Caddy: Caddy trying to start on port 80 without any HTTPS sites defined

Created on 23 Jan 2020 · 10Comments · Source: caddyserver/caddy

1. My Caddy version (`caddy -version`):

v2.0.0-beta.13 h1:QL0JAepFvLVtOatABqniuDRQ4HmtvWuuSWZW24qVVtk=

2. How I run Caddy:

./caddy run Caddyfile

a. System environment:

Ubuntu 18.04

b. Command:

./caddy run Caddyfile

d. My complete Caddyfile:

        #
        # hass
        #
        http://hass.lcl.info:9999 {
            reverse_proxy / http://172.18.0.5 {
            }
        }

3. The problem I'm having:

Caddy tries to start on port 80 despite not having anything to serve on that port.

Alternatively, it may want to start on port 80 to provide a Let's Encrypt challenge endpoint but there are not HTTPS services in the Caddyfile

4. Error messages and/or full log output:

2020/01/23 13:39:39.260 INFO    using adjacent Caddyfile
2020/01/23 13:39:39.262 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["localhost:2019"]}
2020/01/23 13:39:39.262 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2020/01/23 13:39:39.263 INFO    http    enabling automatic TLS certificate management   {"domains": ["hass.lcl.info"]}
2020/01/23 14:39:39 [INFO][cache:0xc0003b3e00] Started certificate maintenance routine
run: loading initial config: loading new config: http app module: start: tcp: listening on :80: listen tcp :80: bind: address already in use

bug

Source

wsw70

All 10 comments

This appears to be a bug in the Caddyfile adapter: when it calls autoHTTPSHosts(), it gets a list of hostnames from the keys of the site block but the returned list strips the scheme and port information, which is necessary to decide which hostnames should get automatic HTTPS.

mholt on 23 Jan 2020

Thanks for the information. This means that the port 80 is opened (or attempted to open) for the LE challenge, right?

If this is the case is there a way to open it on another port and have the challenge fail? Would HTTP for the site still be available? Or is it a blocking issue (in the sense that no HTTP sites can be exposed)?

wsw70 on 23 Jan 2020

I'm not sure yet, feel free to dive into the code and help debug it :) I'm sick right now so I'm not getting a whole lot of critical thinking done...

Maybe it's not trying to get a cert for the site but is just setting up HTTP->HTTPS redirects when it doesn't need to.

mholt on 23 Jan 2020

@wsw70 Could you try commit 8b2ad61 which I just pushed? It fixed the issue for me. Please confirm!

mholt on 23 Jan 2020

@mholt I have not compiled Go programs yet, I will set this up and let you know.

wsw70 on 24 Jan 2020

@wsw70 Any update? I will assume this is fixed unless I hear otherwise.

mholt on 4 Feb 2020

👍1

@wsw70 Could you try commit 8b2ad61 which I just pushed? It fixed the issue for me. Please confirm!

Confirmed from my end!

TTy32 on 27 Mar 2020

👍1

What is the definitive solution for this issue?

I have tried this Caddyfile:

{
  auto_https disable_redirects
}


:443 {
  tls /etc/caddy/fullchain.pem /etc/caddy/privkey.pem
}

# Other config

... and the following error occur:

{"level":"info","ts":1590408669.3928888,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
run: adapting config using caddyfile: unrecognized parameter name: auto_https

What is the correct configuration to disable the redirect from port 80?