1. Caddy version (caddy version
):
2.3.0-1.fc34
2. How I run Caddy:
Caddy runs on ports 80/443 on a hetzner dedicated server.
It’s intended to proxy most traffic back to another local application, and to serve a directory of static files.
a. System environment:
$ grep PRETTY_NAME /etc/os-release
PRETTY_NAME="Fedora 34 (Thirty Four)"
$ uname --kernel-name --kernel-release
Linux 5.12.8-300.fc34.x86_64
b. Command:
$ dnf -y install caddy
$ systemctl restart caddy
c. Service/unit/compose file:
cat /usr/lib/systemd/system/caddy.service | grep -v ^$ | grep -v ^#
[Unit]
Description=Caddy web server
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectHome=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
downloads.ddd.co.za:443 {
log {
output file /var/log/caddy/downloads.ddd.co.za.log
level DEBUG
}
root * /home/downloads/data
handle /completed/* {
file_server browse
}
handle {
reverse_proxy localhost:9999
}
}
3. The problem I’m having:
I want caddy to pass every request that doesn’t match /completed/*
to a local app running on port 9999. This works.
I also want caddy to serve up a directory of static files for requests matching /completed/FILENAME
. I can’t get this to work. I receive a 403 when I curl things, and in the browser.
I have verified that caddy can access the files by running commands like:
sudo -u caddy cat /home/downloads/data/completed/hello.txt
How can I view any errors for mismatched paths or file permissions etc?
The JSON logs only show the 403 errors, but not what caused the actual error.
"common_log": "133.122.212.24 - downloads [08/Jun/2021:22:31:05 +1200] \"GET /completed/hello.txt HTTP/2.0\" 403 0",
4. Error messages and/or full log output:
5. What I already tried:
I’ve tried changing the root
declaration paths, plus set up files in parent and subdirectories in case I had mis-alligned the root with the paths in the requests.
Is there a way to get caddy to be more informative about why it’s decided to serve a 403? I tried a log level of TRACE just in case, but that doesn’t exits.
I’ve also tried http2 vs http1.1.