Why is automatic_https.skip not part of routing?

WoJ · June 7, 2020, 11:21am

I use the API to programatically configure caddy. My case is a docker instance and caddy being used as a proxy to the containers.

The process is well suitable for caddy’s architecture:

getting the list of containers and their attributes
for each of them building a self-contained route (what I mean by that is that the definition of the route contains all the information about that reverse proxy endpoint)
adding all these routes as a list/table to apps.http.servers.myserver.routes

This is perfect except for one thing: when I have an exception to HTTPS (one of the endpoints being excluded from HTTPS), this configuration goes to apps.http.servers.myserver.automatic_https.skip in the form of a list/table of the sites.

This heavily complicated the idea of having a set of self-contained routes which can then be added to the configuration (the routines which deal with the routes not only need to return the routes but also extra information).

This is less a question and more of a comment about the consistency of the structure of the configuration.

francislavoie · June 7, 2020, 2:53pm

It’s simply because automatic https isn’t a route. It’s some logic that runs at the HTTP app level that manipulates the config internally just before startup to automatically turn on HTTPS if certain conditions are met. Its behaviour can be configured per-server though for additional flexibility.

You can read the logic here (it’s well commented so it should be pretty clear what it’s doing)

github.com

caddyserver/caddy/blob/master/modules/caddyhttp/autohttps.go

// Copyright 2015 Matthew Holt and The Caddy Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package caddyhttp

import (
	"fmt"
	"net/http"
	"strconv"

This file has been truncated. show original

matt · June 9, 2020, 4:41pm

Thanks for the comment/question.

Or, it simplifies it – it’s not so much Caddy that has an inconsistency here, but this:

That is the inconsistency/exception in the process.

As Francis said, auto HTTPS isn’t a “route”. It uses a route, but only to redirect HTTP to HTTPS, which happens on another listener. Most of automatic HTTPS is server configuration other than setting up HTTP handlers.

system · September 5, 2020, 11:37pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.