydomain.co.uk
"host": [
"api.*.*"
]
6. Links to relevant resources:
Placeholders:
Matching on routes: