Caddy 2 wordpress config

matt · April 8, 2020, 11:13pm

The current service file is designed to give you durability, ensuring that your config doesn’t change after a reboot. But reloading should work.

Did you solve your first question?

tweeniev2 · April 8, 2020, 11:36pm

yes. it’s working great right now.

my config is not changed after reboot. but when i reboot, everytime caddy starting with
localhost config (i think it’s equal to no config). i believe that somehow it’s not taking config in action automatically.

francislavoie · April 8, 2020, 11:40pm

Yes, that’s expected behaviour with the service file you’re currently using. Use sudo service caddy reload instead when you make config changes, not restart.

We have updated service files here that don’t have that issue:

It’s due to the --resume flag being in your service file, which clashes with your expectations.

tweeniev2 · April 8, 2020, 11:51pm

i noticed that you updated it, i got the latest service file. i am using ubuntu 19.10.

github.com

caddyserver/dist/blob/master/init/caddy.service

# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

This file has been truncated. show original

Right now my config file is located under /etc/caddy/Caddyfile. I am sure. I even gave chmod 777 to config file.

Also Caddy is running after reboot but with localhost config

tweeniev2 · April 9, 2020, 12:18am

i am basically doing:

caddy stop
caddy adapt
caddy start

otherwise i am just getting bad gateway in cloudflare.

francislavoie · April 9, 2020, 1:25am

What do you mean by “localhost config” ? Do you mean an old config that stuck around? If so, what’s that config? Got any logs? You’ll need to give us more information to go on here.

tweeniev2 · April 9, 2020, 2:03am

well i checked the logs, it was an issue with permissions. i gave chmod 777 to php-fpm sock and it’s fixed.

thanks a lot for your help.

Whitestrake · April 9, 2020, 2:30am

This may end up being a monumental mistake.

Anyone with file access can now exploit your entire server via PHP.

“But nobody has file access!” you might say.

Getting trivial file access via another exploit that may have been mitigated by proper security is now a critical data loss event instead. Depending on the purpose of your site, this could be quite bad.

The fact it works with chmod 777 should be taken as an invitation to solve the issue properly with the correct permissions. Please do not leave the PHP-FPM socket world-executable.

tweeniev2 · April 9, 2020, 3:17pm

I did chown caddy:caddy php7.3-fpm.sock
gave 644 to it.

any suggestions?

Whitestrake · April 11, 2020, 6:56am

Based on the unit file above, the socket ownership should be set to caddy:caddy and the permissions should be 0660.

This should be set in PHP’s php-fpm.conf file, rather than being done with chown/chmod.

ryanburnette · May 5, 2020, 5:18pm

I’m pretty sure WordPress will respond with 403 to any php files in the uploads directory on its own. I’m not sure what version started this behavior.

tweeniev2 · May 5, 2020, 5:48pm

Actually it’s working great (I am not accepting any file from visitors, but i tried that).

domain.com {
 respond /wp-content/uploads/*/*/*.php 404
 root * /root/dir
 php_fastcgi unix//run/php/php7.2-fpm.sock
 encode zstd gzip
 file_server
}

matt · May 5, 2020, 5:51pm

So what is the minimum needed to serve wordpress?

Something like this? Would this make a good example for the wiki?

example.com

root * /var/www/wordpress
php_fastcgi unix//run/php/php-version-fpm.sock
file_server

tweeniev2 · May 5, 2020, 5:55pm

yes. but also he/she need to edit php-fpm listener.
otherwise caddy installation could make it automatically if it detects php-fpm like nginx (from linux distro ) does.

ryanburnette · May 5, 2020, 6:16pm

I think that’s the right example. The permissions and php config are important, but they aren’t directly relevant to caddy, and you’ll have varying approaches. I’d stick to the most basic example and let people figure the rest out for themselves based on their own needs.

matt · May 5, 2020, 6:42pm

Excellent – yeah, examples are meant to be tuned by the user, not blindly copied+pasted. For example I don’t want to hard-code a PHP version thinking they have to always be using an old version of PHP.

I will post it as a wiki article unless someone beats me to it

nicolinux · May 5, 2020, 8:45pm

Is it a good idea to create similar posts for other CMS or systems in the Wiki ? One post per configuration ?

matt · May 5, 2020, 8:48pm

For examples, I think one wiki post per CMS is a good idea.

Unless they’re all the same basic configuration, then they should be combined IMO. Many PHP or reverse proxy backends, for example, will have the same config!

nicolinux · May 5, 2020, 8:50pm

Yes, and maybe only have the biggest players in town, plus the special cases.

I will add Yourls (from V2 : help to set up a Yourls instance) when I have the time, it’s a good example of a special case I think.

system · June 4, 2020, 8:51pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.