Caddyfile environment variables not working

radokristof · September 15, 2023, 12:44pm

1. The problem I’m having:

I can’t use environment variables as documented here:

2. Error messages and/or full log output:

If I use it with validation eg. $MY_VAR, caddy will not start as it can’t evaluate the variable.

using {env.MY_VAR} also not working correctly, caddy starts but env variable is not substituted.

$CF_TOKEN:

Unit caddy.service failed to start

{env.CF_TOKEN}:

Certs are simply not updating as cloudflare returns several error messages, mainly "invalid request header"

3. Caddy version:

4. How I installed and ran Caddy:

apt install

a. System environment:

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.3 LTS"

c. Service/unit/compose file:

# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddy config:

{
        acme_dns cloudflare REDACTED_API
        servers {
                import /var/opt/caddy/cloudflare-proxies
        }
        email me@tld.org
        log default {
                output file /var/log/caddy/runtime.log {
                        roll_size 500mb
                        roll_keep 3
                        roll_keep_for 720h
                }
                format json
                level INFO
                exclude http.log.access
        }
        log access {
                output file /var/log/caddy/access.log {
                        roll_size 1gb
                        roll_keep 5
                        roll_keep_for 2160h
                }
                format json
                level DEBUG
                include http.log.access http.handlers.reverse_proxy
        }
}

:2019 {
        metrics
}

net.tld.org {
        reverse_proxy localhost:8000
}

port.marinero.hu {
        reverse_proxy localhost:9000 {
                transport http {
                        dial_timeout 60s
                        read_timeout 60m
                        write_timeout 120s
                        keepalive 10m
                }
        }
}

mail.tld.org {
        redir https://webmail.tld.org:2096
}

d.e.tld.org {
        reverse_proxy localhost:8885
}

my.tld.org {
        reverse_proxy localhost:8085
}

a.b.c.tld.org {
        reverse_proxy localhost:7777
}

*.sss.tld.org, sso.tld.org {
        tls {
                dns cloudflare {env.CF_TOKEN}
        }
        @users host users.tld.org
        handle @users {
            reverse_proxy localhost:5000
        }
        reverse_proxy localhost:8998
}

francislavoie · September 15, 2023, 5:55pm

See Keep Caddy Running — Caddy Documentation, it explains how to set environment variables via systemd config overrides.

radokristof · September 18, 2023, 7:44pm

Thank you, this worked!
However, this means if caddy is ran by systemd, you can’t simply set env variables for example through /etc/environment?

francislavoie · September 18, 2023, 8:08pm

See systemd - Env vars in /etc/environment not globally visible? - Unix & Linux Stack Exchange