1. Caddy version (caddy version
):
v2.4.6
2. How I run Caddy:
a. System environment:
Ubuntu 18.04.2 LTS
b. Command:
sudo systemctl start caddy
c. Service/unit/compose file:
I am using the default caddy.service
# caddy.service
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
{
on_demand_tls {
ask https://xyzabc.herokuapp.com/api/domains
}
}
:443 {
encode gzip
tls xyz@abc.com {
on_demand
}
root * /var/www/xyzabc/dist
file_server
header {
Permissions-Policy interest-cohort=()
Strict-Transport-Security max-age=31536000;
X-XSS-Protection 1; mode=block
X-Content-Type-Options nosniff
X-Frame-Options DENY
Referrer-Policy no-referrer-when-downgrade
}
header /js/ Cache-Control "public, max-age=31536000"
header /css/ Cache-Control "public, max-age=31536000"
header /img/ Cache-Control "public, max-age=31536000"
# rewrite {
# regexp .*
# to {path} /
# }
# rewrite .* {path}/
}
3. The problem I’m having:
I was recently alerted about Renewing before TLS-ALPN-01 Revocations which affected a site / server of mine so I finally had an excuse to upgrade my old v0.11.4
Caddy install to v2 to fix the cert issue. The upgrade was smooth… for the most part.
For some reason the new certificates are not being written to $HOME/.local/share/caddy
as expected. $HOME is /root
.
Instead they are being written to /var/lib/caddy/.local/share/caddy
What can I do to move the /var/lib/caddy/
to the place it’s supposed to be without breaking things? What will setting the environment variable XDG_DATA_HOME
do? Because it isn’t set currently but for some reason the data directory isn’t where it’s supposed to be.
As a total aside, I have an old rewrite block commented out in the CaddyFile and can’t figure out what it was doing there in the first place. If anyone knows how I’d write that in the new syntax that would be awesome!
4. Error messages and/or full log output:
Here is the output when running caddy environ
caddy.HomeDir=/root
caddy.AppDataDir=/root/.local/share/caddy
caddy.AppConfigDir=/root/.config/caddy
caddy.ConfigAutosavePath=/root/.config/caddy/autosave.json
caddy.Version=v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=
runtime.GOOS=linux
runtime.GOARCH=amd64
runtime.Compiler=gc
runtime.NumCPU=2
runtime.GOMAXPROCS=2
runtime.Version=go1.17.2
os.Getwd=/root
NVM_DIR=/root/.nvm
LESSCLOSE=/usr/bin/lesspipe %s %s
LANG=C.UTF-8
NVM_CD_FLAGS=
XDG_SESSION_ID=18023
USER=root
PWD=/root
HOME=/root
LC_TERMINAL=iTerm2
SSH_CLIENT=100.34.27.60 59417 22
LC_TERMINAL_VERSION=3.4.12
XDG_DATA_DIRS=/usr/local/share:/usr/share:/var/lib/snapd/desktop
SSH_TTY=/dev/pts/1
MAIL=/var/mail/root
TERM=xterm-256color
SHELL=/bin/bash
NVM_BIN=/root/.nvm/versions/node/v10.15.3/bin
SHLVL=1
LOGNAME=root
XDG_RUNTIME_DIR=/run/user/0
PATH=/root/.nvm/versions/node/v10.15.3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
LESSOPEN=| /usr/bin/lesspipe %s
_=/usr/bin/caddy
5. What I already tried:
Technically things are working… on_demand
+ ask
is creating certificates, just not in the place I expected. Any help would be much appreciated!