Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

308 http to https redirect does not work with some ISPs #3722

Closed
m90 opened this issue Sep 14, 2020 · 6 comments
Closed

308 http to https redirect does not work with some ISPs #3722

m90 opened this issue Sep 14, 2020 · 6 comments
Labels
question ❔ Help is being requested

Comments

@m90
Copy link
Contributor

m90 commented Sep 14, 2020
edited
Loading

I am seeing an issue where some ISPs (9 Mobile in Nigeria for example) do not correctly handle the 308 Permanent Redirect that Caddy responds with when upgrading an http Request to https. Clients will instead see a blank page saying Service unavailable and a ISP Logo that got MITMed. Upgrading a request via 301 Moved Permanently works as expected on such connections.

This is not really Caddy's fault (9 Mobile also injects ads into everything sent over http and similar), yet it means we can't really use Caddy in such markets as it cuts off everyone from our product that does not provide the https protocol in the URL. I can see the status code for this redirect is hard coded and not configurable here:

caddy/modules/caddyhttp/autohttps.go

Line 324 in 66863aa

StatusCode: WeakString(strconv.Itoa(http.StatusPermanentRedirect)),

Is there any way for us to make Caddy respond with a 301 instead?
@francislavoie
Copy link
Member

francislavoie commented Sep 14, 2020
edited
Loading

Strange. That's unfortunate.

You can override the existing redirects by setting up a site block like this:

http:// {
    redir https://{hostport}{uri} 301
}

For next time, please ask your usage questions on the Caddy community forums. We prefer to keep the GitHub issue board for bugs and feature requests. Don't forget to fill out the thread template so we can help you!

@francislavoie francislavoie added the question ❔ Help is being requested label Sep 14, 2020
@lscgzwd
Copy link

lscgzwd commented Nov 26, 2020

solved my problem

@m90
Copy link
Contributor Author

m90 commented Jan 25, 2022
edited
Loading

In case anyone comes across this issue in 2022 or later, the above snippet does not work with newer versions (post 2.4.3 if I'm correct) of Caddy anymore. To get it working you will need to configure auto_https disable_redirects in addition: https://caddy.community/t/cant-get-non-default-https-upgrade-to-work/14836/4

{
  auto_https disable_redirects
}

http:// {
    redir https://{hostport}{uri} 301
}

@mholt
Copy link
Member

mholt commented Jan 25, 2022

I admit, that is a bit confusing 🤔 (It's not obvious why you'd have to disable the auto-redirects when you're manually overriding them anyway.) This might deserve a special note in our docs, @francislavoie -- what do you think?

@francislavoie
Copy link
Member

Sure, we can make some docs adjustments for this.

@JayTechX
Copy link

In case anyone comes across this issue in 2022 or later, the above snippet does not work with newer versions (post 2.4.3 if I'm correct) of Caddy anymore. To get it working you will need to configure auto_https disable_redirects in addition: https://caddy.community/t/cant-get-non-default-https-upgrade-to-work/14836/4

{
  auto_https disable_redirects
}

http:// {
    redir https://{hostport}{uri} 301
}

Strange error, but this is a perfect fix.

@joemfb joemfb mentioned this issue Dec 8, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question ❔ Help is being requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mholt @m90 @francislavoie @lscgzwd @JayTechX