First time with Caddy

Hey all,

I host my own little website on a old qnap running apache which qnap is never updating so i thought i’d move to something else and caddy looks lie a awesome option and i am attempting to make a caddy file,
This is what i have made looking around at different thing

example.com {
  # Access Logs
  log ./logs/access.log

  # Error Logs
  errors ./logs/error.log {
  rotate_size 100
  rotate_age  7 
  rotate_keep 20 
  rotate_compress
  }

  # Enable gzip
  gzip {
  level 9
  }

  # Set security headers: https://www.keycdn.com/blog/http-security-headers
  header / {
  x-frame-options: DENY
  x-xss-protection: 1; mode=block
  strict-transport-security: max-age=2629800; preload
  x-content-type-options: nosniff
  feature-policy: autoplay 'none'; camera 'none'
  }
  
  #Bombs Bots
  nobots "load.gz" {
  regexp "bot"
  }

  # TLS
  tls {
  load ./certs/somewhere
      clients /path/origin-pull-ca.pem
  dns cloudflare
  }
  
  # Reverse Proxy
  proxy / 127.0.0.1:8443 {
  	header_upstream Host {host}
  	header_upstream X-Real-IP {remote}
  	header_upstream X-Forwarded-For {remote}
  	header_upstream X-Forwarded-Proto {scheme}
  }

  #Stuff i found here: https://github.com/caddyserver/examples/blob/master/dokuwiki/Caddyfile_root
  root ./www
  fastcgi / /var/run/php-fpm/php-fpm.sock php {
	index doku.php
  }
  internal /forbidden
  rewrite {
	r /(data/|conf/|bin/|inc/|install.php)
	to /forbidden
  }
  rewrite /_media {
	r (.*)
	to /lib/exe/fetch.php?media={1}
  }
  rewrite /_detail {
	r (.*)
  to /lib/exe/detail.php?media={1}
  }
  rewrite /_export {
	r /([^/]+)/(.*)
	to /doku.php?do=export_{1}&id={2}
  }
  rewrite {
	if {path} not_match /lib/.*
	if {path} not_match /forbidden
	r /(.*)
   to {uri} /doku.php?id={1}&{query}
  }
}

One of the problem i am having is reverse proxy, i just cant seem to grasp how it is setup, with this “proxy / 127.0.0.1:8443” i know 127 refers to its self and i assume the 8443 is the port of the website?

Also i was looking at Authenticated Origin Pulls(looks more secure), I have the origin cery/key.pem and the origin-pull-ca.pem and i assume: clients /path/origin-pull-ca.pem that just makes it work.

Sorry for this mess, i expect many thing wrong with file and any help in the right direction would be appreciated

Sometimes using localhost instead of 127.0.0.1 works for me. One caddyfile I’ve used to run a snapd-installed Rocket.Chat instance on Ubunt 18.04 has this for its proxy section:
https://example.com
proxy / localhost:3000 {
websocket
transparent
}

Thanks, time to put in the file, start it up and watch it explode! (i expect alot of errors)

well i cant seem to get it to start, i have followed both theses websites which is almost the same:
https://caddy.community/t/caddy-on-raspbian-a-laymans-tutorial/2944
https://pimylifeup.com/raspberry-pi-caddy-web-server/

but get this:

caddy.service - Caddy HTTP/2 web server
Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: en
abled)
Active: failed (Result: exit-code) since Tue 2019-07-02 12:56:22 A
EST; 15min ago
Docs: https://caddyserver.com/docs
Process: 536 ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc
/caddy/Caddyfile -root=/var/tmp (code=exited, status=1/FAILURE)
Main PID: 536 (code=exited, status=1/FAILURE)

Jul 02 12:56:21 JSHServer systemd[1]: Started Caddy HTTP/2 web server.
Jul 02 12:56:22 JSHServer systemd[1]: caddy.service: Main process exited
, code=exited, status=1/FAILURE
Jul 02 12:56:22 JSHServer systemd[1]: caddy.service: Unit entered failed
state.
Jul 02 12:56:22 JSHServer systemd[1]: caddy.service: Failed with result
‘exit-code’.

sadly there is not error logs written in the logs files. does someone know how I can get more details information? maybe changing stdout to like /var/log/caddy/CaddyService.log?

actually a smarter move will be my stripping everything from the file first then adding more

2 Likes

This is 100% the best way to go about it. Simplify - a lot - until you have something working, then add complexity.

I’ll give you one pointer really quick, though:

Running FastCGI and a reverse proxy, both in the same site, on the web root (/) - only one of these is ever going to work, and it’s the proxy, because the proxy directive executes before the fastcgi directive does and Caddy can only serve one result to the client. Those rewrites below it would also affect it, to.

Likely you don’t want to serve literally multiple sites on the same site. When you start rebuilding your Caddyfile, try partitioning it up - use one subdomain for the dokuwiki and one subdomain for the reverse proxy.

HI thanks for that information, this is my next attempt

website:80, www.website:80 {
        redir website:443
}

website:443, www.website:443 {
        # Access Logs
        log /var/log/caddy/access.log

        # Error Logs
        errors /var/log/caddy/error.log {
        rotate_size 100
        rotate_age  7
        rotate_keep 20
        rotate_compress
        }

        # Enable gzip
#        gzip {
#        level 9
#        }

        # Set security headers: https://www.keycdn.com/blog/http-security-heade$
#        header / {
#        x-frame-options: DENY
#        x-xss-protection: 1; mode=block
#        strict-transport-security: max-age=2629800; preload
#        x-content-type-options: nosniff
#        feature-policy: autoplay 'none'; camera 'none'
#        }

        #Bombs Bots
#       nobots "load.gz" {
#       regexp "bot"
#       }

        # TLS
        tls {
        load /etc/ssl/caddy
        clients /etc/ssl/caddy/origin/origin-pull-ca.pem
        dns cloudflare
        }

        # Reverse Proxy
#       proxy / localhost:363 {
#       websocket
#       transparent
#       header_upstream Host {host}
#       header_upstream X-Real-IP {remote}
#       header_upstream X-Forwarded-For {remote}
#       header_upstream X-Forwarded-Proto {scheme}
#       }

        #stuff i found here: https://github.com/caddyserver/examples/blob/mast$
        root /var/www/website
	index doku.php
#        fastcgi / /var/run/php/php7.0-fpm.sock {
#        index doku.php
#        }
#
#       internal /forbidden
#
#        rewrite {
#        r /(data/|conf/|bin/|inc/|install.php)
#       to /forbidden
#        }
#	rewrite /_media {
#        r (.*)
#        to /lib/exe/fetch.php?media={1}
#        }
#
#        rewrite /_detail {
#        r (.*)
#        to /lib/exe/detail.php?media={1}
#        }
#
#        rewrite /_export {
#        r /([^/]+)/(.*)
#        to /doku.php?do=export_{1}&id={2}
#        }
#
#        rewrite {
#        if {path} not_match /lib/.*
#        if {path} not_match /forbidden
#        r /(.*)
#         to {uri} /doku.php?id={1}&{query}
#}
}

Nope,not happy even with thay, whitestrike do you happen to know of a way to get more information on why it is failing:
caddy.service - Caddy HTTP/2 web server
Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2019-07-03 12:50:41 AEST; 4min
47s ago
Docs: https://caddyserver.com/docs
Process: 2121 ExecStart=/usr/local/bin/caddy -log /var/log/caddy/caddy.service.log -agre
e=true -conf=/etc/caddy/Caddyfile -root=/var/tmp (code=exited, status=1/FAILURE)

Main PID: 2121 (code=exited, status=1/FAILURE)

Jul 03 12:50:41 JSHServer systemd[1]: Started Caddy HTTP/2 web server.
Jul 03 12:50:41 JSHServer systemd[1]: caddy.service: Main process exited, code=exi
ted, status=1/FAILURE
Jul 03 12:50:41 JSHServer systemd[1]: caddy.service: Unit entered failed state.
Jul 03 12:50:41 JSHServer systemd[1]: caddy.service: Failed with result 'exit-code

Caddy should always print an exit message to the log unless it’s terminated.

I note that ExecStart contains -log /var/log/caddy/caddy.service.log. Have you tried tailing that process log?

Hello, I tried(learnt) the tail command but it fails as there is no logfile there

Hmm.

Configuring the log file is one of the very first things Caddy does when you run it:

If it’s failing out before then, without putting anything in stdout or the configured log file, that makes me think this is a systemd issue, not necessarily a Caddy issue.

Can you run Caddy from the command line?

1 Like

Hello,
it looked like it worked but i was not able to access the website:

caddy
Activating privacy features… done.

Serving HTTP on port 2015
http://:2015

WARNING: File descriptor limit 1024 is too low for production servers. At least 8192 is recommended. Fix with ulimit -n 8192.

wait, i was silly, i went to 2125 instead of 2015 and got 404 Not Found
YAY its is running but still no log files

2019/07/03 16:07:07 Caddyfile:40 - Error during parsing: Setting up DNS provider ‘cloudflare’: cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY

i’ll try with my email and apikey instead of the certs