diff options
| author | yyamashita <yyamashita@hetzner.yyamashita.com> | 2026-07-03 00:26:47 +0900 |
|---|---|---|
| committer | yyamashita <yyamashita@hetzner.yyamashita.com> | 2026-07-03 00:26:47 +0900 |
| commit | 579daf4aa1875a739c084ea7051e6b4d203f0c69 (patch) | |
| tree | e1b581cee0b3f183b5859e9b780bf1f246bb959d | |
| parent | 8eaf524e3d605473fdf4ddb373ed0b4708a95f61 (diff) | |
Fix HTTP proxy: use catch-all http:// block for port 80
The forward_proxy site block must catch all hosts on port 80 because
proxy clients send Host: <target> not Host: proxy.yyamashita.com.
Non-proxy requests fall through to the redir for HTTPS upgrade.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
| -rw-r--r-- | caddy/entrypoint.sh | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/caddy/entrypoint.sh b/caddy/entrypoint.sh index f9b9c19..ecf2e90 100644 --- a/caddy/entrypoint.sh +++ b/caddy/entrypoint.sh @@ -15,9 +15,10 @@ fi AUTH_BLOCK=$(printf '%b' "$AUTH_LINES") cat > "$PROXY_CONF" <<EOF -http://proxy.yyamashita.com { +http:// { forward_proxy { ${AUTH_BLOCK} } + redir https://{host}{uri} 308 } https://proxy.yyamashita.com { tls { |
