1. The problem I’m having:
I can’t use environment variables as documented here:
2. Error messages and/or full log output:
If I use it with validation eg. $MY_VAR, caddy will not start as it can’t evaluate the variable.
using {env.MY_VAR}
also not working correctly, caddy starts but env variable is not substituted.
$CF_TOKEN:
Unit caddy.service failed to start
{env.CF_TOKEN}:
Certs are simply not updating as cloudflare returns several error messages, mainly "invalid request header"
3. Caddy version:
4. How I installed and ran Caddy:
apt install
a. System environment:
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.3 LTS"
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
{
acme_dns cloudflare REDACTED_API
servers {
import /var/opt/caddy/cloudflare-proxies
}
email me@tld.org
log default {
output file /var/log/caddy/runtime.log {
roll_size 500mb
roll_keep 3
roll_keep_for 720h
}
format json
level INFO
exclude http.log.access
}
log access {
output file /var/log/caddy/access.log {
roll_size 1gb
roll_keep 5
roll_keep_for 2160h
}
format json
level DEBUG
include http.log.access http.handlers.reverse_proxy
}
}
:2019 {
metrics
}
net.tld.org {
reverse_proxy localhost:8000
}
port.marinero.hu {
reverse_proxy localhost:9000 {
transport http {
dial_timeout 60s
read_timeout 60m
write_timeout 120s
keepalive 10m
}
}
}
mail.tld.org {
redir https://webmail.tld.org:2096
}
d.e.tld.org {
reverse_proxy localhost:8885
}
my.tld.org {
reverse_proxy localhost:8085
}
a.b.c.tld.org {
reverse_proxy localhost:7777
}
*.sss.tld.org, sso.tld.org {
tls {
dns cloudflare {env.CF_TOKEN}
}
@users host users.tld.org
handle @users {
reverse_proxy localhost:5000
}
reverse_proxy localhost:8998
}