Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setting default block (:80) alongside http domain triggers auto-https #4113

Closed
iUnknwn opened this issue Apr 15, 2021 · 6 comments
Closed

Setting default block (:80) alongside http domain triggers auto-https #4113

iUnknwn opened this issue Apr 15, 2021 · 6 comments
Labels
bug 🐞 Something isn't working
Milestone
v2.4.0

Comments

@iUnknwn
Copy link

iUnknwn commented Apr 15, 2021

While setting up a pihole on my local network, I noticed an odd behavior with the default site.

If I wrote the following in my caddy file, it would attempt to acquire a TLS certificate for pi.hole:

:80, http://pi.hole {
  reverse_proxy localhost:8001
}

However, if I broke the blocks into separate entries, like this:

:80 {
  reverse_proxy localhost:8001
}

http://pi.hole {
  reverse_proxy localhost:8001
}

Then it worked as expected (no tls certificate issued).

I'm currently running Caddy v2.3.0 on Ubuntu 20.04 (arm64).
@francislavoie
Copy link
Member

Could you please try with v2.4.0-beta.2 to see if it has the same behaviour? It's possible that's already been fixed.

@francislavoie francislavoie added the needs info 📭 Requires more information label Apr 15, 2021
@iUnknwn
Copy link
Author

iUnknwn commented Apr 15, 2021

Just tested on v2.4.0-beta.2 - issue is still there.

Caddyfile entry:

:80, http://pi.hole {
        reverse_proxy localhost:8001
}

From the log:

2021/04/15 07:21:27.266 ERROR   tls.obtain      will retry      {"error": "[pi.hole] Obtain: [pi.hole] creating new order: request to https://acme.zerossl.com/v2/DV90/newOrder failed after 1 attempts: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS identifier [pi.hole] (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 1.34792855, "max_duration": 2592000}

@francislavoie francislavoie added bug 🐞 Something isn't working and removed needs info 📭 Requires more information labels Apr 15, 2021
@francislavoie
Copy link
Member

I can confirm the issue, the adapted JSON looks like this, for this Caddyfile:

:80, http://example.com {
	respond "Foo"
}

{
    "apps": {
        "http": {
            "servers": {
                "srv0": {
                    "listen": [
                        ":80"
                    ],
                    "routes": [
                        {
                        	"handle": [
                            	{
                                	"body": "Foo",
                                	"handler": "static_response"
                            	}
                        	]
                    	}
                	]
            	}
        	}
    	},
    	"tls": {
        	"certificates": {
	            "automate": [
                    "example.com"
                ]
            }
        }
    }
}

But to be clear, having a host matcher there is ineffectual, because :80 will already match any hostname. So you can just do this:

:80 {
	reverse_proxy localhost:8001
}

@iUnknwn
Copy link
Author

iUnknwn commented Apr 15, 2021

Oh, I'd agree - they both have the same functionality.

That said, I do feel like :80, [name] is more readable in some cases (even if it's not adding any function), since it adds information about what the is default site (it's easy to see :80, http://pi.hole is the pihole service)

@francislavoie
Copy link
Member

I'd just put a comment with # 🤷‍♂️

@mholt mholt added this to the v2.4.0 milestone Apr 16, 2021
@mholt mholt closed this as completed in 96bb365 Apr 16, 2021
@mholt
Copy link
Member

mholt commented Apr 16, 2021

Thanks for the easily reproducible report, I think I fixed it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐞 Something isn't working
Projects
None yet
Milestone
v2.4.0
Development

No branches or pull requests
3 participants
@mholt @iUnknwn @francislavoie