1

I am using Caddy as a proxy for many sites on the same server. Some of my sites are not ready for HTTPS. I can route them on HTTP just fine, but if I visit those sites with HTTPS, I get an ugly...

No such site at :443

...error. How can I use Caddy to redirect to HTTP instead?

This works but gives me the error:

siteCanHandleSSL.com {
  proxy / 123.123.123.123:80 {
    transparent
  }
  tls my@email.addy {
    dns route53
    max_certs 200
  }
}

http://siteCantHandleSLL.com {
  proxy / 123.456.654.321:80 {
    transparent
  }
  tls off
}

This gives me a different error:

siteCanHandleSSL.com {
  proxy / 123.123.123.123:80 {
    transparent
  }
  tls my@email.addy {
    dns route53
    max_certs 200
  }
}

https://siteCantHandleSLL.com {
  redir http://{host}{uri}
  tls off
}

http://siteCantHandleSLL.com {
  proxy / 123.456.654.321:80 {
    transparent
  }
  tls off
}

❯ curl https://surrain.com curl: (60) SSL certificate problem: Invalid certificate chain More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.

~ ❯ curl -k https://surrain.com No such site at :443%

Aaron Surrain
  • 113
  • 6
  • What is the exact request you are making that gives out that "No such site" error? Please provide CURL commad and output with headers. – Tero Kilkanen Mar 13 '17 at 09:01
  • https://surrain.com in a browser. I've been getting different results in different browsers and with curl using https://surrain.com or curl surrain.com:443. – Aaron Surrain Mar 14 '17 at 01:07
  • Please include the output of all the different responses to your question. I tried to CURL both http and https for the domain and they both end up with connection refused which means there is no web server running or access is filtered. – Tero Kilkanen Mar 14 '17 at 01:57
  • Sorry. The server was down when you tried. – Aaron Surrain Mar 15 '17 at 16:34

1 Answers1

0

In order to establish a valid SSL connection to a domain, the server must have a valid certificate for that domain. Otherwise you will get error message about invalid certificate.

If you want to redirect from HTTPS to HTTP, you need the a valid certificate. This is because SSL is below HTTP, and the HTTP redirect response is sent after a valid SSL connection has been setup.

The best you can do is to host HTTP only domains on a server that has no server listening to SSL port. This means you need a separate server for your HTTPS/HTTP and plain HTTP sites.

Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58