Caddy v2.7.4 will not start

jeffshead · August 31, 2023, 2:50am

1. The problem I’m having:

I installed Caddy2 on a VPS that has IPv6 disabled and Caddy will not start. Judging from the error, it looks like Caddy admin is trying to bind to [::1]. How can I totally disable IPv6 support in Caddy? I never encountered this issue with previous version such as v2.6.2 and I use the same exact Caddyfile. Below is how I disable IPv6 on the VPS:

# grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) net.ifnames=0 ipv6.disable=1"
# reboot

2. Error messages and/or full log output:

[root@tx ~]# caddy start
Error: loading initial config: loading new config: starting caddy administration endpoint: listen tcp [::1]:2019: socket: address family not supported by protocol
Error: caddy process exited with error: exit status 1

[root@tx ~]# caddy stop
2023/08/31 03:27:28.450 WARN    failed using API to stop instance       {"error": "performing request: Post \"http://localhost:2019/stop\": dial tcp [::1]:2019: socket: address family not supported by protocol"}
Error: performing request: Post "http://localhost:2019/stop": dial tcp [::1]:2019: socket: address family not supported by protocol

If I re-enable IPv6 support on the VPS, Caddy starts:

[root@tx ~]# caddy start
2023/08/31 11:19:11.071 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//[::1]:2019", "//127.0.0.1:2019", "//localhost:2019"]}
2023/08/31 11:19:11.071 INFO    serving initial configuration
Successfully started Caddy (pid=1496) - Caddy is running in the background

3. Caddy version:

v2.7.4

4. How I installed and ran Caddy:

It was installed with a third-party script: https://github.com/loyess/Shell/blob/master/ss-plugins.sh
Caddy is started in the background as a service.

a. System environment:

AlmaLinux 8.8

b. Command:

Caddy start

c. Service/unit/compose file:

d. My complete Caddy config:

tx.example.com:443 {
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        -Server
    }
    encode gzip
    log {
        output file /var/log/caddy-access.log
        format json
    }
    tls /root/.acme.sh/tx.example.com_ecc/fullchain.cer /root/.acme.sh/tx.example.com_ecc/tx.example.com.key {
        protocols tls1.3
    }
    reverse_proxy /fOZ46 localhost:15140
    #reverse_proxy https://www.bing.com {
    reverse_proxy 127.0.0.1:81 {
        #header_up Host {http.reverse_proxy.upstream.hostport}
        #header_up X-Real-IP {http.request.remote}
        #header_up X-Forwarded-For {http.request.remote}
        #header_up X-Forwarded-Port {http.request.port}
        #header_up X-Forwarded-Proto {http.request.scheme}
    }
}

5. Links to relevant resources:

francislavoie · August 31, 2023, 6:58pm

Your system is resolving localhost to ::1. You probably need to configure something else in your system resolver to make it resolve to 127.0.0.1 instead.

But tbh I don’t see the point of turning off IPv6, that probably causes more problems than it solves. It breaks anything that wants to use IPv6 for local networking even if there’s no IPv6 from the outside world.

jeffshead · August 31, 2023, 11:16pm

Thanks!

I have 7 servers which are identical with the exception of the version of Caddy. They all have the same HOSTS file and they all have the following:

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

Only the latest server build has this problem. It has Caddy v2.7.4 whereas the others have v2.6.2. Was something changed in Caddy that would make this an issue? Just trying to figure out why only 1 of 7 servers has this problem. Simply commenting out that line in the HOSTS file and rebooting does NOT fix the issue.

I disabled IPv6 because I use an installation script that won’t run to completion if IPv6 is enabled. I did not write the script and I wouldn’t know what to edit.

matt · September 1, 2023, 4:40pm

The Go version is the only thing I can think of, since Caddy uses Go’s standard lib for resolving network addresses.

Is IPv6 disabled on all the machines?

jeffshead · September 3, 2023, 3:07pm

Is IPv6 disabled on all the machines?
Yes

matt · September 5, 2023, 5:15am

You can use the bind directive to bind to 127.0.0.1 only.

So, to make sure I understand, only that one machine has Caddy 2.74, the rest are using older versions?

jeffshead · September 5, 2023, 10:07am

I’ve tried adding bind 127.0.0.1 but it made no difference. I tried adding it in each of the following locations:

{
bind 127.0.0.1
}
tx.example.com:443 {
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"

tx.example.com:443 {
    bind 127.0.0.1
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"

Mohammed90 · September 5, 2023, 10:46am

Actually, the bind directive is for hosts. For the admin interface, you need to use the admin glabal option. It isn’t clear why would the OS/Go runtime try listening on [::1] when we’re only requesting localhost. How are you disabling IPv6? Do you have CADDY_ADMIN environment variable set?

BitPirate · September 7, 2023, 5:49am

localhost resolves to 127.0.0.1 and ::1.