1. The problem I’m having:
I’m running Ubuntu 22.04 Jammy Jellyfish. I am able to serve php content with Caddy installed natively to the bare metahost (no docker, caddy is installed at /usr/local/bin/caddy ) along with php8.1 installed (installed as a system package, no docker involved )
I am able to serve php content from this bare metal host if I use caddy in a docker container, plus php in a docker container ( php_fastcgi localhost:9000 … file_server… all that normal stuff)
I am unable to serve php content using caddy on the bare metal host ( no docker ) + a php fastcgi container.
my docker-compose for the php-fpm container:
version: "3.3"
services:
php:
image: php:8.3.0-fpm-alpine
volumes:
- /srv/sites/http-lan:/var/www/html
ports:
- 9000:9000
the fpm container is reachable from localhost:
$ curl http://localhost:9000
curl: (52) Empty reply from server
there are html and php files to read in the file system mounted in the container:
$ ls /srv/sites/http-lan/
index.html test.php
$ cat /srv/sites/http-lan/index.html
http-lan
$ cat /srv/sites/http-lan/test.php
<!DOCTYPE html>
<html> <head> <title>PHP Test</title> </head> <body>
<?php echo '<p>hello from php script for http-lan </p>'; ?>
</body> </html>
the files are readable from inside the php-fpm container:
$ docker-compose exec php /bin/sh
/var/www/html # cat index.html
http-lan
/var/www/html # cat test.php
<!DOCTYPE html>
<html> <head> <title>PHP Test</title> </head> <body>
<?php echo '<p>hello from php script for http-lan </p>'; ?>
</body> </html>
serving non php content works:
$ curl https://http-lan.kvas.tech
http-lan
serving php content fails:
$ curl https://http-lan.kvas.tech/test.php
File not found.
These tests work if I use caddy in docker + php-fpm in docker.
These tests also work if I use caddy on bare metal + php-fpm installed on bare metal ( no docker involved at all )
2. Error messages and/or full log output:
log output from requesting https://http-lan.my-amazing-resume.com:
$ sudo journalctl -g 'http-lan' -a -u caddy -f
Dec 11 03:02:26 bell-tower caddy[1229560]: {"level":"debug","ts":1702263746.736275,"logger":"events","msg":"event","name":"tls_get_certificate","id":"3b98909c-208e-4b8c-af75-25d48200006d","origin":"tls","data":{"client_hello":{"CipherSuites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"ServerName":"http-lan.my-amazing-resume.com","SupportedCurves":[29,23,30,25,24,256,257,258,259,260],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,769,770,1026,1282,1538],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"RemoteAddr":{"IP":"192.168.42.250","Port":48442,"Zone":""},"LocalAddr":{"IP":"192.168.42.250","Port":443,"Zone":""}}}}
Dec 11 03:02:26 bell-tower caddy[1229560]: {"level":"debug","ts":1702263746.7363403,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"http-lan.my-amazing-resume.com"}
Dec 11 03:02:26 bell-tower caddy[1229560]: {"level":"debug","ts":1702263746.739637,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/srv/sites/http-lan","request_path":"/","result":"/srv/sites/http-lan"}
Dec 11 03:02:26 bell-tower caddy[1229560]: {"level":"debug","ts":1702263746.7396626,"logger":"http.handlers.file_server","msg":"located index file","filename":"/srv/sites/http-lan/index.html"}
Dec 11 03:02:26 bell-tower caddy[1229560]: {"level":"debug","ts":1702263746.7396734,"logger":"http.handlers.file_server","msg":"opening file","filename":"/srv/sites/http-lan/index.html"}
log output (showing failure) when requesting php script output with “curl https://http-lan.my-amazing-resume.com/test.php”
Dec 11 03:05:40 bell-tower caddy[1229560]: {"level":"debug","ts":1702263940.076308,"logger":"events","msg":"event","name":"tls_get_certificate","id":"0918bfd4-9f4a-4e71-b82d-c42664c9b009","origin":"tls","data":{"client_hello":{"CipherSuites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"ServerName":"http-lan.my-amazing-resume.com","SupportedCurves":[29,23,30,25,24,256,257,258,259,260],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,769,770,1026,1282,1538],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"RemoteAddr":{"IP":"192.168.42.250","Port":55414,"Zone":""},"LocalAddr":{"IP":"192.168.42.250","Port":443,"Zone":""}}}}
Dec 11 03:05:40 bell-tower caddy[1229560]: {"level":"debug","ts":1702263940.0763676,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"http-lan.my-amazing-resume.com"}
Dec 11 03:05:40 bell-tower caddy[1229560]: {"level":"debug","ts":1702263940.0793502,"logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_ip":"192.168.42.250","remote_port":"55414","client_ip":"192.168.42.250","proto":"HTTP/2.0","method":"GET","host":"http-lan.my-amazing-resume.com","uri":"/test.php","headers":{"User-Agent":["curl/7.81.0"],"Accept":["*/*"],"X-Forwarded-For":["192.168.42.250"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["http-lan.my-amazing-resume.com"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"http-lan.my-amazing-resume.com"}},"env":{"SCRIPT_NAME":"/test.php","QUERY_STRING":"","REMOTE_USER":"","SERVER_SOFTWARE":"Caddy/v2.7.6","SSL_CIPHER":"TLS_AES_128_GCM_SHA256","GATEWAY_INTERFACE":"CGI/1.1","SERVER_NAME":"http-lan.my-amazing-resume.com","REQUEST_SCHEME":"https","REMOTE_PORT":"55414","HTTP_HOST":"http-lan.my-amazing-resume.com","HTTP_USER_AGENT":"curl/7.81.0","REMOTE_HOST":"192.168.42.250","PATH_INFO":"","REQUEST_METHOD":"GET","SERVER_PROTOCOL":"HTTP/2.0","REMOTE_IDENT":"","CONTENT_TYPE":"","CONTENT_LENGTH":"","HTTPS":"on","HTTP_X_FORWARDED_FOR":"192.168.42.250","HTTP_ACCEPT":"*/*","AUTH_TYPE":"","DOCUMENT_ROOT":"/srv/sites/http-lan","DOCUMENT_URI":"/test.php","REQUEST_URI":"/test.php","SCRIPT_FILENAME":"/srv/sites/http-lan/test.php","SERVER_PORT":"443","SSL_PROTOCOL":"TLSv1.3","HTTP_X_FORWARDED_PROTO":"https","REMOTE_ADDR":"192.168.42.250","HTTP_X_FORWARDED_HOST":"http-lan.my-amazing-resume.com"},"dial":"localhost:9000","env":{"SSL_CIPHER":"TLS_AES_128_GCM_SHA256","GATEWAY_INTERFACE":"CGI/1.1","QUERY_STRING":"","REMOTE_USER":"","SERVER_SOFTWARE":"Caddy/v2.7.6","REQUEST_SCHEME":"https","SERVER_NAME":"http-lan.my-amazing-resume.com","REMOTE_HOST":"192.168.42.250","REMOTE_PORT":"55414","HTTP_HOST":"http-lan.my-amazing-resume.com","HTTP_USER_AGENT":"curl/7.81.0","REMOTE_IDENT":"","PATH_INFO":"","REQUEST_METHOD":"GET","SERVER_PROTOCOL":"HTTP/2.0","CONTENT_LENGTH":"","CONTENT_TYPE":"","AUTH_TYPE":"","HTTPS":"on","HTTP_X_FORWARDED_FOR":"192.168.42.250","HTTP_ACCEPT":"*/*","SCRIPT_FILENAME":"/srv/sites/http-lan/test.php","SERVER_PORT":"443","SSL_PROTOCOL":"TLSv1.3","HTTP_X_FORWARDED_PROTO":"https","REMOTE_ADDR":"192.168.42.250","DOCUMENT_ROOT":"/srv/sites/http-lan","DOCUMENT_URI":"/test.php","REQUEST_URI":"/test.php","HTTP_X_FORWARDED_HOST":"http-lan.my-amazing-resume.com","SCRIPT_NAME":"/test.php"},"request":{"remote_ip":"192.168.42.250","remote_port":"55414","client_ip":"192.168.42.250","proto":"HTTP/2.0","method":"GET","host":"http-lan.my-amazing-resume.com","uri":"/test.php","headers":{"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["http-lan.my-amazing-resume.com"],"User-Agent":["curl/7.81.0"],"Accept":["*/*"],"X-Forwarded-For":["192.168.42.250"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"http-lan.my-amazing-resume.com"}}}
Dec 11 03:05:40 bell-tower caddy[1229560]: {"level":"debug","ts":1702263940.0802057,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"localhost:9000","duration":0.000976461,"request":{"remote_ip":"192.168.42.250","remote_port":"55414","client_ip":"192.168.42.250","proto":"HTTP/2.0","method":"GET","host":"http-lan.my-amazing-resume.com","uri":"/test.php","headers":{"User-Agent":["curl/7.81.0"],"Accept":["*/*"],"X-Forwarded-For":["192.168.42.250"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["http-lan.my-amazing-resume.com"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"http-lan.my-amazing-resume.com"}},"headers":{"Status":["404 Not Found"],"X-Powered-By":["PHP/8.3.0"],"Content-Type":["text/html; charset=UTF-8"]},"status":404}
3. Caddy version:
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
4. How I installed and ran Caddy:
I followed the steps in Debian 11 / Ubuntu 22.04 Custom Compilation of Caddy with xcaddy
- added caddy repo
- installed caddy and xcaddy
- built caddy binary that includes the caddy-dns/cloudflare plugin
- used a debian dpkg diversion to use my custom caddy binary
a. System environment:
- base OS is Ubuntu Jammy Jellyfish Server 22.04 x86_64
- caddy is run out of systemd
- docker Community Edition 24.0.7
b. Command:
$ grep ExecStart /etc/systemd/system/multi-user.target.wants/caddy.service
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
c. Service/unit/compose file:
Caddy is run out of systemd
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
{
debug
}
*.my-amazing-resume.com {
@http-lan host http-lan.my-amazing-resume.com
handle @http-lan {
root * /srv/sites/http-lan
php_fastcgi localhost:9000
file_server
}
}