[Solved] Running Subdomains on .onion services

You might be thinking of Automatic HTTPS.

When you’re letting Caddy manage your certificates, in order to requisition them, it needs to bind to ports 80 and/or 443. There’s ways of getting around that and still getting certificates (port detouring, DNS challenge, etc) but I don’t think they’ll be relevant to you; you’re only serving on HTTP, so Automatic HTTPS is disabled for those sites.

Unless you’re running another site in your Caddyfile that DOES quality for Automatic HTTPS, Caddy won’t complain about not getting port 80.

I actually run DNS challenge because I got the letsencrypt ratelimit:
https://github.com/Conor-Burns/caddy-conf/blob/master/Caddyfile

I also use wildcards for the smaller domains for the sake of simplicity.

Excellent! Caddy should then be quite happy to serve your sites on whatever port you like.

That’s great thank you so much for your help!

And is it possible to minify my caddyfile by serving some of the Subdomains that serve static content with labels?

Do you mean that they serve the same static content?

If you’re serving the same content, you can add multiple labels to a single site definition, just like the first example I gave earlier: [Solved] Running Subdomains on .onion services - #17 by Whitestrake

Like this:

https://*.conor-burns.com{
  include wc
  root /var/www/all # in that directory are the directories stats, pgp, dev, pw with their index.html
  rewrite {
    to /{label1}{uri}
  }
}

Ahh yeah, like the other thread we’ve been talking in

You can do that. Based on that Caddyfile, when you browse to stats.conor-burns.com, it’ll serve content from /var/www/all/stats on your disk.

Yeah exactly I tried that when I saw it in the thread but I get this error cannot convert domain to a valid wildcard

There should be more to that error message.

Can you post the full line, as well as your full Caddyfile (in particular, the content of the wc snippet)?

Wildcarding with HTTP is simple; with HTTPS, things get a bit more complicated with LetsEncrypt, but you’re already aware of that if you’re already using wildcard certs.

Ok I pushed the config to GitHub and this is the error:

Main PID: 32140 (code=exited, status=1/FAILURE)

Mar 07 02:31:59 mail.conor-burns.com systemd[1]: Started Caddy HTTP/2 web server.
Mar 07 02:31:59 mail.conor-burns.com caddy[32140]: 2019/03/07 02:31:59 [INFO][FileStorage:/etc/ssl/caddy] Started certificate maintenance routine
Mar 07 02:31:59 mail.conor-burns.com caddy[32140]: 2019/03/07 02:31:59 /etc/caddy/Caddyfile:16 - Error during parsing: Cannot convert domain name '*.conor-burns.com' to a valid wildcard: already has a wildcard label
Mar 07 02:31:59 mail.conor-burns.com systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Mar 07 02:31:59 mail.conor-burns.com systemd[1]: caddy.service: Failed with result 'exit-code'.

What’s in the wc snippet?

It’s in the github:

(wc) {
  prometheus
  log /var/log/caddy/access.log {
    ipmask 255.255.255.0 ffff:ffff:ffff:fff0::
  }
  errors /var/log/caddy/error.log
  header / Strict-Transport-Security "max-age=31536000"
  tls {
    protocols tls1.2 tls1.3
    dns cloudflare
    key_type p384
    curves X25519 p521 p384 p256
    wildcard
  }
}

tls {
  wildcard
}

This part’s your problem.

You’ve specified https://*.conor-burns.com and then told Caddy to convert the label into a wildcard for TLS purposes. It’s already a wildcard, so it can’t be converted; hence the error, Cannot convert domain name '*.conor-burns.com' to a valid wildcard: already has a wildcard label.

You’ll need to remove the wildcard subdirective for this site for it to work.

Oh damn I’m retarded I just included the cert snippet and it works.

Thanks again for all your help and time

No worries! Glad it’s all working out!

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.