Caddy: Placeholders are not replaced on On-Demand-TLS Ask URL

Created on 14 Dec 2020  路  3Comments  路  Source: caddyserver/caddy

I am trying to build a Caddy configuration that can cater to multiple environments (production, staging, local development).
To achieve this, I want to use environment variables for the base host names/urls, via the {env.*} placeholder. This works great in addresses, route matches and upstream reverse-proxy configuration.

Unfortunately, using the same approach does currently not work when using On-Demand-TLS with the ask property because the placeholder is not replaced at runtime:

2020/12/14 21:49:44.939 DEBUG   http.stdlib http: TLS handshake error from [::1]:62116: parsing ask URL: parse "http://{env.API_HOST}/domain-check": invalid character "{" in host name

Here's the relevant part of the config:

{
    [...]

    # Configure On-Demand-TLS for user sites with custom domains
    # https://caddyserver.com/docs/automatic-https#on-demand-tls
    on_demand_tls {
        ask "http://{env.API_HOST}/domain-check"
        burst 25
        interval 2m
    }
}

https:// {
    [...]

    tls "[email protected]" {
        protocols "tls1.2"
        on_demand
    }

    respond "Hello, World"
}
feature request good first issue
Source
picture simonalbrecht

Most helpful comment

I'd like to work on this.

picture gdhameeja on 10 Jan 2021
👍2

All 3 comments

You should instead be using the {$ENV} style environment variables. Those are replaced at Caddyfile-parse time, but {env.ENV} style are replaced at runtime.

https://caddyserver.com/docs/caddyfile/concepts#environment-variables

That said, for JSON config users, it still probably makes sense to support this anyways.

As an aside, protocols "tls1.2" is not a useful line in your config, because Caddy v2's default minimum is tls1.2 already. You can remove that.

francislavoie picture francislavoie on 15 Dec 2020
👍2

@francislavoie Thanks for the tip! I really did miss the point regarding the variable replacement at parse time vs runtime. Everything works now as expected.

Would you like to keep this issue open for the JSON config users?

simonalbrecht picture simonalbrecht on 15 Dec 2020

I'd like to work on this.

gdhameeja picture gdhameeja on 10 Jan 2021
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mikolysz picture mikolysz  路  3Comments
billop picture billop  路  3Comments
lorddaedra picture lorddaedra  路  3Comments
whs picture whs  路  3Comments
PhilmacFLy picture PhilmacFLy  路  3Comments