File server works with caddy CLI but not systemd

1. Caddy version (caddy version):

v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=

2. How I run Caddy:

a. System environment:

$ uname -a
Linux gmhafiz-portfolio 4.15.0-74-generic #84-Ubuntu SMP Thu Dec 19 08:06:28 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/lsb-release 
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.5 LTS"

b. Command:

sudo systemctl start caddy

c. Service/unit/compose file:

$ cat  caddy.service
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

/etc/caddy/Caddyfile

gmhafiz.com www.gmhafiz.com
root * /home/gmhafiz/www.gmhafiz.com
encode gzip zstd
log
file_server

3. The problem I’m having:

I am upgrading from caddy v1 to v2. On v1, it was working perfectly fine.

I am now trying to serve static website located on /home/gmhafiz/www.gmhafiz.com

When I run

sudo systemctl daemon-reload
sudo systemctl start caddy

and I try to access the website with curl, I get no response at all.

$ curl https://gmhafiz.com
$ curl https://www.gmhafiz.com

Accessing through the browser, I get 403 - Forbidden

4. Error messages and/or full log output:

5. What I already tried:

I have tried running the cli instead of using systemd

cd ~
caddy run --config /etc/caddy/Caddyfile  

This however, the only way that I can run the caddy that serves the static website.

I installed caddy2 using https://caddyserver.com/docs/install including running these:

$ sudo groupadd --system caddy                                                                                                                                                                                            
[sudo] password for gmhafiz: 
groupadd: group 'caddy' already exists
gmhafiz@gmhafiz-portfolio:~$ sudo useradd --system \                                                                                                                                                                                                 
>     --gid caddy \
>     --create-home \
>     --home-dir /var/lib/caddy \
>     --shell /usr/sbin/nologin \
>     --comment "Caddy web server" \
>     caddy
useradd: user 'caddy' already exists

Permission:

$ sudo chown -R gmhafiz:caddy www.gmhafiz.com   

$ stat www.gmhafiz.com                                                                                                                                                                                                    
  File: www.gmhafiz.com
  Size: 4096      	Blocks: 8          IO Block: 4096   directory
Device: fc01h/64513d	Inode: 273451      Links: 18
Access: (0775/drwxrwxr-x)  Uid: ( 1000/ gmhafiz)   Gid: (  999/   caddy)
Access: 2021-02-21 02:00:45.713621254 +0000
Modify: 2021-02-20 13:02:24.814995549 +0000
Change: 2021-02-21 02:02:44.722249732 +0000
 Birth: -

6. Links to relevant resources:

What do you see in your logs? Run journalctl -u caddy --no-pager | less to see Caddy’s log output. You may add the debug global option at the top of your Caddyfile to see a bit more detail:

{
	debug
}

Ah, it might be that systemd is hiding all of /home for you; maybe try putting your files in /srv/gmhafiz.com or /var/www/gmhafiz.com or something like that.

What user were you running Caddy as with v1? Were you using systemd there as well?

My current hunch (but I’m not 100% certain on the specifics so I’m asking someone to help clarify for me), I think that if the caddy user doesn’t have x (executable) permissions on /home/gmhafiz, it hides all the contents of that directory to it. But I might be wrong.

I have moved the folder to /var/www/www.gmhafiz.com and updated /etc/caddy/Caddyfile and it works!

I was running with systemd with v1 as well.