Basic PHP example?

1. Caddy version (caddy version):

2

2. How I run Caddy:

I’m not sure what you mean by this. I have caddy v2 installed on Alma Linux VPS. I also have php 7.4 (including php-fpm and php-cgi) installed. I started caddy using

systemctl enable --now caddy

after setting up the Caddyfile and copying my php file into the docroot.

a. System environment:

Alma Linux

b. Command:

systemctl start caddy

c. Service/unit/compose file:

nope

N/A

d. My complete Caddyfile or JSON config:

www.arc2services.co.uk:80

root * /var/www/html
php_fastcgi /info/* localhost:9000
file_server
log {
        output file /var/log/caddy/access.log
}

3. The problem I’m having:

If I put an index.html file into /var/www/html, Caddy will serve that.
However, it won’t serve index.php; neither in that folder, nor in any subfolder.

4. Error messages and/or full log output:

{"level":"error","ts":1643069928.889307,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"197.94.92.56:63238","proto":"HTTP/1.1","method":"GET","host":"www.arc2services.co.uk","uri":"/info","headers":{"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"],"Accept-Language":["en-GB,en;q=0.9"],"Accept-Encoding":["gzip, deflate"],"Connection":["keep-alive"]}},"common_log":"197.94.92.56 - - [25/Jan/2022:00:18:48 +0000] \"GET /info HTTP/1.1\" 404 0","user_id":"","duration":0.000124706,"size":0,"status":404,"resp_headers":{"Server":["Caddy"]}}

Here is an example of the request:

Summary
URL: http://www.arc2services.co.uk/
Status: 404 Not Found
Source: Network
Address: 77.68.122.128:80

Request
GET / HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Upgrade-Insecure-Requests: 1
Host: www.arc2services.co.uk
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15
Accept-Language: en-GB,en;q=0.9
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response
HTTP/1.1 404 Not Found
Date: Tue, 25 Jan 2022 00:37:48 GMT
Content-Length: 0
Server: Caddy

Here’s another similar one:

Summary
URL: http://www.arc2services.co.uk/info/
Status: 502 Bad Gateway
Source: Network
Address: 77.68.122.128:80

Request
GET /info/ HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Upgrade-Insecure-Requests: 1
Host: www.arc2services.co.uk
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15
Accept-Language: en-GB,en;q=0.9
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response
HTTP/1.1 502 Bad Gateway
Date: Tue, 25 Jan 2022 00:38:27 GMT
Content-Length: 0
Server: Caddy

5. What I already tried:

I tried the config shown. I also tried putting the index.php file in the /var/www/html folder with this config:

www.arc2services.co.uk:80

root * /var/www/html
php_fastcgi localhost:9000
file_server
log {
        output file /var/log/caddy/access.log
}

I also tried it with php:9000 and 127.0.0.1:9000 instead of `localhost:9000. Why 9000 btw? How does that correlate with PHP?

6. Links to relevant resources:

Port 9000 is the port that php-fpm usually listens to by default, if configured to listen over a TCP socket.

Your default installation of php-fpm might instead be listening using a unix socket file. Look into php-fpm’s configuration to find out.

You can read equivalent php-fpm + nginx setup guides, the process is exactly the same when it comes to PHP. (There just happen to be more nginx guides on this topic in general).

These are only your access logs. Caddy’s runtime logs are emitted to stdout/stderr. You can find them in the journal, since you’re running Caddy as a systemd service. Read this page in the docs to better understand:

Make sure to enable to debug global option by adding this at the top of your Caddyfile, to make Caddy log more detailed information:

{
	debug
}

I’m also seeing these in systemctl status caddy

Jan 25 00:44:34 mnr-prod caddy[48883]: {"level":"debug","ts":1643071474.6830575,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_addr":"197.94.92.56:63487","proto":"HTTP/1.1","met>
Jan 25 00:44:34 mnr-prod caddy[48883]: {"level":"debug","ts":1643071474.6831837,"logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_addr":"197.94.92.56:63487","proto":"HTTP/>
Jan 25 00:44:34 mnr-prod caddy[48883]: {"level":"debug","ts":1643071474.685986,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"localhost:9000","duration":0.002843344,"request":>
Jan 25 00:44:34 mnr-prod caddy[48883]: {"level":"error","ts":1643071474.686059,"logger":"http.log.error.log0","msg":"dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused","request":{"remote>
Jan 25 00:44:34 mnr-prod caddy[48883]: {"level":"error","ts":1643071474.6860945,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"197.94.92.56:63487","proto":"HTTP/1.1","meth>
Jan 25 00:44:42 mnr-prod caddy[48883]: {"level":"debug","ts":1643071482.4218385,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_addr":"197.94.92.56:63487","proto":"HTTP/1.1","met>
Jan 25 00:44:42 mnr-prod caddy[48883]: {"level":"debug","ts":1643071482.4219458,"logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_addr":"197.94.92.56:63487","proto":"HTTP/>
Jan 25 00:44:42 mnr-prod caddy[48883]: {"level":"debug","ts":1643071482.4227202,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"localhost:9000","duration":0.000789078,"request">
Jan 25 00:44:42 mnr-prod caddy[48883]: {"level":"error","ts":1643071482.4228146,"logger":"http.log.error.log0","msg":"dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused","request":{"remot>
Jan 25 00:44:42 mnr-prod caddy[48883]: {"level":"error","ts":1643071482.4228559,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"197.94.92.56:63487","proto":"HTTP/1.1","meth>
lines 1-21/21 (END)

And this from jounralctl | grep caddy

Jan 25 00:44:42 mnr-prod caddy[48883]: {"level":"debug","ts":1643071482.4227202,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"localhost:9000","duration":0.000789078,"request":{"remote_addr":"197.94.92.56:63487","proto":"HTTP/1.1","method":"GET","host":"www.arc2services.co.uk","uri":"/index.php","headers":{"X-Forwarded-Proto":["http"],"X-Forwarded-For":["197.94.92.56"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"],"Accept-Language":["en-GB,en;q=0.9"],"Accept-Encoding":["gzip, deflate"]}},"error":"dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused"}
Jan 25 00:44:42 mnr-prod caddy[48883]: {"level":"error","ts":1643071482.4228146,"logger":"http.log.error.log0","msg":"dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused","request":{"remote_addr":"197.94.92.56:63487","proto":"HTTP/1.1","method":"GET","host":"www.arc2services.co.uk","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"],"Accept-Language":["en-GB,en;q=0.9"],"Accept-Encoding":["gzip, deflate"],"Connection":["keep-alive"]}},"duration":0.001082838,"status":502,"err_id":"d2krw1acd","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
Jan 25 00:44:42 mnr-prod caddy[48883]: {"level":"error","ts":1643071482.4228559,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"197.94.92.56:63487","proto":"HTTP/1.1","method":"GET","host":"www.arc2services.co.uk","uri":"/","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"],"Accept-Language":["en-GB,en;q=0.9"],"Accept-Encoding":["gzip, deflate"],"Connection":["keep-alive"],"Upgrade-Insecure-Requests":["1"]}},"common_log":"197.94.92.56 - - [25/Jan/2022:00:44:42 +0000] \"GET / HTTP/1.1\" 502 0","user_id":"","duration":0.001082838,"size":0,"status":502,"resp_headers":{"Server":["Caddy"]}}

I tried it with the socket instead and I get this:

Jan 25 00:52:40 mnr-prod caddy[48883]: {"level":"error","ts":1643071960.0659325,"logger":"http.log.error.log0","msg":"dialing backend: dial unix /run/php/php7.4-fpm.sock: connect: no such file or directory","request":{"remote_addr":"197.94.92.56:63681","proto":"HTTP/1.1","method":"GET","host":"www.arc2services.co.uk","uri":"/info/","headers":{"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"],"Accept-Language":["en-GB,en;q=0.9"],"Accept-Encoding":["gzip, deflate"],"Connection":["keep-alive"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"]}},"duration":0.000392071,"status":502,"err_id":"5m0sybmjh","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
Jan 25 00:52:40 mnr-prod caddy[48883]: {"level":"error","ts":1643071960.0659552,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"197.94.92.56:63681","proto":"HTTP/1.1","method":"GET","host":"www.arc2services.co.uk","uri":"/info/","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"],"Accept-Language":["en-GB,en;q=0.9"],"Accept-Encoding":["gzip, deflate"],"Connection":["keep-alive"],"Upgrade-Insecure-Requests":["1"]}},"common_log":"197.94.92.56 - - [25/Jan/2022:00:52:40 +0000] \"GET /info/ HTTP/1.1\" 502 0","user_id":"","duration":0.000392071,"size":0,"status":502,"resp_headers":{"Server":["Caddy"]}}

Notice that the logs are truncated when you use systemctl status caddy. Use the command in the docs to see your logs, it’s the best way to see them without truncation.

Make sure the socket file actually exists. Check your php-fpm config to make sure you’re using the mode you expect.

Thanks that helped! One further problem I’m having now though are folder write permissions.
I’ve created a user for the app my_app and added that group to the caddy group. I’ve ensured that the whole app folder is owned by my_app:caddy. I then set the php-fpm conf file to use the caddy user. But I’m still getting errors writing to e.g. the logs folder, which has 775 permissions. Any ideas?

Where are those files? The systemd service has some Protect* options which additionally prevent access to certain system paths to avoid overreach.

If you’re talking about php-fpm not writing logs (not Caddy) then that’s kinda out of scope of these forums.

I’m talking about the app not being able to write logs to it’s own folder.

Right, well that’s not Caddy doing that, but PHP.

This topic was automatically closed after 30 days. New replies are no longer allowed.