hostname appears in more than one automation policy

[kayg04]

Hello!

In Caddy v1, I had the following configuration where the root domain was handled by a CMS while a subpath served a custom index.html:

film.kayg.org {
    import acme
    import security_headers_csp

    proxy / http://film-blog:2368 {
      transparent
      websocket
    }
  }

  film.kayg.org/log {
     import acme
     import security_headers_csp

     root /personal-1/film-log
  }

When I try to achieve the same with Caddy v2 as:

film.kayg.org {
  import security

  reverse_proxy http://film-blog:2368
}

film.kayg.org/log {
  root * /personal-1/film-log
  file_server
}

I get an error saying: run: adapting config using caddyfile: hostname appears in more than one automation policy, making certificate management ambiguous: film.kayg.org.

I've also tried:

film.kayg.org {
  import security
  # or /log/*
  root /log /personal-1/film-log
  file_server
  reverse_proxy http://film-blog:2368
}

but the above results in 404 file not found served by the CMS handling the root domain. Is it not possible to have both root and reverse_proxy directives in the same server block? Can I emulate the same behaviour from v1 somehow?

Thanks.

[francislavoie]

What's happening is that the reverse_proxy is handling all the requests because it's never being excluded from the match. When using the Caddyfile, directives have a specific directive order they follow. reverse_proxy is ordered before file_server, so it takes precedence. To avoid that, you need to tell to not match requests for /log/*. It's safe to always set root because all that does is set a variable, it doesn't do anything on its own.

film.kayg.org {
  import security
  root * /personal-1/film-log

  @notLog {
    not path /log/*
  }
  reverse_proxy @notLog http://film-blog:2368

  file_server
}

For next time, please ask your usage questions on the Caddy community forums. We prefer to keep the GitHub issue board for bugs and feature requests.

[mholt]

Indeed, this is one situation where @francislavoie 's method is probably the best way to do it in the Caddyfile, or frankly using the JSON directly may even be more elegant (you won't need the "not" matcher at all if you craft the JSON yourself).

This is to be expected, as the Caddyfile is fundamentally less flexible than the JSON.

Also this is a good thing; in v2 we're exposing a bug that wasn't caught in v1.

[kayg04]

@francislavoie, I'll keep that in mind from next time. Apologies and thank for your answer. However your solution only seems to work when there's an actual log folder inside /personal-1/film-log. What I wanted to achieve is /personal-1/film-log/index.html getting served when https://film.kayg.org/log is accessed. Can that be done?

[kayg04]

Seems like what i want can be achieved with this:

film.kayg.org {
  import security

  handle /log/* {
    root * /personal-1/film-log
    uri strip_prefix /log
    file_server
  }

  handle {
    reverse_proxy http://film-blog:2368
  }
}

Here's a bit of explanation about the usage, should anyone find it helpful.

[mholt]

That's a great use of the new handle directive!

[zyclonite]

@mholt how would you solve using the same domain but different ports with a Caddyfile?

https://film.kayg.org:443, https://film.kayg.org:8443 {
  tls
  ...
}

worked with caddy1 but not in caddy2

[mholt]

@zyclonite Please ask usage questions on our forum: https://caddy.community - be sure to fill out the full template so we can reproduce the problem you're having.

[zyclonite]

@mholt it's definitely related to this issue but i can create a separate one if needed...

and my above example holds all required details to reproduce it

just try to run caddy with the same domain but two different ports with "automatic https enabled" (you can put it in one block with a comma like above or in separate ones, no difference) i even guess that kayg04 did run into the same issue but with the path and not the port... but this could be solved with taking it into a handler of the same block - this does not work with the port

[francislavoie]

As Matt said, please ask your usage questions on the Caddy community forums. We prefer to keep the GitHub issue board for bugs and feature requests. Don't forget to fill out the thread template so we can help you!