Caddyfile for Bookstack (Issue with rewrite or php_fastcgi)

mary.ctrl · August 4, 2024, 6:36pm

1. The problem I’m having:

I’m attempting to set up Bookstack, using Caddy as the webserver. I’m running everything on a Debian container hosted on Proxmox.
Bookstack works as expected, as I’ve installed Apache2 to check and deployed the example config from Bookstack (link below in chapter 5). They also provide an example NGINX config (link below in chapter 5).

I’ve based my Caddyfile, based on a post on this community (link below in chapter 5).

If I attempt to access Bookstack, the HTTPS connection is established and the response is HTTP 200 OK, but it’s empty (content-length: 0).

I suspect there’s an issue with either the rewrite or php_fastcgi directive. This is my first Caddy setup - so I’m not sure how to approach this.

I can access the plain HTTP (port 80) page without a problem, the default index.html is shown.

2. Error messages and/or full log output:

curl -vL https://sage.local.maryctrl.de

* Host sage.local.maryctrl.de:443 was resolved.
* IPv6: (none)
* IPv4: 192.168.178.204
*   Trying 192.168.178.204:443...
* Connected to sage.local.maryctrl.de (192.168.178.204) port 443
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server accepted http/1.1
* using HTTP/1.x
> GET / HTTP/1.1
> Host: sage.local.maryctrl.de
> User-Agent: curl/8.7.1
> Accept: */*
>
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
< HTTP/1.1 200 OK
< Alt-Svc: h3=":443"; ma=2592000
< Server: Caddy
< Date: Sun, 04 Aug 2024 18:25:35 GMT
< Content-Length: 0
<

I can’t see anything pop up under /var/log/caddy/bookstack.log, when I attempt the access.

3. Caddy version:

Caddy version: 2.6.2

4. How I installed and ran Caddy:

Installed from the Debian Bookworm repository: sudo apt install caddy

a. System environment:

Debian GNU/Linux 12 (bookworm), Kernel: #1 SMP PREEMPT_DYNAMIC PMX 6.5.11-8 (2024-01-30T12:27Z)

b. Command:

I run Caddy as the webserver, so I assume the systemd service is relevant

sudo service caddy start

c. Service/unit/compose file:

d. My complete Caddy config:

:80 {
        root * /usr/share/caddy
        file_server
}

https://sage.local.maryctrl.de {
        root    *       /var/www/BookStack/public
        encode  gzip
        tls     /etc/caddy/tls/fullchain.pem /etc/caddy/tls/privkey.pem
        log {
                output file /var/log/caddy/bookstack.log
        }

        # The commented blocks are alternatives I tried with the same result
        php_fastcgi / /var/run/php/php8.2-fpm.sock {
               root    /var/www/BookStack/public
               index   index.php
        }
        #php_fastcgi unix//run/php/php8.2-fpm.sock

        rewrite * index.php?{query}
        #try_files * /index.php?{query}
}

5. Links to relevant resources:

Apache Example Config for Bookstack: devops/config/apache/bookstack.conf at main - bookstack/devops - Codeberg.org
NGINX Example Config for Bookstack: devops/config/nginx/ubuntu-1604-install-config at main - bookstack/devops - Codeberg.org
Community post I based my config on: BookStack Setup

Whitestrake · August 5, 2024, 3:10am

Howdy @mary.ctrl, welcome to the Caddy community!

Version 2.6.2 is coming up on two years old, soon. Debian does not generally package up-to-date software unless they are convinced there is a security concern, so this version is missing a lot of improvements and bugfixes, and the maintainers additionally explicitly patch out some functionality for their version. I would strongly recommend installing Caddy from a more up-to-date repository: Install — Caddy Documentation

The latest release is v2.8.4, as of this comment.

I’ll address this first, since it’s a little more straightforward to explain. The reason for this is that you have an entirely separate site block for :80 and it only serves a file server out of /usr/share/caddy. You’ve specified https:// in your site address for sage.local.maryctrl.de, which tells Caddy not to serve this site at all on the default HTTP port - it’s HTTPS only. This means you should expect different behaviour between HTTP and HTTPS as you have configured Caddy separately for each.

The php_fastcgi (Caddyfile directive) — Caddy Documentation is an opinionated directive and comes with sane, common defaults out of the box. That includes assuming the same root as specified earlier, and assuming an index of index.php. It also has try_files and a rewrite built-in to handle finding those index files to refer to, such as in the case of single-page applications.

That means your root, index, try_files and rewrite (sub)directives are redundant. You need only the original root at the top of the site block and can simplify your directive to just php_fastcgi unix//run/php/php8.2-fpm.sock.

I suspect you will also need file_server (Caddyfile directive) — Caddy Documentation to tell Caddy to serve static files if those are requested, such as in the case of static assets or user-uploaded images etc.

Finally, I would recommend while you’re learning and configuring that you enable the debug option in your Global options (Caddyfile) — Caddy Documentation. That will ensure you get some information in your logs each time you try to load a site.

Something as simple as this might work out for you:

{
  debug
}

sage.local.maryctrl.de {
  root * /var/www/BookStack/public
  php_fastcgi unix//run/php/php8.2-fpm.sock
  file_server
}

The last thing I can think of that might be worth troubleshooting is ensuring that PHP-FPM is running and that it is listening at /run/php/php8.2-fpm.sock - if not, you’ll need to make sure you point Caddy at the right socket (or possibly port on localhost if PHP-FPM is configured that way instead).

francislavoie · August 8, 2024, 4:03am

I concur with everything @Whitestrake said, but also:

The problem is on this line. You have a / in there which means “match only requests to / exactly and nothing else”. Matching in Caddy is exact. Remove that slash and it will match all requests instead (i.e. *, which is the default).

Fun detail, since v2.8.0 you can omit the * here:

root /var/www/BookStack/public

But yeah, that simple Caddyfile is all you need.

Remember that the log directive (inside a site) only produces access logs, not Caddy’s runtime logs. You should be looking at your systemd service logs to see those. See Keep Caddy Running — Caddy Documentation

mary.ctrl · August 8, 2024, 3:28pm

Thank you two for your elaborate answer! I’ve upgraded my Caddy version and also replicated the working setup on a second (Alpine Linux, caddy-2.7.6-r7) server and have it working as intended.

The recommended Caddyfile works as expected. I just had an additional issue with the permissions on the Bookstack files for the caddy user or rather the php-fpm user, but that doesn’t have anything to do with Caddy.

Thank you also very much for teaching me about logging and debugging - that will be a great help for the future.

Just for completeness sake, I’ll post my current Caddyfile here, if someone comes across this post, as I did with the previously mentioned one:

https://sage.local.maryctrl.de {
        root * /var/www/bookstack/public
        encode gzip zstd
        tls     /etc/caddy/tls/fullchain.pem /etc/caddy/tls/privkey.pem
        log {
                output file /var/log/caddy/bookstack.log
        }
        php_fastcgi unix//var/run/php83-fpm.sock
        file_server
}

system · September 7, 2024, 3:29pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.