Closed omz13 closed 7 years ago
Can you please share the full Caddyfile? The snippet you gave by itself isn't particularly useful.
mava.omz13.com {
root /var/www/com.omz13.mava
ext .html
log / /var/log/caddy/mava.log {combined} {
rotate {
size 10 # Rotate after 10 MB
age 365 # Keep log files for a year
}
}
errors {
log /var/log/caddy/mava.err {
size 50 # Rotate after 50 MB
age 30 # Keep rotated files for 30 days
keep 5 # Keep at most 5 log files
}
404 404.html # not found
}
# because we're not wp
status 403 {
/wp-login.php
/wp-login/
/wp-login
}
header / X-Backend-Server "{hostname}"
header / strict-transport-security "max-age=10886400; includeSubDomains; preload"
header / -Server
header / X-Clacks-Overhead "GNU Terry Pratchett"
}
Ah, okay, so you want the header
directive to apply to the plaintext version of the same site.
This is a duplicate of #882, which is deferred for lack of a good way to fix the problem. My proposal there is an ugly breaking change which, frankly, I don't even like.
If there's a better way to solve this problem, I'm all ears, but for now I think you'll just have to define the HTTP version of the site yourself (and add the 1 line to do the redirect) if you want custom behavior for it. Sorry. :-/
1. What version of Caddy are you running (
caddy -version
)?0.9.3
2. What are you trying to do?
Caddy supports automatic upgrading from http to https. When it gets a http request, it responds with a 301 to redirect to the https equivalent. Excellent. But, when creating the 301 redirect the
header
directive is not implemented. This means any directives to add or remove headers are not active in that 301 response. I think that any applicable header directive should be respected during the 301 response for automatic https.3. What is your entire Caddyfile?
Here's the appropriate snippet. To add a few headers and remove the
Server
header.4. How did you run Caddy (give the full command and describe the execution environment)?
5. What did you expect to see?
6. What did you see instead (give full error messages and/or log)?
When accessing the site over http, the 301 redirect is:
As observed, none of the header directives have been executed, and the default headers sent.
If accessing the site via https, the headers are, of course, added or removed as per the header directive, e.g.:
I'm guessing that when the 301 is constructed the code logic to do the header add/remove isn't invoked.
7. How can someone who is starting from scratch reproduce this behavior as minimally as possible?