Serve reverse proxied subdomain as root

1. The problem I’m having:

The page isn’t redirecting properly when I want to set my wp.dieschoenewolke.com as dieschoenewolke.com.

2. Error messages and/or full log output:

*   Trying 123.456.789.0:80...
* Connected to dieschoenewolke.com (123.456.789.0) port 80 (#0)
> GET / HTTP/1.1
> Host: dieschoenewolke.com
> User-Agent: curl/7.88.1
> Accept: */*
>
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://dieschoenewolke.com/
< Server: Caddy
< Date: Fri, 02 Feb 2024 06:50:38 GMT
< Content-Length: 0
<
* Closing connection 0
* Clear auth, redirects to port from 80 to 443
* Issue another request to this URL: 'https://dieschoenewolke.com/'
*   Trying 123.456.789.0:443...
* Connected to dieschoenewolke.com (123.456.789.0) port 443 (#1)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=dieschoenewolke.com
*  start date: Jan 29 11:39:10 2024 GMT
*  expire date: Apr 28 11:39:09 2024 GMT
*  subjectAltName: host "dieschoenewolke.com" matched cert's "dieschoenewolke.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* using HTTP/2
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: dieschoenewolke.com]
* h2h3 [user-agent: curl/7.88.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x555d1846bc80)
> GET / HTTP/2
> Host: dieschoenewolke.com
> user-agent: curl/7.88.1
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/2 302
< alt-svc: h3=":443"; ma=2592000
< location: https://wp.dieschoenewolke.com
< server: Caddy
< content-length: 0
< date: Fri, 02 Feb 2024 06:50:38 GMT
<
* Connection #1 to host dieschoenewolke.com left intact
* Issue another request to this URL: 'https://wp.dieschoenewolke.com/'
*   Trying 123.456.789.0:443...
* Connected to wp.dieschoenewolke.com (123.456.789.0) port 443 (#2)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=wp.dieschoenewolke.com
*  start date: Feb  1 11:55:35 2024 GMT
*  expire date: May  1 11:55:34 2024 GMT
*  subjectAltName: host "wp.dieschoenewolke.com" matched cert's "wp.dieschoenewolke.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* using HTTP/2
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: wp.dieschoenewolke.com]
* h2h3 [user-agent: curl/7.88.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x555d1846bc80)
> GET / HTTP/2
> Host: wp.dieschoenewolke.com
> user-agent: curl/7.88.1
> accept: */*

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

I run it through docker-compose and when I use the simple reverse_proxy setup without the redir https://dieschoenewolke.com in the 2nd line of my Caddyfile everything runs fine.

a. System environment:

Debian GNU/Linux 11 (bullseye)

Client: Docker Engine - Community
Version: 25.0.2

Server: Docker Engine - Community
Engine:
Version: 25.0.2

d. My complete Caddy config:

:80 {
    redir https://{host}{uri}
}
www.dieschoenewolke.com:443 {
    redir https://wp.dieschoenewolke.com
}
dieschoenewolke.com:443 {
    redir https://wp.dieschoenewolke.com
}

wp.dieschoenewolke.com:443 { 
    redir https://dieschoenewolke.com
	reverse_proxy 192.168.178.2:18000
    encode gzip
	tls {$CLOUDFLARE_EMAIL} {
        dns cloudflare {$CLOUDFLARE_API_TOKEN}
	}
}

Why do you have this line? It’s essentially causing an infinite loop of redirects.

I’m not sure I understand your goal here. Please elaborate.

1 Like

Thank you for your response Francis!

What I’m trying to achieve is to point wp.dieschoenewolke.com to dieschoenewolke.com without the subdomain in the adress bar.

Okay, then put your reverse_proxy inside dieschoenewolke.com and remove redir from there.

1 Like