Caddy: Difference between revisions
imported>Malteneuss Simplify getting started |
imported>Malteneuss Simplify curl check and add explanation for https |
||
Line 17: | Line 17: | ||
This snippet will let Caddy respond on <code>http://localhost</code> and <code>https://localhost</code> with a dummy text "Hello world!". When no port is mentioned on virtualhost like just <code>localhost</code> instead of <code>localhost:8080</code>, Caddy listens on <code>80</code> and <code>443</code> by default and redirects requests from port 80 (unsecured) to 443 (secured). | This snippet will let Caddy respond on <code>http://localhost</code> and <code>https://localhost</code> with a dummy text "Hello world!". When no port is mentioned on virtualhost like just <code>localhost</code> instead of <code>localhost:8080</code>, Caddy listens on <code>80</code> and <code>443</code> by default and redirects requests from port 80 (unsecured) to 443 (secured). | ||
==== Check connection ==== | ==== Check http connection ==== | ||
You can use <code>curl</code> to test the http | You can use <code>curl</code> to test the http connections: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
$ curl localhost -i -L -k | $ curl localhost -i -L -k | ||
HTTP/1.1 308 Permanent Redirect | HTTP/1.1 308 Permanent Redirect | ||
Location: https://localhost/ | Location: https://localhost/ | ||
.. | |||
HTTP/2 200 | HTTP/2 200 | ||
alt-svc: h3=":443"; ma=2592000 | alt-svc: h3=":443"; ma=2592000 | ||
content-type: text/plain; charset=utf-8 | content-type: text/plain; charset=utf-8 | ||
... | |||
Hello, world! | Hello, world! | ||
Line 42: | Line 37: | ||
Here you can see that Caddy automatically redirects from an unsecure http://localhost to a secure https://localhost call. | Here you can see that Caddy automatically redirects from an unsecure http://localhost to a secure https://localhost call. | ||
For local addresses like "localhost" Caddy always generates and uses a self-signed certificate, which curl correctly doesn't trust; use the <code>-k</code> flag to ignore that. | For local addresses like "localhost" Caddy always generates and uses a self-signed certificate, which curl correctly doesn't trust; use the <code>-k</code> flag to ignore that. | ||
==== Check http(s) connection ==== | |||
When virtualhost and "real" host aren't the same it gets complicated with HTTPS, so the following curl command works: | |||
<syntaxhighlight lang="bash"> | |||
$ curl --connect-to <virtualhost>:443:<realhost>:443 https://<virtualhost> -k | |||
Hello, world! | |||
</syntaxhighlight> | |||
Curl will set <code>Host</code> header and TLS <code>SNI</> in the request to <code><virtualhost></code> as desired by Caddy, but will make the actual request against the <code><realhost></code>, e.g. a load-balancer or ingress-controller. | |||
Alternatively with http and automatic redirects to https you can extend that call: | |||
<syntaxhighlight lang="bash"> | |||
$ curl --connect-to <virtualhost>:80:<realhost>:80 --connect-to <virtualhost>:443:<realhost>:443 https://<virtualhost> -k -L | |||
Hello, world! | |||
</syntaxhighlight> | |||
* [https://curl.se/docs/manpage.html#--connect-to curl connect-to documentation] | |||
* [https://www.claudiokuenzler.com/blog/693/curious-case-of-curl-ssl-tls-sni-http-host-header Curl on HTTPS, SNI, Host] | |||
* [https://github.com/caddyserver/caddy/issues/2656#issuecomment-1627342466 curl to Caddy over HTTPS] | |||
== Typical configurations == | == Typical configurations == | ||
Line 133: | Line 150: | ||
The tcp6 (an ipv6 socket that also listens on ipv4) socket on port 80 (HTTP) and 443 (HTTPS) indicate that our virtualhost config was used. | The tcp6 (an ipv6 socket that also listens on ipv4) socket on port 80 (HTTP) and 443 (HTTPS) indicate that our virtualhost config was used. | ||
=== Virtualhost and | === Virtualhost and real host not identical === | ||
When you connect to Caddy must ensure that the "Host" header matches the virtualhost entry of Caddy. For example, when testing locally a config like | When you connect to Caddy must ensure that the "Host" header matches the virtualhost entry of Caddy. For example, when testing locally a config like | ||
Line 158: | Line 175: | ||
Above you also see the redirect from http://localhost to https://example.org; Caddy always redirects from the unsecure to the secure port of your virtualhost. | Above you also see the redirect from http://localhost to https://example.org; Caddy always redirects from the unsecure to the secure port of your virtualhost. | ||
If the response is empty, try setting a port number like 80 and/or try a local TLS security certificate instead of global LetsEncrypt: | If the response is empty, try setting a port number like 80 and/or try a local TLS security certificate instead of global LetsEncrypt: |