I’ve got two domains. Both are going to run under mailcow on the same destination. I have rules to allow certain port 80 urls (used for mail configuration), and block redirect everything else.
Domains are example.nz and otherexample.co.nz
Port 80 on the router is port forwarded to the caddy server on port 8480
Port 443 on the router is port forwarded to the caddy server on port 8443.
Here are the caddy rules for each:
example.nz
http://mail.example.nz:8480/.well-known/acme-challenge, http://autodiscover.example.nz:8480/autodiscover/autodiscover.xml, http://autoconfig.example.nz:8480/autoconfig {
log stdout
errors stdout
rewrite {
to /proxy1{uri}
}
proxy /proxy1 http://internal.server:8480 {
without /proxy1
transparent
}
}
http://mail.example.nz:8480 {
log stdout
errors stdout
redir / https://mail.example.nz{uri}
}
https://mail.example.nz:8443, https://autodiscover.example.nz:8443, https://autoconfig.example.nz:8443 {
tls letsencrypt@example.nz {
dns cloudflare
}
log stdout
errors stdout
And otherexample.co.nz
http://mail.otherexample.co.nz:8480/.well-known/acme-challenge, http://autodiscover.otherexample.co.nz:8480/autodiscover/autodiscover.xml, http://autoconfig.otherexample.co.nz:8480/autoconfig {
log stdout
errors stdout
rewrite {
to /proxy1{uri}
}
proxy /proxy1 http://internal.server:8480 {
without /proxy1
transparent
}
}
http://mail.otherexample.co.nz:8480 {
log stdout
errors stdout
redir / https://mail.otherexample.co.nz{uri}
}
https://mail.otherexample.co.nz:8443, https://autodiscover.otherexample.co.nz:8443, https://autoconfig.otherexample.co.nz:8443 {
tls letsencrypt@example.nz {
dns cloudflare
}
log stdout
errors stdout
redir / https://www.google.com 302
}
So otherexample works fine. If I curl http://autodiscover.otherexample.co.nz I get a 404 as that’s not mentioned in the caddy file and I see an entry in the caddy log. But if I curl http://autodiscover.example.nz, I get a 301 moved permanently, and no log entry.
Similar for http://autodiscover.otherexample.co.nz/autodiscover/autodiscover.xml, with this I get a 401 - which is the correct response and means there is a page there.
Hostname was NOT found in DNS cache
* Trying 104.27.155.175...
* Connected to autodiscover.otherexample.co.nz (104.27.155.175) port 80 (#0)
> GET /autodiscover/autodiscover.xml HTTP/1.1
> User-Agent: curl/7.38.0
> Host: autodiscover.otherexample.co.nz
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Date: Tue, 11 Feb 2020 19:57:06 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=d43811683653dc4a9f436bd3114156caf1581451026; expires=Thu, 12-Mar-20 19:57:06 GMT; path=/; domain=.otherexample.co.nz; HttpOnly; SameSite=Lax
< Www-Authenticate: Basic realm="autodiscover.otherexample.co.nz"
< X-Frame-Options: SAMEORIGIN
< CF-Cache-Status: DYNAMIC
* Server cloudflare is not blacklisted
< Server: cloudflare
< CF-RAY: 5638e3d36c56fb8c-AKL
<
* Connection #0 to host autodiscover.otherexample.co.nz left intact
But http://autodiscover.example.nz/autodiscover/autodiscover.xml
* Hostname was NOT found in DNS cache
* Trying 104.27.166.114...
* Connected to autodiscover.example.nz (104.27.166.114) port 80 (#0)
> GET /autodiscover/autodiscover.xml HTTP/1.1
> User-Agent: curl/7.38.0
> Host: autodiscover.example.nz
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 11 Feb 2020 19:58:00 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: max-age=3600
< Expires: Tue, 11 Feb 2020 20:58:00 GMT
< Location: https://autodiscover.example.nz/autodiscover/autodiscover.xml
* Server cloudflare is not blacklisted
< Server: cloudflare
< CF-RAY: 5638e524581aeea2-AKL
<
* Connection #0 to host autodiscover.example.nz left intact
And no entry in the caddy log. It doesn’t look like caddy is picking up the http example.nz entries at all. And yet they both get exactly the same response on https://autodiscover - which is the redirect to google.