My reading of the documentation has clearly left me not understanding something fairly basic.
First, I am not clear when a site is available on port 2015 and when on port 80. Secondly, I’m not clear under what circumstances there is automatic redirection from port 80 to port 443. I have started experimenting, but this has made me more confused.
Because I have a webmail server on the machine concerned, proxying that is the first task I must set Caddy, so that I can let it have those ports permanently. Because the mail server already has a commercial certificate, I specified that in a tls directive. My first attempt at a caddyfile was:
mail.cassland.org {
tls Cert\cass-adet-16-bundled.pem Cert\cass-adet-16-key.pem
proxy / localhost:8800
}
This worked - but only on port 2015. So my next attempt was:
http://mail.cassland.org, https://mail.cassland.org {
tls Cert\cass-adet-16-bundled.pem Cert\cass-adet-16-key.pem
proxy / localhost:8800
}
This worked, accepting both http and https connections; however, the https connection shows as unsecured. There was also the oddity that a browser on the local machine changed the address field to show localhost:8800 - I thought a proxy hides the onward connection (I tried with “transparent”, but that made no difference). So I then tried:
http://mail.cassland.org, https://mail.cassland.org {
tls Cert\cass-adet-16-bundled.pem Cert\cass-adet-16-key.pem
proxy / https://mail.cassland.org:8843
}
In this case connections initiated with http and https both end up as secure - which is fine. But I still don’t understand why the earlier attempts behaved as they did.