I need Caddy to stop using port 80

conglinyizhi · November 19, 2024, 3:30pm

1. The problem I’m having:

I hope to start an HTTPS server on a port around 8000, with the certificate files required saved locally on the server side. However, when I try to start it with a non-“root” user, I encounter an error, which I will attach in the subsequent content. I would like to stop using port 80.

(PS: My native language is Simplified Chinese. Except for the log content, all the text in Markdown has been translated by an LLM at least once. I apologize for any grammatical errors that may arise.)

2. Error messages and/or full log output:

conglinyizhi@ser706539793593:~/Project/gotify
% caddy start                                                                                                                                                            24-11-19 - 22:25:15
2024/11/19 14:25:24.287 INFO    using adjacent Caddyfile
2024/11/19 14:25:24.291 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//[::1]:2019", "//127.0.0.1:2019", "//localhost:2019"]}
2024/11/19 14:25:24.292 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc0002a44d0"}
2024/11/19 14:25:24.343 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2024/11/19 14:25:24.344 INFO    tls     cleaning storage unit   {"description": "FileStorage:/home/conglinyizhi/.local/share/caddy"}
2024/11/19 14:25:24.344 INFO    http    enabling HTTP/3 listener        {"addr": ":8086"}
2024/11/19 14:25:24.344 INFO    failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2024/11/19 14:25:24.344 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/11/19 14:25:24.345 INFO    tls.cache.maintenance   stopped background certificate maintenance      {"cache": "0xc0002a44d0"}
Error: loading initial config: loading new config: http app module: start: listening on :80: listen tcp :80: bind: permission denied
Error: caddy process exited with error: exit status 1

3. Caddy version:

2.6.2

4. How I installed and ran Caddy:

apt install caddy

a. System environment:

Debian 12 x86_64

systemd 252 (252.6-1)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified

b. Command:

su conglinyizhi
caddy start

c. Service/unit/compose file:

Currently, I have not utilized systemd, and I plan to let Caddy manage the server with its own caddy start command, but this seems unrelated to the current configuration.

d. My complete Caddy config:

:8086 {
        tls /home/conglinyizhi/SSL/data.conglinyizhi.top/cert1.pem /home/conglinyizhi/SSL/data.conglinyizhi.top/privkey1.pem {
                ca_root /home/conglinyizhi/SSL/data.conglinyizhi.top/fullchain1.pem
        }
        route /gotify/* {
                uri strip_prefix /gotify
                reverse_proxy localhost:8088
        }
        redir /gotify /gotify/
}

francislavoie · November 19, 2024, 4:01pm

That’s a very old version. Please use the latest, v2.8.4. Follow our official installation instructions: Install — Caddy Documentation

Don’t use caddy start, use caddy run and run Caddy as a systemd service. Follow these instructions after installing Caddy from our official package. Keep Caddy Running — Caddy Documentation

You can turn off the Automatic HTTPS feature’s HTTP->HTTPS redirects by adding this to the top of your Caddyfile:

{
	auto_https disable_redirects
}

You can simplify this:

redir /gotify /gotify/
handle_path /gotify/* {
	reverse_proxy localhost:8088
}

conglinyizhi:

        tls /home/conglinyizhi/SSL/data.conglinyizhi.top/cert1.pem /home/conglinyizhi/SSL/data.conglinyizhi.top/privkey1.pem {
                ca_root /home/conglinyizhi/SSL/data.conglinyizhi.top/fullchain1.pem
        }

You don’t need ca_root there, that’s only if you need to tell Caddy the root CA cert of your ACME issuer when performing TLS automation. Since you’re not doing automation at all, it doesn’t do anything for you.

Your cert1.pem needs to be the fullchain, not just the leaf cert (i.e. you need to combine both the root + intermediate + leaf certs in one file (concatenate them together).

conglinyizhi · November 20, 2024, 11:34am

The issue has been resolved, and I hope to leave more information here to help others in the future:
I used the open-source tool certbot when building the HTTPS certificate, and the main reason for the HTTPS authentication failure was that I used the wrong file, which should have been fullchain.pem instead of cert.pem (of course, the best practice is to use the HTTPS certificate automatically generated by Caddy).