hdf
June 29, 2025, 10:25am
1
I’m trying to download a custom caddy from the server and I’m getting an error 400
root@caddy:~# caddy upgrade
2025/06/29 10:17:13.829 INFO this executable will be replaced {"path": "/usr/bin/caddy.custom"}
2025/06/29 10:17:13.829 INFO requesting build {"os": "linux", "arch": "amd64", "packages": ["github.com/hslatman/caddy-crowdsec-bouncer@v0.8.1", "github.com/caddy-dns/cloudflare@v0.0.0-20250214163716-188b4850c0f2", "github.com/mholt/caddy-l4@v0.0.0-20250124234235-87e3e5e2c7f9"]}
Error: download failed: download failed: HTTP 400: unable to fulfill download request (id=2c93dcf3-715f-49a3-b5eb-fd2bf228b0bb)
v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=
Debian 12, LXC, x64
It’s probably the same issue as Caddy Upgrade getting http 400
Mohammed90
June 29, 2025, 11:12pm
2
We’re going through growth pain with the build server. We’re considering a few plans, but nothing solid yet. Until we decide on the next action for the build server, build your own binaries using xcaddy or Docker.
Note that there’s an open proposal to remove the upgrade command.
opened 04:01PM - 10 May 25 UTC
discussion
The `{add,remove}-package` and `upgrade` commands were added to experiment with … providing users the ability to modify their executable as needed. Those commands call our build server, which operates the `/download` page, requesting a new binary with the requested modules. We typically see a huge uptick in requests to the build server soon after new releases which is assumed to be by users running `caddy upgrade`, though we cannot provide the data to back this claim. The build server presence is good for one-off requests where you need custom Caddy binary on the go, but it shouldn't be the main go-to source for CI/CD. However, we see references to it being part of CI/CD with periodic calls, which appears to be users' way of getting the latest version. This is an anti-pattern.
I propose we remove these commands from core and make them plugins, mostly to discourage their use. For three reasons:
1. They rely on our build server and encourage using it, which comes without SLA.
2. They centralize distribution to us, which is contrary to how optimal package distribution operates.
3. Their presence encourages mutable infrastructure, which is discouraged due to drift, lack of attestation, lack of reproducibility
The commands can be split into a plugin. I validated this with a PoC. The deprecation can be done in phases:
- v2.11: remove the commands from core Caddy, and make it only available through custom build with the explicit request of the plugin
- v2.12: full removal of the commands, plugin removed from site
From v2.12 onward, users who desire those functions must develop their own plugin and point them at their own build server. That said, the recommendation has always been to rely on `xcaddy` rather than the build server.
Previous conversation on the subject:
- [State of add-packages and xcaddy](https://caddy.community/t/state-of-add-packages-and-xcaddy/30846/1)
1 Like
jeff
July 19, 2025, 2:32pm
3
Hey Mo.
Has there been any movement on the build server issue? I’ve just tested and getting the same issue as OP.
Thanks.
hdf
July 19, 2025, 2:58pm
4
I’ve taken matters into my own hands and now have my custom caddy built with a GitHub workflow
I’ve made it into a template
Contribute to HamletDuFromage/custom-caddy development by creating an account on GitHub.
1 Like
Mohammed90
July 19, 2025, 11:50pm
5
The message is still the same. Don’t rely on the build server nor the upgrade command as 100% available. They’re best effort and considered for removal.
jeff
July 26, 2025, 1:09am
6
Thanks for the update. Can you advise where one can find a guide for using xcaddy to upgrade caddy with a custom build?
For example I’m wanting to upgrade from 2.9 to the latest version and include plugins for CloudFlare DNS, dynamic DNS, and Crowdsec.
Mohammed90
July 26, 2025, 1:24am
7
Basic instructions for using xcaddy are here
More detailed instructions are available on xcaddy README on GitHub
Build Caddy with plugins
If you installed Caddy using the apt repository on Debian-derivative distros, follow the instructions at the bottom of the page here
1 Like
system
August 25, 2025, 1:24am
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.