Version 1 config file to upgrade to v2 (paid help if wanted by helper)

Help
1

1. Caddy version (caddy version):

v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=

2. How I run Caddy:

Via a service config file /etc/systemd/system/caddy.service
Two important lines

ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile

a. System environment:

Ubuntu 18

b. Command:

I don’t type it but it is

/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

c. Service/unit/compose file:

d. My complete Caddyfile or JSON config:

(httpsredirect) {
    redir {
        if {scheme} is http
        / https://{host}{uri}
    }
}

(tlsroute53) {
    tls admin@roleuproleup.com
    tls {
        ca {$JOBS_CERT_URL}
        dns route53
    }
}

# used to force wildcard on some sub-domains
(tlsroute53wildcard) {
    tls admin@roleuproleup.com
    tls {
        ca {$JOBS_CERT_URL}
        dns route53
        wildcard
    }
}

(tlsondemand) {
    tls admin@roleuproleup.com
    tls {
        ca {$JOBS_CERT_URL}
        ask {$JOBS_CERT_ASK_URL}
    }
}

http://app{$JOBS_SUBDOMAIN_POSTFIX}.roleup.com, https://app{$JOBS_SUBDOMAIN_POSTFIX}.roleup.com {
    import httpsredirect
    import tlsroute53wildcard
    cors
    proxy / {$JOBS_BACKEND_IP}:8080 {
         transparent
    }
    log / stdout "app - [{when}] \"{method} {uri} {proto}\" {status} {size}"
}

http://api{$JOBS_SUBDOMAIN_POSTFIX}.roleup.com, https://api{$JOBS_SUBDOMAIN_POSTFIX}.roleup.com {
    import httpsredirect
    import tlsroute53wildcard
    cors
    proxy / {$JOBS_BACKEND_IP}:8084 {
         transparent
    }
    log / stdout "api - [{when}] \"{method} {uri} {proto}\" {status} {size}"
}

http://whstripe{$JOBS_SUBDOMAIN_POSTFIX}.roleup.com, https://whstripe{$JOBS_SUBDOMAIN_POSTFIX}.roleup.com {
    import httpsredirect
    import tlsroute53wildcard
    cors
    proxy / {$JOBS_BACKEND_IP}:8082 {
         transparent
    }
    log / stdout "whstripe - [{when}] \"{method} {uri} {proto}\" {status} {size}"
}

http://*.roleup.com, https://*.roleup.com {
    import httpsredirect
    import tlsroute53
    cors
    proxy / {$JOBS_BACKEND_IP}:8081 {
         transparent
    }
    log / stdout "boards - [{when}] \"{method} {uri} {proto}\" {status} {size}"
}

http://, https:// {
    import httpsredirect
    import tlsondemand
    cors
    tls {
        ca {$JOBS_CERT_URL}
        ask {$JOBS_CERT_ASK_URL}
    }
    proxy / {$JOBS_BACKEND_IP}:8081 {
         transparent
    }
    log / stdout "custom - [{when}] \"{method} {uri} {proto}\" {status} {size}"
}

3. The problem I’m having:

I’m moving from v1 to v2 and the configuration is very different. I started to do the changes:

  • redir does not exist anymore
  • on demand certificate is no more like that
  • cors directive does not exist anymore
  • wildcard directive does not exist anymore

but it looks like for me a complete rewrite.

After 1 hour of work, I thought it would be more pragmatic to try to find someone with whom I could do an update over the phone. I’m happy to pay the hours needed to do the work.

4. Error messages and/or full log output:

5. What I already tried:

I started to do the changes:

  • redir does not exist anymore
  • on demand certificate is no more like that
  • cors directive does not exist anymore
  • wildcard directive does not exist anymore

but it looks like for me a complete rewrite.

6. Links to relevant resources:

The configuration use the extension redis to store the certificates with those ENV variables

1 Like
2

It does exist:

But you won’t need it, Caddy sets up automatic HTTP->HTTPS redirects (and did in Caddy v1 as well, but you used a http:// site label which made it not work automatically, forcing you to override it).

It’s still pretty much the same. You just have to configure On-Demand TLS via global options.

It used to be a plugin, and that’s true, I don’t think there’s a Caddy v2 version of the plugin.

You can use the header directive to set whatever response headers you need though.

Right, now you just set the site address to your wildcard domain like *.example.com.

Have you read through the upgrade guide?

1 Like
3

I finally had the time to tackle this problem myself. Thank you for your help @francislavoie

For the record, I share my updated Caddyfile below

(tlsroute53) {
    tls admin@roleup.com
    tls {
        ca {$JOBS_CERT_URL}
        dns route53
    }
}

# cors configuration allowing everything
# Similar to cors directive available in v1
# Example from website let you restrict cors using a name matcher
# (cors) {
#	@origin header Origin {args.0}
#	header @origin Access-Control-Allow-Origin "{args.0}"
#	header @origin Access-Control-Request-Method GET
#}
(cors) {
    @options {
        method OPTIONS
    }
    header {
        Access-Control-Allow-Origin *
        Access-Control-Allow-Credentials true
        Access-Control-Allow-Methods *
        Access-Control-Allow-Headers *
        defer
    }
    respond @options 204
}

{
    on_demand_tls {
        ask      {$JOBS_CERT_ASK_URL}
        interval 2m
        burst    5
    }
}

(tlsondemand) {
    tls admin@roleup.com
    tls {
        ca {$JOBS_CERT_URL}
        on_demand
    }
}

app{$JOBS_SUBDOMAIN_POSTFIX}.roleup.com {
    import tlsroute53
    import cors
    reverse_proxy {$JOBS_BACKEND_IP}:8080
    log
}

api{$JOBS_SUBDOMAIN_POSTFIX}.roleup.com {
    import tlsroute53
    import cors
    reverse_proxy {$JOBS_BACKEND_IP}:8084
    log
}

whstripe{$JOBS_SUBDOMAIN_POSTFIX}.roleup.com {
    import tlsroute53
    import cors
    reverse_proxy {$JOBS_BACKEND_IP}:8082
    log
}

*.roleup.com {
    import tlsroute53
    import cors
    reverse_proxy {$JOBS_BACKEND_IP}:8081
    log
}

https:// {
    import tlsondemand
    import cors
    reverse_proxy {$JOBS_BACKEND_IP}:8081
    log
}
2 Likes
4

This topic was automatically closed after 30 days. New replies are no longer allowed.