1. Output of caddy version
:
caddy-2.5.2-r4
2. How I run Caddy:
I am running caddy with the included config inside of alpine 3.16.2:
/etc/init.d/caddy
#!/sbin/openrc-run
supervisor=supervise-daemon
name="Caddy web server"
description="Fast, multi-platform web server with automatic HTTPS"
description_checkconfig="Check configuration"
description_reload="Reload configuration without downtime"
: ${caddy_opts:="--config /etc/caddy/Caddyfile --adapter caddyfile"}
command=/usr/sbin/caddy
command_args="run $caddy_opts"
command_user=caddy:caddy
extra_commands="checkconfig"
extra_started_commands="reload"
depend() {
need net localmount
after firewall
}
checkconfig() {
ebegin "Checking configuration for $name"
su ${command_user%:*} -s /bin/sh -c "$command validate $caddy_opts"
eend $?
}
reload() {
ebegin "Reloading $name"
su ${command_user%:*} -s /bin/sh -c "$command reload $caddy_opts"
eend $?
}
stop_pre() {
if [ "$RC_CMD" = restart ]; then
checkconfig || return $?
fi
}
a. System environment:
Linux web01 5.15.74-0-virt #1-Alpine SMP Sat, 15 Oct 2022 18:26:49 +0000 x86_64 Linux
Alpine virtual image running under qemu.
b. Command:
service caddy start
c. Service/unit/compose file:
#!/sbin/openrc-run
supervisor=supervise-daemon
name="Caddy web server"
description="Fast, multi-platform web server with automatic HTTPS"
description_checkconfig="Check configuration"
description_reload="Reload configuration without downtime"
: ${caddy_opts:="--config /etc/caddy/Caddyfile --adapter caddyfile"}
command=/usr/sbin/caddy
command_args="run $caddy_opts"
command_user=caddy:caddy
extra_commands="checkconfig"
extra_started_commands="reload"
depend() {
need net localmount
after firewall
}
checkconfig() {
ebegin "Checking configuration for $name"
su ${command_user%:*} -s /bin/sh -c "$command validate $caddy_opts"
eend $?
}
reload() {
ebegin "Reloading $name"
su ${command_user%:*} -s /bin/sh -c "$command reload $caddy_opts"
eend $?
}
stop_pre() {
if [ "$RC_CMD" = restart ]; then
checkconfig || return $?
fi
}
d. My complete Caddy config:
Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane. →
Paste yoapps.gocloud.sh {
root * /www
file_server {
precompressed zstd br gzip
}
tls thomas@munn.me
log {
output file /home/caddy/logs/apps.log {
roll_keep 7
roll_keep_for 14d
}
}
encode {
gzip 9
zstd
}
}
recipe.munn.me {
root * /recipe
file_server {
precompressed zstd br gzip
}
tls thomas@munn.me
log {
output file /home/caddy/logs/recipes.log {
roll_keep 7
roll_keep_for 14d
}
}
encode {
zstd
}
}
grav.munn.me {
root * /grav
file_server
php_fastcgi 127.0.0.1:9000
tls thomas@munn.me
log {
output file /home/caddy/logs/grav.log {
roll keep 7
roll_keep_for 14d
}
}
encode {
zstd
gzip
}
rewrite /(\.git|cache|bin|logs|backups|tests)/.* /403
rewrite /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ /403
rewrite /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ /403
rewrite /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) /403
respond /403 403
}
abbr.munn.me {
root * /polr/public
file_server
php_fastcgi 127.0.0.1:9000
tls thomas@munn.me
log {
output file /home/caddy/logs/polr.log {
roll keep 7
roll_keep_for 14d
}
}
encode {
zstd
gzip
}
rewrite /(\.git|cache|bin|logs|backups|tests)/.* /403
rewrite /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ /403
rewrite /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ /403
rewrite /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) /403
respond /403 403
try_files {path} {path}/ /index.php?_url={uri}&{query}
}
calendar.munn.me {
log {
output file /home/caddy/logs/calendar.log {
roll keep 7
roll_keep_for 14d
}
level debug
}
redir /radicale /radicale/
handle /radicale/* {
uri strip_prefix /radicale
}
reverse_proxy localhost:5232 {
header_up X-Script-Name /radicale
}
}
3. The problem I’m having:
Mainly the rewrite blocks on grav.munn.me don’t seem to be working. I was wondering if someone could help as to why they aren’t working. Everything is ‘working’, just the rewrites aren’t properly blocking the items I thought they would.
4. Error messages and/or full log output:
{"level":"info","ts":1666649360.2506092,"logger":"http.log.access.log2","msg":"handled request","request":{"remote_ip":"68.93.137.145","remote_port":"64583","proto":"HTTP/2.0","method":"GET","host":"grav.munn.me","uri":"/user/grav.munn.me/config/system.yaml","
5. What I already tried:
Mainly what you see in my config file. Its supposed to provide 403’s for any of the .yaml whatnot, but for some reason doesn’t stop them from being sent.