1. The problem I’m having:
upgraded from caddy 2.8.4 to caddy 2.9.0 and caddy won’t start. error logging doesn’t give much of a hint. was there a breaking change between versions regarding config operators?
2. Error messages and/or full log output:
2025/01/01 01:00:10.971 e[34mINFOe[0m shutting down apps, then terminating {"signal": "SIGTERM"}
2025/01/01 01:00:10.972 e[33mWARNe[0m exiting; byeee!! 👋 {"signal": "SIGTERM"}
2025/01/01 01:00:10.973 e[34mINFOe[0m http servers shutting down with eternal grace period
2025/01/01 01:00:15.007 e[34mINFOe[0m http.acme_client got renewal info {"names": ["facts.eiphax.tech"], "window_start": "2025/01/11 14:31:28.000", "window_end": "2025/01/13 14:31:28.000", "selected_time": "2025/01/11 23:20:17.000", "recheck_after": "2025/01/01 07:00:15.007", "explanation_url": ""}
2025/01/01 01:00:15.007 e[34mINFOe[0m tls.cache.maintenance updated ACME renewal information {"identifiers": ["facts.eiphax.tech"], "cert_hash": "f170e8365490e6ffb796e40820fc75a57145a92cbca4dbca09893a8bc0604c3a", "ari_unique_id": "nytfzzwhT50Et-0rLMTGcIvS1w0.A1Gv6QgRZHDwPB6sAbZcDl3I", "cert_expiry": "2025/02/11 14:11:58.000", "selected_time": "2025/01/13 08:01:36.000", "next_update": "2025/01/01 07:00:15.007", "explanation_url": ""}
2025/01/01 01:00:15.076 e[34mINFOe[0m tls.cache.maintenance advancing OCSP staple {"identifiers": ["admin.uwu.tax"], "from": "2025/01/04 12:29:58.000", "to": "2025/01/08 00:59:58.000"}
there’s a SIGTERM here but i don’t know where it’s coming from.
3. Caddy version:
2.9.0, downgraded to 2.8.4 now
4. How I installed and ran Caddy:
a. System environment:
ubuntu lts 22.04 via systemd
b. Command:
via service unit
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target
OnFailure=crashmailserv@%n.service
StartLimitIntervalSec=10
StartLimitBurst=5
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
ExecStartPost=+/bin/systemctl start upmailserv@%n.service
StandardOutput=file:/var/www/logs/caddy-so.log
StandardError=file:/var/www/logs/caddy-se.log
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
Environment=DO_AUTH_TOKEN=a52dfe40dbc9288817ab5e134f6ff113891e4cbf7e67a1574c0810bc6b56b461
Restart=always
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
{
log {
format console
output file /var/www/logs/caddy-access.log {
roll_size 25mb
roll_keep 20
roll_keep_for 720h
}
}
}
(gen) {
encode gzip
uri strip_suffix .html
try_files {path} {path}.php {path}.html index.php index.html =404
php_fastcgi unix//var/run/php/php8.3-fpm.sock {
try_files {path} {path}.php index.php =404
}
handle /xmlrpc.php {
reverse_proxy :6969
}
file_server
}
(sticky) {
handle /wp* {
reverse_proxy :6969
}
handle /.* {
reverse_proxy :6969
}
handle /env* {
reverse_proxy :6969
}
handle /xmlrpc.php {
reverse_proxy :6969
}
}
(e-gen) {
encode gzip
uri strip_suffix .html
try_files {path} {path}.php {path}.html index.php index.html
php_fastcgi unix//var/run/php/php8.3-fpm.sock {
try_files {path} {path}.php index.php
}
file_server
respond /seed/* "Gone" 410 {
close
}
respond /nh/* "Gone" 410 {
close
}
}
(dns) {
tls {
dns digitalocean redacted
}
}
(header-gen) {
log {
format console
output file /var/www/logs/caddy-access.log {
roll_size 25mb
roll_keep 20
roll_keep_for 720h
}
}
header {
-Server
Permissions-Policy interest-cohort=()
Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
X-XSS-Protection 1; mode=block
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
Content-Security-Policy "default-src 'self' 'unsafe-inline' data: *.google-analytics.com *.fontawesome.com *.googleapis.com *.gstatic.com *.jsdelivr.net *.bootstrapcdn.com *.eiphax.tech *.google.com secure.gravatar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: secure.gravatar.com *.eiphax.tech *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.google-analytics.com *.fontawesome.com *.googleapis.com *.jsdelivr.net *.bootstrapcdn.com;"
}
}
(bfm-header) {
header {
-Server
Permissions-Policy interest-cohort=()
Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
X-XSS-Protection 1; mode=block
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
Cache-Control no-cache, must-revalidate
Content-Security-Policy "default-src 'self' 'unsafe-inline' data: *.fontawesome.com *.googleapis.com *.gstatic.com *.jsdelivr.net *.bootstrapcdn.com *.eiphax.tech *.google.com i.imgur.com; script-src 'self' 'unsafe-eval'"
}
}
(dead) {
respond * "410 Gone" 410 {
close
}
}
eiphax.tech {
import sticky
header {
-Server
Permissions-Policy interest-cohort=()
Strict-Transport-Security "max-age=31536000; preload"
X-XSS-Protection 1; mode=block
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
Content-Security-Policy "default-src 'self' 'unsafe-inline' data: *.fontawesome.com *.googleapis.com *.gstatic.com *.jsdelivr.net *.bootstrapcdn.com *.eiphax.tech *.google.com secure.gravatar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: secure.gravatar.com *.eiphax.tech *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.google-analytics.com *.fontawesome.com *.googleapis.com *.jsdelivr.net *.bootstrapcdn.com;"
}
handle {
import e-gen
root * /var/www/eipmain/webroot
}
}
facts.eiphax.tech {
import header-gen
import sticky
handle {
root * /var/www/eipmain/facts
import gen
}
}
laundry.eiphax.tech {
import header-gen
import sticky
handle {
root * /var/www/eipmain/webroot/laundry
import gen
}
}
blog.eiphax.tech {
import header-gen
root * /var/www/blog
import gen
}
bytes.eiphax.tech {
import header-gen
root * /var/www/bytes
import gen
}
album.eiphax.tech {
import header-gen
import sticky
handle {
root * /var/www/lychee/public
import gen
}
}
secrets.eiphax.tech {
import sticky
header {
-Server
Permissions-Policy interest-cohort=()
Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
X-XSS-Protection 1; mode=block
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
Content-Security-Policy "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
}
handle {
root * /var/www/eipbin
import gen
}
}
3ds.eiphax.tech {
@ytbad {
header Referer *youtube.com*
}
@ytbad2 {
header Referer *youtu.be*
}
rewrite @ytbad /youtube.php
rewrite @ytbad2 /youtube.php
import header-gen
import sticky
handle {
root * /var/www/eipmain/3ds
import gen
}
}
http://wiiu.eiphax.tech {
@ytbad {
header Referer *youtube.com*
}
@ytbad2 {
header Referer *youtu.be*
}
rewrite @ytbad /youtube.php
rewrite @ytbad2 /youtube.php
import sticky
handle {
root * /var/www/eipmain/wiiu
import gen
}
}
https://wiiu.eiphax.tech {
@ytbad {
header Referer *youtube.com*
}
@ytbad2 {
header Referer *youtu.be*
}
rewrite @ytbad /youtube.php
rewrite @ytbad2 /youtube.php
import header-gen
import sticky
handle {
root * /var/www/eipmain/wiiu/resources
import gen
}
}
nx.eiphax.tech {
@ytbad {
header Referer *youtube.com*
}
@ytbad2 {
header Referer *youtu.be*
}
rewrite @ytbad /youtube.php
rewrite @ytbad2 /youtube.php
import header-gen
import sticky
handle {
root * /var/www/eipmain/nx
import gen
}
}
nintendohomebrew.com {
header {
Strict-Transport-Security "max-age=31536000; preload"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
}
handle_errors {
rewrite * /{http.error.status_code}
reverse_proxy https://http.cat {
header_up Host http.cat
}
}
import sticky
handle {
root * /var/www/eipmain/nh
respond /seed/* "Gone" 410 {
close
}
import gen
}
}
http://bhax.nintendohomebrew.com {
import sticky
handle {
root * /var/www/bhax/web/nbhax
try_files {path} {path}.html
encode gzip
}
}
bfm.nintendohomebrew.com, seedminer.hacks.guide {
import bfm-header
import sticky
handle {
root * /var/www/eipmain/nh/seed
reverse_proxy localhost:8082
encode gzip
file_server
}
}
http://part1dumper.nintendohomebrew.com https://part1dumper.nintendohomebrew.com {
reverse_proxy localhost:8081
}
shitpost.lol {
import header-gen
import sticky
handle {
root * /var/www/sp
import gen
}
}
hacc.me please.hacc.me {
import header-gen
import sticky
handle {
root * /var/www/hacc
import gen
}
}
friigaemsworld.com {
import header-gen
import sticky
handle {
root * /var/www/frigam
import gen
}
}
uwu.tax {
reverse_proxy localhost:4444
php_fastcgi unix//var/run/php/php8.3-fpm.sock {
try_files {path} {path}.php index.php =404
}
}
admin.uwu.tax {
import header-gen
import sticky
handle {
root * /var/www/uwu-admin
import gen
}
}
conversation.id {
import header-gen
import sticky
handle {
root * /var/www/conv
import gen
}
}
puebes.com {
import header-gen
import sticky
handle {
root * /var/www/puebes
import gen
}
}
four.family {
import header-gen
import sticky
handle {
root * /var/www/four
import gen
}
}
230421.wedding {
import header-gen
import sticky
handle {
root * /var/www/wedding
import gen
}
}
photos.230421.wedding {
import header-gen
import sticky
handle {
root * /mnt/wedding/lychee/public
import gen
}
}
durriesberg.biz {
import header-gen
root * /var/www/dberg
import gen
}
news.eiphax.tech {
import header-gen
root * /var/www/news
import gen
}
blep.co {
import dead
}
photos.four.family {
import header-gen
import sticky
handle {
root * /mnt/charlie/public
import gen
}
}
photos.moonaglio.wedding photos.agliomoon.wedding moonaglio.wedding agliomoon.wedding {
import header-gen
import sticky
handle {
root * /var/www/moonaglio/public
import gen
}
}
garden.eiphax.tech {
import header-gen
import sticky
handle {
redir https://blog.eiphax.tech/?p=269 permanent
}
}
rules.eiphax.tech {
import header-gen
import sticky
handle {
root * /var/www/eipmain/webroot/rules
import gen
}
}
mkey.nintendohomebrew.com {
reverse_proxy localhost:5555
}
tarpit.eiphax.tech {
import header-gen
import sticky
handle {
import gen
root * /var/www/temp
}
}
logs.eiphax.tech {
import header-gen
import sticky
handle {
basic_auth {
crc $2a$14$JInGtTqZ0d5MneOBIKZAgu61JFiZHP3UlPxVSAOLsvLovgmwii8Hq
}
root * /var/www/logs
@logs {
path *.log
}
header @logs {
Content-Type text-plain
Content-Disposition inline
}
import gen
}
}
expertfinancialservices.org {
import header-gen
root * /var/www/finance
import gen
}
totk.eiphax.tech {
import dead
}
words.eiphax.tech {
import header-gen
root * /var/www/story
import gen
}
story.eiphax.tech {
import dead
}
store.eiphax.tech {
import header-gen
import sticky
handle {
rewrite /api /api/
@api-rewrite path_regexp api ^/api/(.*)
rewrite @api-rewrite /webservice/dispatcher.php?url={re.api.1}
@img-rewrite path_regexp img ^/images_ie/?([^/]+)\.(jpe?g|png|gif)$
rewrite @img-rewrite /js/jquery/plugins/fancybox/images/{re.img.1}.{re.img.2}
root * /var/www/store
encode gzip
uri strip_suffix .php
php_fastcgi unix//var/run/php/php8.3-fpm.sock {
try_files {path} {path}.php index.php =404
}
handle /xmlrpc.php {
reverse_proxy :6969
}
file_server
}
}
passvault.eiphax.tech {
import header-gen
import sticky
reverse_proxy localhost:3284 {
header_up X-Real-IP {remote_host}
}
}
oycrunk.eiphax.tech {
import header-gen
root * /var/www/oycrunk
import gen
}
fordspencer.au {
import header-gen
root * /var/www/fordspencer
import gen
}
fusee.nintendohomebrew.com {
import header-gen
root * /var/www/fusee
import gen
}
soap.nintendohomebrew.com {
import header-gen
import sticky
reverse_proxy localhost:8085 {
header_up X-Real-IP {remote_host}
}
}
fusee.eiphax.tech {
redir https://fusee.nintendohomebrew.com permanent
}
mkey.eiphax.tech {
redir https://mkey.nintendohomebrew.com permanent
}
skater.nintendohomebrew.com {
import header-gen
root * /var/www/skater/docs
import gen
}
luma3ds.com {
import header-gen
root * /var/www/luma
import gen
}
bin.eiphax.tech {
redir https://secrets.eiphax.tech/ permanent
}
ethalism.org {
import header-gen
root * /var/www/ethalism
import gen
}