[Solved] Running Subdomains on .onion services


(Matthew Fay) #21

You might be thinking of Automatic HTTPS.

When you’re letting Caddy manage your certificates, in order to requisition them, it needs to bind to ports 80 and/or 443. There’s ways of getting around that and still getting certificates (port detouring, DNS challenge, etc) but I don’t think they’ll be relevant to you; you’re only serving on HTTP, so Automatic HTTPS is disabled for those sites.

Unless you’re running another site in your Caddyfile that DOES quality for Automatic HTTPS, Caddy won’t complain about not getting port 80.


(Conor Burns) #22

I actually run DNS challenge because I got the letsencrypt ratelimit:

I also use wildcards for the smaller domains for the sake of simplicity.


(Matthew Fay) #23

Excellent! Caddy should then be quite happy to serve your sites on whatever port you like.


(Conor Burns) #24

That’s great thank you so much for your help!

And is it possible to minify my caddyfile by serving some of the Subdomains that serve static content with labels?


(Matthew Fay) #25

Do you mean that they serve the same static content?

If you’re serving the same content, you can add multiple labels to a single site definition, just like the first example I gave earlier: Running Subdomains on .onion services


(Conor Burns) #26

Like this:

https://*.conor-burns.com{
  include wc
  root /var/www/all # in that directory are the directories stats, pgp, dev, pw with their index.html
  rewrite {
    to /{label1}{uri}
  }
}

(Matthew Fay) #27

Ahh yeah, like the other thread we’ve been talking in :smiley:

You can do that. Based on that Caddyfile, when you browse to stats.conor-burns.com, it’ll serve content from /var/www/all/stats on your disk.


(Conor Burns) #28

Yeah exactly I tried that when I saw it in the thread but I get this error cannot convert domain to a valid wildcard


(Matthew Fay) #29

There should be more to that error message.

Can you post the full line, as well as your full Caddyfile (in particular, the content of the wc snippet)?

Wildcarding with HTTP is simple; with HTTPS, things get a bit more complicated with LetsEncrypt, but you’re already aware of that if you’re already using wildcard certs.


(Conor Burns) #30

Ok I pushed the config to GitHub and this is the error:

Main PID: 32140 (code=exited, status=1/FAILURE)

Mar 07 02:31:59 mail.conor-burns.com systemd[1]: Started Caddy HTTP/2 web server.
Mar 07 02:31:59 mail.conor-burns.com caddy[32140]: 2019/03/07 02:31:59 [INFO][FileStorage:/etc/ssl/caddy] Started certificate maintenance routine
Mar 07 02:31:59 mail.conor-burns.com caddy[32140]: 2019/03/07 02:31:59 /etc/caddy/Caddyfile:16 - Error during parsing: Cannot convert domain name '*.conor-burns.com' to a valid wildcard: already has a wildcard label
Mar 07 02:31:59 mail.conor-burns.com systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Mar 07 02:31:59 mail.conor-burns.com systemd[1]: caddy.service: Failed with result 'exit-code'.


(Matthew Fay) #31

What’s in the wc snippet?


(Conor Burns) #32

It’s in the github:

(wc) {
  prometheus
  log /var/log/caddy/access.log {
    ipmask 255.255.255.0 ffff:ffff:ffff:fff0::
  }
  errors /var/log/caddy/error.log
  header / Strict-Transport-Security "max-age=31536000"
  tls {
    protocols tls1.2 tls1.3
    dns cloudflare
    key_type p384
    curves X25519 p521 p384 p256
    wildcard
  }
}


(Matthew Fay) #33
tls {
  wildcard
}

This part’s your problem.

You’ve specified https://*.conor-burns.com and then told Caddy to convert the label into a wildcard for TLS purposes. It’s already a wildcard, so it can’t be converted; hence the error, Cannot convert domain name '*.conor-burns.com' to a valid wildcard: already has a wildcard label.

You’ll need to remove the wildcard subdirective for this site for it to work.


(Conor Burns) #34

Oh damn I’m retarded I just included the cert snippet and it works.


(Conor Burns) #35

Thanks again for all your help and time :blush:


(Matthew Fay) #36

No worries! Glad it’s all working out!