This may just be me misunderstanding how it works but If a browser requests http, not https what happens then?
Are they automatically forwarded to https?
Is it a configuration setting to forward to https and not automatic?
Does caddy check for a cert then forward to https?
How is it automated?
My issue is I have thousands of domains that I would like to all be under https. I would like to swap dns over to the caddy server to reverse proxy those requests. Not having https right away is ok, but any site going down won’t work. Thats what I’m trying to figure out if I need to do a slow rollout or can I just let caddy handle that?
By default Caddy redirects HTTP to HTTPS. And then if HTTPS isn’t ready yet they’ll see a handshake error.
If you explicitly configure Caddy to serve your site on HTTP, then that would work. But that’s not recommended, HTTP is not secure.
No, doesn’t check anything. Just immediately redirects.
Caddy’s feature called “Automatic HTTPS” augments your config to add HTTP->HTTPS redirects + augments any listed domains to have their certificates managed. You can turn this off in parts or entirely with the auto_https global option, but it’s recommended to leave it on.
Caddy will issue at the rate of 10 certs per 10 seconds. See Automatic HTTPS — Caddy Documentation which covers this. If you can do a gradual rollout by switching over DNS in small chunks at a time, that would probably be ideal, but probably not necessary.