Strange behavior? Intentional?

Objective: I am trying to set up Caddy to listen on my hostname and proxy it to my node app with TLS cert generated by Active Directory. It would be forcing all connection to hostname:80 and hostname:443 to proxy to localhost:3000 and use the key/cert that is provided.

My Caddyfile is:

mysite.org {
proxy / localhost:3000
tls /etc/ssl/mycerts/websvr.pem /etc/ssl/mycerts/key.pem
}

The expected behavior that I was thinking was more along the line:

Caddy listens on mysite.org
Use the cert files in mycerts directory
Serve the content from localhost:3000 back out on https://mysite.org

For some reason, it is serving the content to port 2015:

$ caddy
Activating privacy features… done.
https://mysite.org:2015

Would very much appreciate it if someone can chime in whether this is intentional or a bug. Also if it is intentional, how would I configure it to meet my objective?

For now you could fix it by using:

mysite.org:80 {
  redirect mysite.org:443
}
mysite.org:443 {
  proxy / localhost:3000
  tls /etc/ssl/mycerts/websvr.pem /etc/ssl/mycerts/key.pem
}

But that shouldn’t happen with the caddyfile you provided. Providing a domain without protocols/ports should force a redirect to 443 and serve the domain under the port 443.

1 Like

The above can be straight forward instructed as following,

https://mysite.org {
proxy / localhost:3000 { transparent }
tls /etc/ssl/mycerts/websvr.pem /etc/ssl/mycerts/key.pem
}

Caddy thinking that mysite.org is a private address could explain this behaviour. To clarify, is mysite.org a publicly accessible domain name?

The default port is 2015: if you want to listen on a different port when you manually take control of HTTPS, you need to specify port 443 as mysite.org:443 or https://mysite.org. See Automatic HTTPS — Caddy Documentation – Caddy doesn’t change the ports unless automatic HTTPS is being used.

2 Likes

Ahh, the important point of the Automatic HTTPS criteria being:

Certificates and keys are not provided by you

There you go, then.

1 Like

Caddy thining that mysite.org is a private address could explain this behaviour. To clarify, is mysite.org a publicly accessible domain name?

No it is not, it is only accessible internally.

The default port is 2015: if you want to listen on a different port when you manually take control of HTTPS, you need to specify port 443 as mysite.org:443 or https://mysite.org. See https://caddyserver.com/docs/automatic-https1 – Caddy doesn’t change the ports unless automatic HTTPS is being used.

I understand that, but if I am using https://github.com/mholt/caddy/wiki/Caddy-as-a-service-examples,
Where would I specify the port?

The Caddyfile is where you need to specify that. Your unit file will specify where Caddy is looking for its Caddyfile - in the default example, you’ll find it at /etc/caddy/Caddyfile.

You can either specify the port (i.e. mysite.org:443) or the protocol, which implies the port (i.e. https://mysite.org).

The example @stp gave earlier should work perfectly.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.