Placeholders are not replaced on On-Demand-TLS Ask URL

[simonalbrecht]

I am trying to build a Caddy configuration that can cater to multiple environments (production, staging, local development).
To achieve this, I want to use environment variables for the base host names/urls, via the {env.*} placeholder. This works great in addresses, route matches and upstream reverse-proxy configuration.

Unfortunately, using the same approach does currently not work when using On-Demand-TLS with the ask property because the placeholder is not replaced at runtime:

2020/12/14 21:49:44.939	DEBUG	http.stdlib	http: TLS handshake error from [::1]:62116: parsing ask URL: parse "http://{env.API_HOST}/domain-check": invalid character "{" in host name

Here's the relevant part of the config:

{
    [...]

    # Configure On-Demand-TLS for user sites with custom domains
    # https://caddyserver.com/docs/automatic-https#on-demand-tls
    on_demand_tls {
        ask "http://{env.API_HOST}/domain-check"
        burst 25
        interval 2m
    }
}

https:// {
    [...]

    tls "example@mail.com" {
        protocols "tls1.2"
        on_demand
    }

    respond "Hello, World"
}

[francislavoie]

You should instead be using the {$ENV} style environment variables. Those are replaced at Caddyfile-parse time, but {env.ENV} style are replaced at runtime.

https://caddyserver.com/docs/caddyfile/concepts#environment-variables

That said, for JSON config users, it still probably makes sense to support this anyways.

---

As an aside, protocols "tls1.2" is not a useful line in your config, because Caddy v2's default minimum is tls1.2 already. You can remove that.

[simonalbrecht]

@francislavoie Thanks for the tip! I really did miss the point regarding the variable replacement at parse time vs runtime. Everything works now as expected.

Would you like to keep this issue open for the JSON config users?

[gdhameeja]

I'd like to work on this.