Comments (6)
Huh, like Francis, I'm also curious as to why automatic HTTPS isn't enabling redirects from port 80 for you in your earlier config.
I'd like this to be looked into further when we have a chance.
from caddy-l4.
The problem is here:
listen:
- ":80"
Since you actually define a listener for :80
, it'll override the routes that would otherwise be set up for HTTP->HTTPS redirects. Remove :80
and it should work fine.
from caddy-l4.
The problem is here:
listen: - ":80"
Since you actually define a listener for
:80
, it'll override the routes that would otherwise be set up for HTTP->HTTPS redirects. Remove:80
and it should work fine.
Unfortunately that just seems to remove port 80 from the picture.
curl: (7) Failed to connect to subdomain.example.tld port 80 after 84 ms: Connection refused
from caddy-l4.
Weird, Automatic HTTPS should trigger and add a server that listens on port 80.
Do you see the log message server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS
? Do you see enabling automatic HTTP->HTTPS redirects
?
Anyways, you can add a 2nd server listening on port 80 to the HTTP app and manually do the HTTP->HTTPS redirect yourself. It's just a static_response
handler with the Location
header set to https://{http.request.host}{http.request.uri}
. https://caddyserver.com/docs/json/apps/http/servers/routes/handle/static_response/
from caddy-l4.
Weird, Automatic HTTPS should trigger and add a server that listens on port 80.
Do you see the log message
server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS
? Do you seeenabling automatic HTTP->HTTPS redirects
?
With the :80
removed, I am able to see both those lines.
Anyways, you can add a 2nd server listening on port 80 to the HTTP app and manually do the HTTP->HTTPS redirect yourself. It's just a
static_response
handler with theLocation
header set tohttps://{http.request.host}{http.request.uri}
. https://caddyserver.com/docs/json/apps/http/servers/routes/handle/static_response/
Thanks, the below seems to work:
apps:
layer4:
servers:
srv0:
listen:
- ":443"
routes:
- handle:
- handler: proxy
upstreams:
- dial:
- 127.0.0.1:1337 # simply forward everything to Layer 7
http:
https_port: 1337 # since port 443 is occupied, use 1337 here
servers:
srv1: # handles HTTPS
listen:
- "127.0.0.1:1337"
routes:
- match:
- host:
- subdomain.example.tld
handle:
- handler: subroute
routes:
- handle:
- handler: reverse_proxy
upstreams:
- dial: localhost:1234
terminal: true
srv2: # redirects HTTP to HTTPS
listen:
- ":80" # bind to all addresses
routes:
- handle:
- handler: static_response
headers:
Location:
- https://{http.request.host}{http.request.uri}
from caddy-l4.
After looking into it, I'm unable to reproduce the bug. Simply removing the :80
as Francis suggested works for me. (And this is expected, since if you manually specify :80, then you're telling Caddy that you want to serve this over plaintext HTTP. By omitting it, you're letting Caddy do the redirects.)
My config (I am using localhost
instead of a real domain here since I'm just testing locally, but same auto HTTPS effect):
{
"logging": {
"logs": {
"default": {
"level": "DEBUG"
}
}
},
"apps": {
"layer4": {
"servers": {
"srv0": {
"listen": [
":443"
],
"routes": [
{
"handle": [
{
"handler": "proxy",
"upstreams": [
{
"dial": [
"127.0.0.1:1337"
]
}
]
}
]
}
]
}
}
},
"http": {
"https_port": 1337,
"servers": {
"srv1": {
"listen": [
"127.0.0.1:1337"
],
"logs": {},
"routes": [
{
"match": [
{
"host": [
"localhost"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "localhost:1234"
}
]
}
]
}
]
}
],
"terminal": true
}
]
}
}
}
}
}
Results:
$ curl -v "http://localhost"
* Trying 127.0.0.1:80...
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: localhost
> User-Agent: curl/7.74.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://localhost/
< Server: Caddy
< Date: Fri, 11 Mar 2022 19:00:18 GMT
< Content-Length: 0
<
* Closing connection 0
Note that I did not have to manually do the redirects.
Everything seems to be working as expected. (And this does not seem related to the layer4 app at all. Same behavior without it, too.)
from caddy-l4.
Related Issues (20)
- [FEATURE]: Add support for access logs HOT 4
- http/2 corruption HOT 2
- Non blocking matchers & matching timeout breaking l4 as a listener wrapper HOT 13
- Collection of interesting configs HOT 1
- Feature request: `invoke` handler HOT 2
- Regression: PROXY protocol line sent only when first data arrives from client HOT 7
- Accept connections with an without PROXY protocol on the same port HOT 1
- Is it possible to use caddy's modules inside L4 routes? HOT 12
- SIGHUP for config reload? HOT 5
- Caddyfile does not recognize `layer4` global option HOT 8
- Cannot proxy to Mariadb instance HOT 8
- ``afa78d7`` update introduces a bug HOT 9
- Incorrect Handling of SNI: No Certificate Available (Regression) HOT 17
- RDP server on web subdomain with reverse proxy does not work HOT 2
- [Question] [Regression?] Upgrading Caddy from 2.7.6 to 2.8.4 with layer4 rebuild breaks SNI-based routing HOT 3
- TLS termination with SNI HOT 11
- Dynamic proxy based on SNI HOT 4
- Question: Reverse tunneling to caddy behind a NAT HOT 9
- Multiple Postgres Servers
- Support for custom certificates in TLS handler HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from caddy-l4.