SSL only (don't bind to port 80)

I am setting up a server where I’ll listen to port 2017 with SSL enabled. The problem is that I don’t want a redirect from port 80 to port 2017, which Caddy seems to want to do. For getting the SSL certificate, I’m using DNS for getting the certificate because my host points to an internal IP address ( that can only be reached from within my network. Whenever I try to start Caddy it attempts to bind to port 80 and spits out error listen tcp :80: bind: permission denied, presumably to redirect http requests to https with port 2017. Is there any way to disable this functionality? My Caddyfile is as follows.
tls {
  dns cloudflare
basicauth /admin root toor

Automatic HTTPS (which is what you’re using) redirects HTTP to HTTPS. You can either set up the redirect yourself or change the HTTP port using -http-port flag. Thankfully you are using the DNS challenge so it shouldn’t break the ACME protocol which requires port 80 when using the HTTP challenge.

Okay, that helps, thank you. There is no way to just disable the redirect entirely?

Not when using automatic HTTPS, no.

To be specific, the automatic redirection behaviour can be disabled (by adding https:// or :443 to your site label). This will not stop Caddy from attempting to bind to :80 in order to complete ACME challenges for the purpose of managing your certificates, though.

From memory, if you specify a HTTPS-only label with DNS validation enabled, Caddy won’t bind to :80.

I tried that, it didn’t work.

You’d have to do something to disable automatic HTTPS too. @ColtonDRG: See the conditions at the top of this page: Automatic HTTPS — Caddy Documentation

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.