Convert Wordpress from Apache2 on Ubuntu to Caddy 2

jby · June 15, 2020, 3:51pm

1. Caddy version (`caddy version`):

v2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8

2. How I run Caddy:

I have no idea what you want here…

a. System environment:

Ubuntu 18.04, php 7.4, systemd

b. Command:

systemctl start caddy

d. My complete Caddyfile or JSON config:

bygden.nu {
        root * /var/www/bygden
        php_fastcgi unix//run/php/php-fpm.sock
        file_server
        log {
                output file /var/log/caddy/access.log
                format console
        }

}

3. The problem I’m having:

No access using a browser, curl from localhost seems to work.

4. Error messages and/or full log output:

1.5922239638151884e+09  info    http.log.access.log0    handled request {"request": {"method": "GET", "uri": "/", "proto": "HTTP/2.0", "remote_addr": "97.107.138.194:50252", "host": "bygden.nu", "headers": {"User-Agent": ["curl/7.58.0"], "Accept": ["*/*"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "bygden.nu"}}, "common_log": "97.107.138.194 - - [15/Jun/2020:14:26:03 +0200] \"GET / HTTP/2.0\" 200 928", "duration": 0.004043242, "size": 928, "status": 200, "resp_headers": {"Content-Type": ["text/html; charset=utf-8"], "Last-Modified": ["Wed, 14 May 2008 16:40:20 GMT"], "Accept-Ranges": ["bytes"], "Content-Length": ["928"], "Server": ["Caddy"], "Etag": ["\"k0vab8ps\""]}}
1.5922267630633144e+09  info    http.log.access.log0    handled request {"request": {"method": "GET", "uri": "/", "proto": "HTTP/2.0", "remote_addr": "97.107.138.194:50258", "host": "bygden.nu", "headers": {"User-Agent": ["curl/7.58.0"], "Accept": ["*/*"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "bygden.nu"}}, "common_log": "97.107.138.194 - - [15/Jun/2020:15:12:43 +0200] \"GET / HTTP/2.0\" 200 928", "duration": 0.002984453, "size": 928, "status": 200, "resp_headers": {"Etag": ["\"k0vab8ps\""], "Content-Type": ["text/html; charset=utf-8"], "Last-Modified": ["Wed, 14 May 2008 16:40:20 GMT"], "Accept-Ranges": ["bytes"], "Content-Length": ["928"], "Server": ["Caddy"]}}
1.5922267683486433e+09  error   http.log.access.log0    handled request {"request": {"method": "GET", "uri": "/jonas", "proto": "HTTP/2.0", "remote_addr": "97.107.138.194:50260", "host": "bygden.nu", "headers": {"User-Agent": ["curl/7.58.0"], "Accept": ["*/*"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "bygden.nu"}}, "common_log": "97.107.138.194 - - [15/Jun/2020:15:12:48 +0200] \"GET /jonas HTTP/2.0\" 404 0", "duration": 0.000116586, "size": 0, "status": 404, "resp_headers": {"Server": ["Caddy"]}}
1.5922268402185006e+09  error   http.log.access.log0    handled request {"request": {"method": "GET", "uri": "/jonas", "proto": "HTTP/2.0", "remote_addr": "97.107.138.194:50262", "host": "bygden.nu", "headers": {"Accept": ["*/*"], "User-Agent": ["curl/7.58.0"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "bygden.nu"}}, "common_log": "97.107.138.194 - - [15/Jun/2020:15:14:00 +0200] \"GET /jonas HTTP/2.0\" 404 0", "duration": 0.000129649, "size": 0, "status": 404, "resp_headers": {"Server": ["Caddy"]}}
1.5922269810509067e+09  error   http.log.access.log0    handled request {"request": {"method": "GET", "uri": "/tmp", "proto": "HTTP/2.0", "remote_addr": "97.107.138.194:50264", "host": "bygden.nu", "headers": {"User-Agent": ["curl/7.58.0"], "Accept": ["*/*"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "bygden.nu"}}, "common_log": "97.107.138.194 - - [15/Jun/2020:15:16:21 +0200] \"GET /tmp HTTP/2.0\" 404 0", "duration": 0.000132931, "size": 0, "status": 404, "resp_headers": {"Server": ["Caddy"]}}
1.5922279013603883e+09  info    http.log.access.log0    handled request {"request": {"method": "GET", "uri": "/", "proto": "HTTP/2.0", "remote_addr": "97.107.138.194:50272", "host": "bygden.nu", "headers": {"User-Agent": ["curl/7.58.0"], "Accept": ["*/*"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "bygden.nu"}}, "common_log": "97.107.138.194 - - [15/Jun/2020:15:31:41 +0200] \"GET / HTTP/2.0\" 200 928", "duration": 0.002761779, "size": 928, "status": 200, "resp_headers": {"Server": ["Caddy"], "Etag": ["\"k0vab8ps\""], "Content-Type": ["text/html; charset=utf-8"], "Last-Modified": ["Wed, 14 May 2008 16:40:20 GMT"], "Accept-Ranges": ["bytes"], "Content-Length": ["928"]}}
1.592234750711041e+09   error   http.log.access.log0    handled request {"request": {"method": "GET", "uri": "/", "proto": "HTTP/2.0", "remote_addr": "97.107.138.194:50312", "host": "bygden.nu", "headers": {"User-Agent": ["curl/7.58.0"], "Accept": ["*/*"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "bygden.nu"}}, "common_log": "97.107.138.194 - - [15/Jun/2020:17:25:50 +0200] \"GET / HTTP/2.0\" 502 0", "duration": 0.000250912, "size": 0, "status": 502, "resp_headers": {"Server": ["Caddy"]}}
1.5922347840341158e+09  error   http.log.access.log0    handled request {"request": {"method": "GET", "uri": "/", "proto": "HTTP/2.0", "remote_addr": "97.107.138.194:50316", "host": "bygden.nu", "headers": {"User-Agent": ["curl/7.58.0"], "Accept": ["*/*"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "bygden.nu"}}, "common_log": "97.107.138.194 - - [15/Jun/2020:17:26:24 +0200] \"GET / HTTP/2.0\" 502 0", "duration": 0.000363771, "size": 0, "status": 502, "resp_headers": {"Server": ["Caddy"]}}

5. What I already tried:

I’ve tried different browsers, looking at logfiles - usual linux troubleshooting, but the log doesn’t even look like my requests are getting there…
I tried reverting to my old Apache-config and it still works, so no network issue.
BTW - I’m NOT running both servers at the same time…
tcpdump shows incoming traffic both for http and https, but nothing in the logs…

6. Links to relevant resources:

francislavoie · June 15, 2020, 3:57pm

Are you actually running php-fpm?

jby · June 15, 2020, 3:58pm

Yes php-fpm7.4 is running

jby · June 15, 2020, 3:59pm

Oh, and my test-page is html only, not even that is shown…

francislavoie · June 15, 2020, 4:00pm

Is the socket file actually at /run/php/php-fpm.sock?

What are the socket file’s ownership and permissions? The caddy user needs access to it.

jby · June 15, 2020, 4:03pm

 # id caddy
uid=999(caddy) gid=999(caddy) groups=999(caddy),33(www-data)
 # ls -l /run/php/
total 4
-rw-r--r-- 1 root     root      5 Jun 15 14:16 php7.4-fpm.pid
srw-rw---- 1 www-data www-data  0 Jun 15 14:16 php7.4-fpm.sock=
lrwxrwxrwx 1 root     root     30 Jun 15 14:16 php-fpm.sock -> /etc/alternatives/php-fpm.sock=
 # ls -l /etc/alternatives/php-fpm.sock
lrwxrwxrwx 1 root root 24 Jun 15 14:16 /etc/alternatives/php-fpm.sock -> /run/php/php7.4-fpm.sock=

francislavoie · June 15, 2020, 4:07pm

Hmm, that does look fine…

Maybe try unix//run/php/php7.4-fpm.sock instead?

You can also add the following to the top of your Caddyfile to see a bit more information in the logs:

{
	debug
}

jby · June 15, 2020, 4:12pm

Ok, I’ll try that in a while, have to walk my dogs now…

jby · June 15, 2020, 6:32pm

I’ve tried this now, no change in response in a regular browser, but curl now returns my html and I get this line in the log:

ts=1592245818.408366 level=info msg="handled request" requestError="unsupported value type" common_log="97.107.138.194 - - [15/Jun/2020:20:30:18 +0200] \"GET / HTTP/2.0\" 200 928" duration=0.003386689 size=928 status=200 resp_headersError="unsupported value type"

Not much of a debug message, but sure it’s more than before…

francislavoie · June 15, 2020, 6:45pm

I’m confused. Where are we at now? Is it working?

Check the stdout logs for the debug output, you can find it with journalctl -u caddy if you’re running it as a service.

jby · June 15, 2020, 6:48pm

Does caddy only listen on ipv6 by default?

This is the output of lsof -p {pid of caddy, 3102 in this case}:

COMMAND  PID  USER   FD      TYPE             DEVICE SIZE/OFF   NODE NAME
caddy   3102 caddy  cwd       DIR                8,0     4096      2 /
caddy   3102 caddy  rtd       DIR                8,0     4096      2 /
caddy   3102 caddy  txt       REG                8,0 34111488    715 /usr/bin/caddy
caddy   3102 caddy    0r      CHR                1,3      0t0   2052 /dev/null
caddy   3102 caddy    1u     unix 0xffff913618495000      0t0 314266 type=STREAM
caddy   3102 caddy    2u     unix 0xffff913618495000      0t0 314266 type=STREAM
caddy   3102 caddy    3u     IPv4             315811      0t0    TCP localhost:2019 (LISTEN)
caddy   3102 caddy    4u  a_inode               0,14        0  19603 [eventpoll]
caddy   3102 caddy    5r     FIFO               0,13      0t0 314269 pipe
caddy   3102 caddy    6w     FIFO               0,13      0t0 314269 pipe
caddy   3102 caddy    7u     IPv6             315816      0t0    TCP *:https (LISTEN)
caddy   3102 caddy    8u     IPv6             315817      0t0    TCP *:http (LISTEN)
caddy   3102 caddy   10w      REG                8,0     5861  32963 /var/log/caddy/access.log

No, it does not work. It seems to work using curl on the localhost (asking for the domainname, since it doesn’t listen on the localhost interface.

jby · June 15, 2020, 6:50pm

A browser request from home (server is a linode) gives nothing in journalctl -fu caddy with debug enabled, but I do see the request with tcpdump…

jby · June 15, 2020, 6:58pm

And here’s the output of netstat -tulpan | grep LISTEN | grep caddy

tcp        0      0 127.0.0.1:2019          0.0.0.0:*               LISTEN      3102/caddy
tcp6       0      0 :::80                   :::*                    LISTEN      3102/caddy
tcp6       0      0 :::443                  :::*                    LISTEN      3102/caddy

So, how do I make it listen to ipv4 requests?

jby · June 15, 2020, 7:05pm

Ok, adding:

bind bygden.nu

made it only listen to ipv4, but I still don’t get any response in my browser…
Neither Chrome nor Safari…

jby · June 15, 2020, 8:43pm

I don’t really see why a bind directive should be needed with the exact same information as in the server name…

matt · June 15, 2020, 9:06pm

Not sure – there’s probably something weird about your system’s dual stack config; it doesn’t seem to be properly configured for IPv4 + IPv6.

jby · June 16, 2020, 3:58pm

Well, I’ve gotten it to listen on the ipv4 interface now (almost 24 hours ago now, but I haven’t been allowed to post until now), but I still don’t get any response from any browser. I don’t even see the request from the browser with debug enabled…

I’ve changed my Caddyfile to this, for test:

{
    debug
}
bygden.nu {
	bind bygden.nu
	respond "Hello, privacy!"
	log {
		output file /var/log/caddy/access.log
		format logfmt
	}
}

But still only response from curl locally and nothing from a remote browser... :(

jby · June 17, 2020, 8:20pm

So, where do I go from here? Re-activate Apache (which I’ve done anyway now)?

jby · June 17, 2020, 9:27pm

I’ve found the problem it was UFW…

I needed to issue these commands:

sudo ufw allow 80
sudo ufw allow 443

jby · June 17, 2020, 9:43pm

But - I was running multiple wordpress instances, with different domains (FQDNs) before, which just works with ServerName in Apache 2.
As I added my second domain to my Caddyfile and restarted it complains when coming to the definition of the second domain:

run: loading initial config: loading new config: http app module: start: tcp: listening on erikersara.nu:443: listen tcp 97.107.138.194:443: bind: address already in use