automatic http->https redirect not enabled on multiple bind addresses

[xrisk]

caddy (v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=) doesn’t automatically set up http redirects on both bind addresses if specified manually.

Caddyfile:

firefly.rishav.io {
	bind 10.0.0.189 [2603:c024:8002:9500:9eb:e5d3:3975:d056]
	reverse_proxy :9002
}

Caddy run logs

[root@caelid xrisk]# ./caddy run
2024/04/07 16:46:23.065	INFO	using adjacent Caddyfile
2024/04/07 16:46:23.066	INFO	admin	admin endpoint started	{"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/04/07 16:46:23.066	INFO	http.auto_https	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "srv0", "https_port": 443}
2024/04/07 16:46:23.066	INFO	http.auto_https	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2024/04/07 16:46:23.067	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0x4000117800"}
2024/04/07 16:46:23.067	INFO	http	enabling HTTP/3 listener	{"addr": "10.0.0.189:443"}
2024/04/07 16:46:23.067	INFO	http	enabling HTTP/3 listener	{"addr": "[2603:c024:8002:9500:9eb:e5d3:3975:d056]:443"}
2024/04/07 16:46:23.067	INFO	http.log	server running	{"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/04/07 16:46:23.067	INFO	http.log	server running	{"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/04/07 16:46:23.067	INFO	http	enabling automatic TLS certificate management	{"domains": ["firefly.rishav.io"]}
2024/04/07 16:46:23.068	INFO	autosaved config (load with --resume flag)	{"file": "/root/.config/caddy/autosave.json"}
2024/04/07 16:46:23.068	INFO	serving initial configuration
2024/04/07 16:46:23.070	WARN	tls	storage cleaning happened too recently; skipping for now	{"storage": "FileStorage:/root/.local/share/caddy", "instance": "b9c54b92-6d1f-4920-a2bb-de17458189c8", "try_again": "2024/04/08 16:46:23.070", "try_again_in": 86399.99999968}
2024/04/07 16:46:23.070	INFO	tls	finished cleaning storage units

ss output:

[root@caelid ~]# ss -tnlp 'sport = :80'
State        Recv-Q       Send-Q                                        Local Address:Port               Peer Address:Port       Process
LISTEN       0            4096               [2603:c024:8002:9500:9eb:e5d3:3975:d056]:80                         [::]:*           users:(("caddy",pid=23707,fd=7))
[root@caelid ~]# ss -tnlp 'sport = :443'
State    Recv-Q   Send-Q                                Local Address:Port       Peer Address:Port   Process
LISTEN   0        4096                                     10.0.0.189:443             0.0.0.0:*       users:(("caddy",pid=23707,fd=8))
LISTEN   0        4096       [2603:c024:8002:9500:9eb:e5d3:3975:d056]:443                [::]:*       users:(("caddy",pid=23707,fd=10))

—

Automatic http redirection works as expected if only one bind address is specified.

firefly.rishav.io {
	bind 10.0.0.189
	reverse_proxy :9002
}

[root@caelid xrisk]# ./caddy run
2024/04/07 16:50:34.883	INFO	using adjacent Caddyfile
2024/04/07 16:50:34.885	INFO	admin	admin endpoint started	{"address": "localhost:2019", "enforce_origin": false, "origins": ["//127.0.0.1:2019", "//localhost:2019", "//[::1]:2019"]}
2024/04/07 16:50:34.885	INFO	http.auto_https	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "srv0", "https_port": 443}
2024/04/07 16:50:34.885	INFO	http.auto_https	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2024/04/07 16:50:34.885	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0x4000535980"}
2024/04/07 16:50:34.886	INFO	http.log	server running	{"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/04/07 16:50:34.886	INFO	http	enabling HTTP/3 listener	{"addr": "10.0.0.189:443"}
2024/04/07 16:50:34.886	INFO	http.log	server running	{"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/04/07 16:50:34.886	INFO	http	enabling automatic TLS certificate management	{"domains": ["firefly.rishav.io"]}
2024/04/07 16:50:34.888	INFO	autosaved config (load with --resume flag)	{"file": "/root/.config/caddy/autosave.json"}
2024/04/07 16:50:34.888	INFO	serving initial configuration
2024/04/07 16:50:34.888	WARN	tls	storage cleaning happened too recently; skipping for now	{"storage": "FileStorage:/root/.local/share/caddy", "instance": "b9c54b92-6d1f-4920-a2bb-de17458189c8", "try_again": "2024/04/08 16:50:34.888", "try_again_in": 86399.99999964}
2024/04/07 16:50:34.888	INFO	tls	finished cleaning storage units

[root@caelid ~]# ss -tnlp 'sport = :443'
State    Recv-Q   Send-Q                                Local Address:Port       Peer Address:Port   Process
LISTEN   0        4096                                     10.0.0.189:443             0.0.0.0:*       users:(("caddy",pid=23787,fd=9))
[root@caelid ~]# ss -tnlp 'sport = :80'
State           Recv-Q           Send-Q                     Local Address:Port                     Peer Address:Port          Process
LISTEN          0                4096                          10.0.0.189:80                            0.0.0.0:*              users:(("caddy",pid=23787,fd=7))

[mholt]

@xrisk Thanks for the great simple report, with easy instructions to reproduce and verify. Easy fix too 😃

[xrisk]

@mholt thanks for the bugfix and your work on Caddy!