V2. HTTP to HTTPS redirects fail for on_demand SSL certs

podpage · January 7, 2020, 7:26pm

1. My Caddy version (`caddy -version`):

v2.0.0-beta10

2. How I run Caddy:

Please provide all of the relevant information and DO NOT REDACT anything except passwords/keys. Thank you!

a. System environment:

Created from Digital Ocean Marketplace app, which uses Ubuntu

b. Command:

caddy start
curl -X POST "http://localhost:2019/load" \
        -H "Content-Type: application/json" \
        -d @caddy.json

c. My complete caddy.json file:

{
  "apps": {
    "http": {
      "servers": {
        "srv0": {
          "listen": [":443"],
          "routes": [
            {
              "handle": [
                {
                  "handler": "reverse_proxy",
                  "upstreams": [
                    {
                      "dial": "{IPADDRESS}:1111"
                    }
                  ]
                }
              ],
              "match": [
                {
                  "host": ["api.domain.com"]
                }
              ]
            },
            {
              "handle": [
                {
                  "handler": "reverse_proxy",
                  "upstreams": [
                    {
                      "dial": "{IPADDRESS}:5555"
                    }
                  ]
                }
              ]
            }
          ],
          "automatic_https": {
            "disable_redirects": false
          },
          "tls_connection_policies": [{}],
          "logs": {}
        }
      }
    },
    "tls": {
      "automation": {
        "policies": [
          {
            "management": {
              "module": "acme",
              "ca": "https://acme-v02.api.letsencrypt.org/directory",
              "on_demand": true
            }
          }
        ],
        "on_demand": {
          "rate_limit": {
            "interval": "10m",
            "burst": 2
          }
        }
      }
    }
  }
}

3. The problem I’m having:

HTTP to HTTPS redirect does not work for domains which generate their SSL certificates on_demand. HTTP to HTTPS redirect only works for api.domain.com.

4. Error messages and/or full log output:

A curl command to http://domainpointedatserver.com returns nothing. A curl command to https://domainpointedatserver.com returns the correct site.

5. What I already tried:

Everything I could think of including manually setting disable_redirects to false, and listening on port 80.

matt · January 7, 2020, 9:15pm

Thanks for the report, and for trying Caddy 2 while it’s still in beta. Will be looking into this!

matt · January 9, 2020, 9:40pm

@podpage I think I’ve fixed this in http: Don't use a Host matcher for HTTP->HTTPS redirects · caddyserver/caddy@994b903 · GitHub. Are you able to build from source on the v2 branch and let me know how it works for you?

FourSigma · January 10, 2020, 5:27am

Hi Matt,
I am running into the same issue. I pulled down your latest commit (beta 11) and it doesn’t seem to fix it. I am getting a nil pointer error in the logs when I try to access via http but not https.

 /home/user/Projects/caddy/modules/caddyhttp/server.go:192 +0x740

Here is my Caddyfile:

blog.example.io {
	root * /var/www/example.io
	encode gzip
	file_server
}

matt · January 10, 2020, 3:23pm

The latest commit will be in beta 13; beta 11 doesn’t have the fix. You’ll have to build from source on the v2 branch to get it right now.

system · April 9, 2020, 3:36pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.