I am setting up a server where I’ll listen to port 2017 with SSL enabled. The problem is that I don’t want a redirect from port 80 to port 2017, which Caddy seems to want to do. For getting the SSL certificate, I’m using DNS for getting the certificate because my host points to an internal IP address (10.10.10.10) that can only be reached from within my network. Whenever I try to start Caddy it attempts to bind to port 80 and spits out error listen tcp :80: bind: permission denied, presumably to redirect http requests to https with port 2017. Is there any way to disable this functionality? My Caddyfile is as follows.
rainbowdash.coltondrg.in:2017
tls {
dns cloudflare
}
basicauth /admin root toor
hugo
Automatic HTTPS (which is what you’re using) redirects HTTP to HTTPS. You can either set up the redirect yourself or change the HTTP port using -http-port flag. Thankfully you are using the DNS challenge so it shouldn’t break the ACME protocol which requires port 80 when using the HTTP challenge.
To be specific, the automatic redirection behaviour can be disabled (by adding https:// or :443 to your site label). This will not stop Caddy from attempting to bind to :80 in order to complete ACME challenges for the purpose of managing your certificates, though.
From memory, if you specify a HTTPS-only label with DNS validation enabled, Caddy won’t bind to :80.