Access.log permission denied when using log and route53

I know this issue is quite close to Open access.log: permission denied, but since there didn’t seem to be a solution in there I want to touch it again.

We have a very similar setup with the recommended systemd unit configuration and a Caddyfile that defines a number of hosts with a tls { dns route53 } and log / /var/log/hosts.log "{combined}" {…} in each.

With that constellation Caddy fails during start up

Activating privacy features... done.
2019/01/23 11:05:42 open access.log: permission denied

Only thing that seems to solve it is one of each

  • Removing tls {…}
  • Removing log …
  • Setting WorkingDirectory=/var/tmp in systemd unit configuration

The latter will create an empty /var/tmp/access.log file. My thoughts are that the route53 plugin doesn’t obey log directions?

Other than setting the working directory do you have any other suggestions as to how I can steer the location of that access.log log?

Hi @mwl, welcome to the Caddy community.

Looks like this is where the logging tries to open the output file at startup:

If your access log in /var/tmp/access.log is empty but the other one is full, that implies that it’s just opening it and then closing it immediately to move over to the log roller. But the same file path is fed to the log roller as the OpenFile function. Hmm, I haven’t looked at the DNS plugin, but it’s strange that the temp file is called access.log when you configured it to use hosts.log.

It’ll bear some investigating. Would you mind filling out an issue template at

Thanks @Whitestrake. I had another go at this issue, but now I can’t seem to replicate. So that’s why I haven’t created any issues.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.