summaryrefslogtreecommitdiff
path: root/caddy/entrypoint.sh
diff options
context:
space:
mode:
authoryyamashita <yyamashita@hetzner.yyamashita.com>2026-07-03 00:26:47 +0900
committeryyamashita <yyamashita@hetzner.yyamashita.com>2026-07-03 00:26:47 +0900
commit579daf4aa1875a739c084ea7051e6b4d203f0c69 (patch)
treee1b581cee0b3f183b5859e9b780bf1f246bb959d /caddy/entrypoint.sh
parent8eaf524e3d605473fdf4ddb373ed0b4708a95f61 (diff)
Fix HTTP proxy: use catch-all http:// block for port 80
The forward_proxy site block must catch all hosts on port 80 because proxy clients send Host: <target> not Host: proxy.yyamashita.com. Non-proxy requests fall through to the redir for HTTPS upgrade. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Diffstat (limited to 'caddy/entrypoint.sh')
-rw-r--r--caddy/entrypoint.sh3
1 files changed, 2 insertions, 1 deletions
diff --git a/caddy/entrypoint.sh b/caddy/entrypoint.sh
index f9b9c19..ecf2e90 100644
--- a/caddy/entrypoint.sh
+++ b/caddy/entrypoint.sh
@@ -15,9 +15,10 @@ fi
AUTH_BLOCK=$(printf '%b' "$AUTH_LINES")
cat > "$PROXY_CONF" <<EOF
-http://proxy.yyamashita.com {
+http:// {
forward_proxy {
${AUTH_BLOCK} }
+ redir https://{host}{uri} 308
}
https://proxy.yyamashita.com {
tls {