How to fix 403 error

hzb · March 11, 2023, 1:54pm

1. Output of `caddy version`:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

2. How I run Caddy:

sudo service caddy start

a. System environment:

centos 8

Linux work 4.18.0-448.el8.x86_64 #1 SMP Wed Jan 18 15:02:46 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

b. Command:

sudo service caddy start

c. Service/unit/compose file:

I installed caddy by following these steps, so all things are default.

d. My complete Caddy config:

http://foo.com {
 root * /home/opc/foo
 file_server
}

3. The problem I’m having:

I got an error

Access to foo.com was denied
You don't have authorization to view this page.
HTTP ERROR 403

4. Error messages and/or full log output:

Run sudo journalctl -u caddy --no-pager | less +G and got

y/Caddyfile","config_adapter":""}
Mar 11 13:29:36 work caddy[1984]: {"level":"warn","ts":1678541376.1268306,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
Mar 11 13:29:36 work caddy[1984]: {"level":"info","ts":1678541376.127591,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
Mar 11 13:29:36 work caddy[1984]: {"level":"warn","ts":1678541376.1282082,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
Mar 11 13:29:36 work caddy[1984]: {"level":"info","ts":1678541376.1284068,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Mar 11 13:29:36 work caddy[1984]: {"level":"info","ts":1678541376.1285868,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Mar 11 13:29:36 work caddy[1984]: {"level":"info","ts":1678541376.1286252,"msg":"serving initial configuration"}
Mar 11 13:29:36 work caddy[1984]: {"level":"info","ts":1678541376.128677,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0001fc1c0"}
Mar 11 13:29:36 work caddy[1984]: {"level":"info","ts":1678541376.128696,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Mar 11 13:29:36 work caddy[1984]: {"level":"info","ts":1678541376.1287093,"logger":"tls","msg":"finished cleaning storage units"}
Mar 11 13:29:36 work systemd[1]: Started Caddy.
Mar 11 13:32:19 work systemd[1]: Stopping Caddy...
Mar 11 13:32:19 work caddy[1984]: {"level":"info","ts":1678541539.0217068,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
Mar 11 13:32:19 work caddy[1984]: {"level":"warn","ts":1678541539.0217786,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
Mar 11 13:32:19 work caddy[1984]: {"level":"info","ts":1678541539.023097,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc0001fc1c0"}
Mar 11 13:32:19 work caddy[1984]: {"level":"info","ts":1678541539.0243573,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Mar 11 13:32:19 work caddy[1984]: {"level":"info","ts":1678541539.0243764,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
Mar 11 13:32:19 work systemd[1]: caddy.service: Succeeded.
Mar 11 13:32:19 work systemd[1]: Stopped Caddy.
Mar 11 13:32:19 work systemd[1]: Starting Caddy...
Mar 11 13:32:19 work caddy[2025]: caddy.HomeDir=/var/lib/caddy
Mar 11 13:32:19 work caddy[2025]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Mar 11 13:32:19 work caddy[2025]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Mar 11 13:32:19 work caddy[2025]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Mar 11 13:32:19 work caddy[2025]: caddy.Version=v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
Mar 11 13:32:19 work caddy[2025]: runtime.GOOS=linux
Mar 11 13:32:19 work caddy[2025]: runtime.GOARCH=amd64
Mar 11 13:32:19 work caddy[2025]: runtime.Compiler=gc
Mar 11 13:32:19 work caddy[2025]: runtime.NumCPU=2
Mar 11 13:32:19 work caddy[2025]: runtime.GOMAXPROCS=2
Mar 11 13:32:19 work caddy[2025]: runtime.Version=go1.18.9
Mar 11 13:32:19 work caddy[2025]: os.Getwd=/
Mar 11 13:32:19 work caddy[2025]: LANG=en_US.UTF-8
Mar 11 13:32:19 work caddy[2025]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
Mar 11 13:32:19 work caddy[2025]: NOTIFY_SOCKET=/run/systemd/notify
Mar 11 13:32:19 work caddy[2025]: HOME=/var/lib/caddy
Mar 11 13:32:19 work caddy[2025]: LOGNAME=caddy
Mar 11 13:32:19 work caddy[2025]: USER=caddy
Mar 11 13:32:19 work caddy[2025]: INVOCATION_ID=40b3994644b447369f55fdb6f406ff17
Mar 11 13:32:19 work caddy[2025]: JOURNAL_STREAM=9:34542
Mar 11 13:32:19 work caddy[2025]: {"level":"info","ts":1678541539.207737,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Mar 11 13:32:19 work caddy[2025]: {"level":"warn","ts":1678541539.2085576,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
Mar 11 13:32:19 work caddy[2025]: {"level":"info","ts":1678541539.2092397,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
Mar 11 13:32:19 work caddy[2025]: {"level":"warn","ts":1678541539.2096462,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
Mar 11 13:32:19 work caddy[2025]: {"level":"info","ts":1678541539.2098348,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Mar 11 13:32:19 work caddy[2025]: {"level":"info","ts":1678541539.2110505,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Mar 11 13:32:19 work caddy[2025]: {"level":"info","ts":1678541539.2111,"msg":"serving initial configuration"}
Mar 11 13:32:19 work caddy[2025]: {"level":"info","ts":1678541539.211154,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00022e620"}
Mar 11 13:32:19 work caddy[2025]: {"level":"info","ts":1678541539.211177,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Mar 11 13:32:19 work caddy[2025]: {"level":"info","ts":1678541539.2111893,"logger":"tls","msg":"finished cleaning storage units"}
Mar 11 13:32:19 work systemd[1]: Started Caddy.

Seem no error here.

5. What I already tried:

I disabled SELinux
groups caddy → caddy : caddy wheel

ls -la /home/opc/foo

total 4
drwxrwxrwx. 2 caddy caddy  24 Mar 11 11:53 .
drwx------. 4 opc   opc   125 Mar 11 13:25 ..
-rwxrwxrwx. 1 caddy caddy   9 Mar 11 11:53 index.html

sudo usermod -aG wheel caddy, see from How to solve status 403 in Caddy version 2 - Help - Caddy Community

6. Links to relevant resources:

How to solve status 403 in Caddy version 2 - Help - Caddy Community

Thank you.

neonota · March 11, 2023, 2:25pm

As the error msg suggests, your caddyfile isnt formatted correctly. Run caddy fmt

neonota · March 11, 2023, 2:26pm

Also caddy is only listening to port 80. Did you allowed port 443 in your firewall ?

hzb · March 11, 2023, 2:42pm

Thank you for the reply.

I run caddy fmt, and I get Error: Caddyfile:2: Caddyfile input is not formatted, but all codes is in Caddyfile as following.

http://foo.com {
 root * /home/opc/foo
 file_server
}

I don’t know where the error is.

I only use port 80, and I needn’t to use port 443, need I open port 443 in the firewall?

Mohammed90 · March 11, 2023, 2:45pm

Neither of those are causes of your issue, nor are they errors.

Please enable debug logging by adding this to the top of your Caddyfile:s and share the unredacted logs:

{
    debug
}

Also, is this what your Caddyfile truly looks like? If not, please share the actual one.

hzb · March 11, 2023, 2:48pm

So weird, I scp a Caddyfile which works well on another server from that server to this server, and run caddy fmt, and I also get the same error Error: Caddyfile:2: Caddyfile input is not formatted.

hzb · March 11, 2023, 2:50pm

This is my true Caddyfile, all content in Caddyfile is

http://foo.com {
 root * /home/opc/foo
 file_server
}

I only replaced the domain name here.

Mohammed90 · March 11, 2023, 3:16pm

What you saw in your logs earlier is a warning. The Caddyfile works, but the formatting isn’t optimal. You can fix it by running caddy fmt --overwrite, but this isn’t what’s causing you any issues. Feel free to ignore the earlier advice.

Please enable debug logs, double-check your fire perms and ownership, and share the full details.

neonota · March 12, 2023, 12:22am

Port 443 is for https traffic. You have to allow this port.

Mohammed90 · March 12, 2023, 12:27am

No, they don’t need port 443 because their configuration is explicitly for HTTP only (no S) which only needs port 80.

hzb · March 12, 2023, 4:42am

What??? I don’t think you know what you said.

francislavoie · March 13, 2023, 5:51am

As Mohammed said, we need to see full details from your logs to have any idea what’s going on here. Without that, we won’t be able to help any further.

system · April 12, 2023, 5:51am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.