Caddy v2.7.4 will not start

1. The problem I’m having:

I installed Caddy2 on a VPS that has IPv6 disabled and Caddy will not start. Judging from the error, it looks like Caddy admin is trying to bind to [::1]. How can I totally disable IPv6 support in Caddy? I never encountered this issue with previous version such as v2.6.2 and I use the same exact Caddyfile. Below is how I disable IPv6 on the VPS:

# grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) net.ifnames=0 ipv6.disable=1"
# reboot

2. Error messages and/or full log output:

[root@tx ~]# caddy start
Error: loading initial config: loading new config: starting caddy administration endpoint: listen tcp [::1]:2019: socket: address family not supported by protocol
Error: caddy process exited with error: exit status 1
[root@tx ~]# caddy stop
2023/08/31 03:27:28.450 WARN    failed using API to stop instance       {"error": "performing request: Post \"http://localhost:2019/stop\": dial tcp [::1]:2019: socket: address family not supported by protocol"}
Error: performing request: Post "http://localhost:2019/stop": dial tcp [::1]:2019: socket: address family not supported by protocol

If I re-enable IPv6 support on the VPS, Caddy starts:

[root@tx ~]# caddy start
2023/08/31 11:19:11.071 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//[::1]:2019", "//127.0.0.1:2019", "//localhost:2019"]}
2023/08/31 11:19:11.071 INFO    serving initial configuration
Successfully started Caddy (pid=1496) - Caddy is running in the background

3. Caddy version:

v2.7.4

4. How I installed and ran Caddy:

It was installed with a third-party script: https://github.com/loyess/Shell/blob/master/ss-plugins.sh
Caddy is started in the background as a service.

a. System environment:

AlmaLinux 8.8

b. Command:

Caddy start

c. Service/unit/compose file:

d. My complete Caddy config:

tx.example.com:443 {
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        -Server
    }
    encode gzip
    log {
        output file /var/log/caddy-access.log
        format json
    }
    tls /root/.acme.sh/tx.example.com_ecc/fullchain.cer /root/.acme.sh/tx.example.com_ecc/tx.example.com.key {
        protocols tls1.3
    }
    reverse_proxy /fOZ46 localhost:15140
    #reverse_proxy https://www.bing.com {
    reverse_proxy 127.0.0.1:81 {
        #header_up Host {http.reverse_proxy.upstream.hostport}
        #header_up X-Real-IP {http.request.remote}
        #header_up X-Forwarded-For {http.request.remote}
        #header_up X-Forwarded-Port {http.request.port}
        #header_up X-Forwarded-Proto {http.request.scheme}
    }
}

5. Links to relevant resources:

Your system is resolving localhost to ::1. You probably need to configure something else in your system resolver to make it resolve to 127.0.0.1 instead.

But tbh I don’t see the point of turning off IPv6, that probably causes more problems than it solves. It breaks anything that wants to use IPv6 for local networking even if there’s no IPv6 from the outside world.

1 Like

Thanks!

I have 7 servers which are identical with the exception of the version of Caddy. They all have the same HOSTS file and they all have the following:

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

Only the latest server build has this problem. It has Caddy v2.7.4 whereas the others have v2.6.2. Was something changed in Caddy that would make this an issue? Just trying to figure out why only 1 of 7 servers has this problem. Simply commenting out that line in the HOSTS file and rebooting does NOT fix the issue.

I disabled IPv6 because I use an installation script that won’t run to completion if IPv6 is enabled. I did not write the script and I wouldn’t know what to edit.

The Go version is the only thing I can think of, since Caddy uses Go’s standard lib for resolving network addresses.

Is IPv6 disabled on all the machines?

Is IPv6 disabled on all the machines?
Yes

You can use the bind directive to bind to 127.0.0.1 only.

So, to make sure I understand, only that one machine has Caddy 2.74, the rest are using older versions?

I’ve tried adding bind 127.0.0.1 but it made no difference. I tried adding it in each of the following locations:

{
bind 127.0.0.1
}
tx.example.com:443 {
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
tx.example.com:443 {
    bind 127.0.0.1
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains"

Actually, the bind directive is for hosts. For the admin interface, you need to use the admin glabal option. It isn’t clear why would the OS/Go runtime try listening on [::1] when we’re only requesting localhost. How are you disabling IPv6? Do you have CADDY_ADMIN environment variable set?

1 Like

localhost resolves to 127.0.0.1 and ::1.