I host my own little website on a old qnap running apache which qnap is never updating so i thought i’d move to something else and caddy looks lie a awesome option and i am attempting to make a caddy file,
This is what i have made looking around at different thing
example.com {
# Access Logs
log ./logs/access.log
# Error Logs
errors ./logs/error.log {
rotate_size 100
rotate_age 7
rotate_keep 20
rotate_compress
}
# Enable gzip
gzip {
level 9
}
# Set security headers: https://www.keycdn.com/blog/http-security-headers
header / {
x-frame-options: DENY
x-xss-protection: 1; mode=block
strict-transport-security: max-age=2629800; preload
x-content-type-options: nosniff
feature-policy: autoplay 'none'; camera 'none'
}
#Bombs Bots
nobots "load.gz" {
regexp "bot"
}
# TLS
tls {
load ./certs/somewhere
clients /path/origin-pull-ca.pem
dns cloudflare
}
# Reverse Proxy
proxy / 127.0.0.1:8443 {
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-For {remote}
header_upstream X-Forwarded-Proto {scheme}
}
#Stuff i found here: https://github.com/caddyserver/examples/blob/master/dokuwiki/Caddyfile_root
root ./www
fastcgi / /var/run/php-fpm/php-fpm.sock php {
index doku.php
}
internal /forbidden
rewrite {
r /(data/|conf/|bin/|inc/|install.php)
to /forbidden
}
rewrite /_media {
r (.*)
to /lib/exe/fetch.php?media={1}
}
rewrite /_detail {
r (.*)
to /lib/exe/detail.php?media={1}
}
rewrite /_export {
r /([^/]+)/(.*)
to /doku.php?do=export_{1}&id={2}
}
rewrite {
if {path} not_match /lib/.*
if {path} not_match /forbidden
r /(.*)
to {uri} /doku.php?id={1}&{query}
}
}
One of the problem i am having is reverse proxy, i just cant seem to grasp how it is setup, with this “proxy / 127.0.0.1:8443” i know 127 refers to its self and i assume the 8443 is the port of the website?
Also i was looking at Authenticated Origin Pulls(looks more secure), I have the origin cery/key.pem and the origin-pull-ca.pem and i assume: clients /path/origin-pull-ca.pem that just makes it work.
Sorry for this mess, i expect many thing wrong with file and any help in the right direction would be appreciated
Sometimes using localhost instead of 127.0.0.1 works for me. One caddyfile I’ve used to run a snapd-installed Rocket.Chat instance on Ubunt 18.04 has this for its proxy section: https://example.com proxy / localhost:3000 { websocket transparent }
caddy.service - Caddy HTTP/2 web server
Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: en
abled)
Active: failed (Result: exit-code) since Tue 2019-07-02 12:56:22 A
EST; 15min ago
Docs: Welcome — Caddy Documentation
Process: 536 ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc
/caddy/Caddyfile -root=/var/tmp (code=exited, status=1/FAILURE)
Main PID: 536 (code=exited, status=1/FAILURE)
Jul 02 12:56:21 JSHServer systemd[1]: Started Caddy HTTP/2 web server.
Jul 02 12:56:22 JSHServer systemd[1]: caddy.service: Main process exited
, code=exited, status=1/FAILURE
Jul 02 12:56:22 JSHServer systemd[1]: caddy.service: Unit entered failed
state.
Jul 02 12:56:22 JSHServer systemd[1]: caddy.service: Failed with result
‘exit-code’.
sadly there is not error logs written in the logs files. does someone know how I can get more details information? maybe changing stdout to like /var/log/caddy/CaddyService.log?
This is 100% the best way to go about it. Simplify - a lot - until you have something working, then add complexity.
I’ll give you one pointer really quick, though:
Running FastCGI and a reverse proxy, both in the same site, on the web root (/) - only one of these is ever going to work, and it’s the proxy, because the proxy directive executes before the fastcgi directive does and Caddy can only serve one result to the client. Those rewrites below it would also affect it, to.
Likely you don’t want to serve literally multiple sites on the same site. When you start rebuilding your Caddyfile, try partitioning it up - use one subdomain for the dokuwiki and one subdomain for the reverse proxy.
Nope,not happy even with thay, whitestrike do you happen to know of a way to get more information on why it is failing:
caddy.service - Caddy HTTP/2 web server
Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2019-07-03 12:50:41 AEST; 4min
47s ago
Docs: Welcome — Caddy Documentation
Process: 2121 ExecStart=/usr/local/bin/caddy -log /var/log/caddy/caddy.service.log -agre
e=true -conf=/etc/caddy/Caddyfile -root=/var/tmp (code=exited, status=1/FAILURE)
Main PID: 2121 (code=exited, status=1/FAILURE)
Jul 03 12:50:41 JSHServer systemd[1]: Started Caddy HTTP/2 web server.
Jul 03 12:50:41 JSHServer systemd[1]: caddy.service: Main process exited, code=exi
ted, status=1/FAILURE
Jul 03 12:50:41 JSHServer systemd[1]: caddy.service: Unit entered failed state.
Jul 03 12:50:41 JSHServer systemd[1]: caddy.service: Failed with result 'exit-code
Configuring the log file is one of the very first things Caddy does when you run it:
If it’s failing out before then, without putting anything in stdout or the configured log file, that makes me think this is a systemd issue, not necessarily a Caddy issue.
2019/07/03 16:07:07 Caddyfile:40 - Error during parsing: Setting up DNS provider ‘cloudflare’: cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY
i’ll try with my email and apikey instead of the certs