Importing snippets

1. Caddy version (caddy version):

v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=

2. How I run Caddy:

As a service on Ubuntu

a. System environment:

Ubuntu 18.04

b. Command:

caddy reload ./Caddyfile 

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace the line below with your
# domain name.
:80

# Set this path to your site's directory.
root * /opt/ivt/apps/6.0.0/packages/client/spa

# Enable the static file server.
file_server * {
  root /opt/ivt/apps/6.0.0/packages/client/spa
}

file_server * {
  root /opt/ivt/photography
}

# Another common task is to set up a reverse proxy:
# reverse_proxy localhost:8080

# Or serve a PHP site through php-fpm:
# php_fastcgi localhost:9000

# This is pointing to Let's Encrypt Staging environment (for dev)
# https://letsencrypt.org/docs/staging-environment/
# This will allow you to get things right before issuing trusted
# certificates and reduce the chance of your running up against rate limits.
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory

# causes all certificates to be issued internally by default,
# rather than through a (public) ACME CA such as Let's Encrypt.
# This is useful in development environments.
local_certs

# configure automatic HTTPS. It can either disable it entirely (off)
# or disable only HTTP-to-HTTPS redirects (disable_redirects).
auto_https

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

(header_options) {
  header_up X-Real-IP {remote_host}
  header_up X-Forwarded-Proto {scheme}
  header_up Access-Control-Allow-Origin *
  header_up Access-Control-Allow-Credentials true
  header_up Access-Control-Allow-Headers Cache-Control,Content-Type
}

localhost {
  route /weather/* {
    uri replace /weather /socket.io
    reverse_proxy * http://localhost:3010 {
      import header_options
    }
  }
  route /ptz/* {
    uri replace /ptz /socket.io
    reverse_proxy * http://localhost:3006 {
      import header_options
    }
  }
  route /liveview/* {
    uri replace /liveview /socket.io
    reverse_proxy * http://localhost:3004 {
      import header_options
    }
  }
  route /archive/* {
    uri replace /archive /socket.io
    reverse_proxy * http://localhost:3003 {
      import header_options
    }
  }
  route /alarms/* {
    uri replace /alarms /socket.io
    reverse_proxy * http://localhost:3002 {
      import header_options
    }
  }
  route /console_socket/* {
    uri replace /console_socket /console/socket.io
    reverse_proxy * http://localhost:3001 {
      import header_options
    }
  }
  route /web_app_socket/* {
    uri replace /web_app_socket /web/socket.io
    reverse_proxy * http://localhost:3001 {
      import header_options
    }
  }
  route /api/* {
    reverse_proxy * http://localhost:3001 {
      import header_options
    }
  }
}

3. The problem I’m having:

Previously, back in April when I was investigating Caddy, we came up with using some snippets (here: Need help converting NGINX config - #21 by francislavoie).

Now, I get the following error:
run: adapting config using caddyfile: ./Caddyfile:60 - Error during parsing: File to import not found: header_options

4. Error messages and/or full log output:

run: adapting config using caddyfile: ./Caddyfile:60 - Error during parsing: File to import not found: header_options

5. What I already tried:

I have tried using my original file that worked previously. The above Caddyfile is just a continuing effort to get static files also served.

6. Links to relevant resources:

Your Caddyfile doesn’t really make sense. If you have more than one site to serve, you must wrap all sites with { }. You have :80 which defines a site label, followed by some directives which are not in a block (with braces) but later you have localhost which does. This isn’t valid syntax.

Also, global options must be within a set of { } braces, and must be the first thing in the Caddyfile. This is all explained here:

Yes, I read that. The top portion was a default Caddyfile, which doesn’t have the braces, so it was a bit confusing.

You’re not meant to leave that stuff in, it’s just the example that Caddy ships with.

Fair enough

I did as you suggested, but did have some issues. I commented out the things that were causing issues and now it works.

I need to serve files from 2 different places. Do you know how I can do this?

Here is my “working” Caddyfile atm

{
  # The Caddyfile is an easy way to configure your Caddy web server.
  #
  # Unless the file starts with a global options block, the first
  # uncommented line is always the address of your site.
  #
  # To use your own domain name (with automatic HTTPS), first make
  # sure your domain's A/AAAA DNS records are properly pointed to
  # this machine's public IP, then replace the line below with your
  # domain name.
  #:80
  
  # Set this path to your site's directory.
  #root * /opt/ivt/apps/6.0.0/packages/client/spa
  
  # Enable the static file server.
  #file_server * {
  #  root /opt/ivt/apps/6.0.0/packages/client/spa
  #}
  
  #file_server * {
  #  root /opt/ivt/photography
  #}
  
  # Another common task is to set up a reverse proxy:
  # reverse_proxy localhost:8080
  
  # Or serve a PHP site through php-fpm:
  # php_fastcgi localhost:9000
  
  # This is pointing to Let's Encrypt Staging environment (for dev)
  # https://letsencrypt.org/docs/staging-environment/
  # This will allow you to get things right before issuing trusted
  # certificates and reduce the chance of your running up against rate limits.
  acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
  
  # causes all certificates to be issued internally by default,
  # rather than through a (public) ACME CA such as Let's Encrypt.
  # This is useful in development environments.
  local_certs
  
  # configure automatic HTTPS. It can either disable it entirely (off)
  # or disable only HTTP-to-HTTPS redirects (disable_redirects).
  auto_https off
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

(header_options) {
  header_up X-Real-IP {remote_host}
  header_up X-Forwarded-Proto {scheme}
  header_up Access-Control-Allow-Origin *
  header_up Access-Control-Allow-Credentials true
  header_up Access-Control-Allow-Headers Cache-Control,Content-Type
}

localhost {
  route /weather/* {
    uri replace /weather /socket.io
    reverse_proxy * http://localhost:3010 {
      import header_options
    }
  }
  route /ptz/* {
    uri replace /ptz /socket.io
    reverse_proxy * http://localhost:3006 {
      import header_options
    }
  }
  route /liveview/* {
    uri replace /liveview /socket.io
    reverse_proxy * http://localhost:3004 {
      import header_options
    }
  }
  route /archive/* {
    uri replace /archive /socket.io
    reverse_proxy * http://localhost:3003 {
      import header_options
    }
  }
  route /alarms/* {
    uri replace /alarms /socket.io
    reverse_proxy * http://localhost:3002 {
      import header_options
    }
  }
  route /console_socket/* {
    uri replace /console_socket /console/socket.io
    reverse_proxy * http://localhost:3001 {
      import header_options
    }
  }
  route /web_app_socket/* {
    uri replace /web_app_socket /web/socket.io
    reverse_proxy * http://localhost:3001 {
      import header_options
    }
  }
  route /api/* {
    reverse_proxy * http://localhost:3001 {
      import header_options
    }
  }
}

Yeah, but it’s unclear how you expect that to be routed. You didn’t specify a request matcher, you can’t have two different root at the same time without them being scoped.

Right, make sense. And I do appreciate you taking time in helping me.
There are two paths:

1. The web site files (SPA)
2. The other is a location where images, video and svg files get placed. When retrieved from client browser, they are prefixed with files/*

Alternatively, I can serve the files with node/express if needed.

The general idea is you’d do something like this:

root * /filesystem/path/for/anything/else

root /path/for/images/* /filesystem/path/for/images
root /path/for/video/* /filesystem/path/for/video

file_server

I’m still unclear on what URL paths you expect to serve which files from the filesystem.

I think I just need this:

  root /files/* /opt/ivt/photography
  
  # Set this path to your site's directory.
  root * /opt/ivt/apps/6.0.0/packages/client/spa

  # Enable the static file server.
  file_server

Does this go in the global area of first curly braces??

Tried, but got this:
reload: adapting config using caddyfile: Caddyfile:13: unrecognized global option: root

No, it must go within a site block. Global options is not a site block. Caddy won’t know when to serve that if you don’t tell it. Is that meant to be under a specific domain? What do you expect to type in your browser and have those things show up?

Please review the documentation:

There is no domain. These are “devices”, so a company just uses an IP address or the computer name.

So, I take it these should be in my “localhost” block?

localhost will only match requests which have localhost as the domain (which most well-behaved DNS setups will resolve to 127.0.0.1 or ::1). If you want to match any request on port 80, then you should make another site block with :80 as the label, or change localhost to :80.

Nice, thanks! I seem to be getting closer:

This is what I am getting:

{"level":"info","ts":1597169163.890006,"logger":"admin","msg":"stopped previous server"}
Aug 11 12:06:06 FLEX-5 caddy[6975]: {"level":"info","ts":1597169166.8596313,"logger":"admin.api","msg":"received request","method":"GET","host":"localhost:2019","uri":"/config/","remote_addr":"127.0.0.1:4432
Aug 11 12:12:26 FLEX-5 caddy[6975]: {"level":"info","ts":1597169546.4834769,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:48234"
Aug 11 12:12:26 FLEX-5 caddy[6975]: {"level":"info","ts":1597169546.4845319,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","
Aug 11 12:12:26 FLEX-5 caddy[6975]: 2020/08/11 12:12:26 [INFO][cache:0xc00071bda0] Started certificate maintenance routine
Aug 11 12:12:26 FLEX-5 caddy[6975]: {"level":"warn","ts":1597169546.486322,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/loc
Aug 11 12:12:26 FLEX-5 caddy[6975]: 2020/08/11 12:12:26 not NSS security databases found
Aug 11 12:12:26 FLEX-5 caddy[6975]: 2020/08/11 12:12:26 define JAVA_HOME environment variable to use the Java trust
Aug 11 12:12:26 FLEX-5 sudo[18692]: pam_unix(sudo:auth): conversation failed
Aug 11 12:12:26 FLEX-5 sudo[18692]: pam_unix(sudo:auth): auth could not identify password for [caddy]
Aug 11 12:12:26 FLEX-5 sudo[18692]:    caddy : user NOT in sudoers ; TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/tee /usr/local/share/ca-certificates/Caddy_Local_Authority_-_2020_ECC_Root_302191190084
Aug 11 12:12:26 FLEX-5 caddy[6975]: {"level":"error","ts":1597169546.4908736,"logger":"pki.ca.local","msg":"failed to install root certificate","error":"failed to execute sudo: exit status 1","certificate_fi
Aug 11 12:12:26 FLEX-5 caddy[6975]: 2020/08/11 12:12:26 [INFO][cache:0xc000909ec0] Stopped certificate maintenance routine
Aug 11 12:12:26 FLEX-5 caddy[6975]: {"level":"info","ts":1597169546.4912004,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Aug 11 12:12:26 FLEX-5 caddy[6975]: {"level":"info","ts":1597169546.491217,"logger":"admin.api","msg":"load complete"}
Aug 11 12:12:26 FLEX-5 caddy[6975]: {"level":"info","ts":1597169546.9850924,"logger":"admin","msg":"stopped previous server"}
Aug 11 12:12:30 FLEX-5 caddy[6975]: {"level":"info","ts":1597169550.5449054,"logger":"admin.api","msg":"received request","method":"GET","host":"localhost:2019","uri":"/config/","remote_addr":"127.0.0.1:4827
lines 3586-3636/3636 (END)

Seemed to have fixed the above, but now getting this:

Aug 11 12:34:34 FLEX-5 systemd[1]: Started Caddy.
Aug 11 12:34:35 FLEX-5 caddy[23644]: caddy.HomeDir=/var/lib/caddy
Aug 11 12:34:35 FLEX-5 caddy[23644]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Aug 11 12:34:35 FLEX-5 caddy[23644]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Aug 11 12:34:35 FLEX-5 caddy[23644]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Aug 11 12:34:35 FLEX-5 caddy[23644]: runtime.GOOS=linux
Aug 11 12:34:35 FLEX-5 caddy[23644]: runtime.GOARCH=amd64
Aug 11 12:34:35 FLEX-5 caddy[23644]: runtime.Compiler=gc
Aug 11 12:34:35 FLEX-5 caddy[23644]: runtime.NumCPU=4
Aug 11 12:34:35 FLEX-5 caddy[23644]: runtime.GOMAXPROCS=4
Aug 11 12:34:35 FLEX-5 caddy[23644]: runtime.Version=go1.14.4
Aug 11 12:34:35 FLEX-5 caddy[23644]: os.Getwd=/
Aug 11 12:34:35 FLEX-5 caddy[23644]: LANG=en_CA.UTF-8
Aug 11 12:34:35 FLEX-5 caddy[23644]: LANGUAGE=en_CA:en
Aug 11 12:34:35 FLEX-5 caddy[23644]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Aug 11 12:34:35 FLEX-5 caddy[23644]: HOME=/var/lib/caddy
Aug 11 12:34:35 FLEX-5 caddy[23644]: LOGNAME=caddy
Aug 11 12:34:35 FLEX-5 caddy[23644]: USER=caddy
Aug 11 12:34:35 FLEX-5 caddy[23644]: INVOCATION_ID=ae26a668968549c4a062ac0924ed8093
Aug 11 12:34:35 FLEX-5 caddy[23644]: JOURNAL_STREAM=9:27298552
Aug 11 12:34:35 FLEX-5 caddy[23644]: {"level":"info","ts":1597170875.0155225,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Aug 11 12:34:35 FLEX-5 caddy[23644]: {"level":"info","ts":1597170875.0187957,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019",
Aug 11 12:34:35 FLEX-5 caddy[23644]: 2020/08/11 12:34:35 [INFO][cache:0xc0006ca900] Started certificate maintenance routine
Aug 11 12:34:35 FLEX-5 caddy[23644]: 2020/08/11 12:34:35 [INFO][cache:0xc0006ca900] Stopped certificate maintenance routine
Aug 11 12:34:35 FLEX-5 caddy[23644]: run: loading initial config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: provisioning automation 
Aug 11 12:34:35 FLEX-5 systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Aug 11 12:34:35 FLEX-5 systemd[1]: caddy.service: Failed with result 'exit-code'.

Back to working:

Aug 11 13:14:46 FLEX-5 systemd[1]: Started Caddy.
Aug 11 13:14:47 FLEX-5 caddy[31729]: caddy.HomeDir=/var/lib/caddy
Aug 11 13:14:47 FLEX-5 caddy[31729]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Aug 11 13:14:47 FLEX-5 caddy[31729]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Aug 11 13:14:47 FLEX-5 caddy[31729]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Aug 11 13:14:47 FLEX-5 caddy[31729]: runtime.GOOS=linux
Aug 11 13:14:47 FLEX-5 caddy[31729]: runtime.GOARCH=amd64
Aug 11 13:14:47 FLEX-5 caddy[31729]: runtime.Compiler=gc
Aug 11 13:14:47 FLEX-5 caddy[31729]: runtime.NumCPU=4
Aug 11 13:14:47 FLEX-5 caddy[31729]: runtime.GOMAXPROCS=4
Aug 11 13:14:47 FLEX-5 caddy[31729]: runtime.Version=go1.14.4
Aug 11 13:14:47 FLEX-5 caddy[31729]: os.Getwd=/
Aug 11 13:14:47 FLEX-5 caddy[31729]: LANG=en_CA.UTF-8
Aug 11 13:14:47 FLEX-5 caddy[31729]: LANGUAGE=en_CA:en
Aug 11 13:14:47 FLEX-5 caddy[31729]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Aug 11 13:14:47 FLEX-5 caddy[31729]: HOME=/var/lib/caddy
Aug 11 13:14:47 FLEX-5 caddy[31729]: LOGNAME=caddy
Aug 11 13:14:47 FLEX-5 caddy[31729]: USER=caddy
Aug 11 13:14:47 FLEX-5 caddy[31729]: INVOCATION_ID=f1822491afce49db837159c087f3cb9a
Aug 11 13:14:47 FLEX-5 caddy[31729]: JOURNAL_STREAM=9:27390304
Aug 11 13:14:47 FLEX-5 caddy[31729]: {"level":"info","ts":1597173287.005565,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Aug 11 13:14:47 FLEX-5 caddy[31729]: {"level":"info","ts":1597173287.0091448,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019",
Aug 11 13:14:47 FLEX-5 caddy[31729]: {"level":"info","ts":1597173287.0092835,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_na
Aug 11 13:14:47 FLEX-5 caddy[31729]: {"level":"info","ts":1597173287.0093756,"logger":"tls","msg":"cleaned up storage units"}
Aug 11 13:14:47 FLEX-5 caddy[31729]: {"level":"error","ts":1597173287.0094843,"msg":"unable to create folder for config autosave","dir":"/var/lib/caddy/.config/caddy","error":"mkdir /var/lib/caddy: permissio
Aug 11 13:14:47 FLEX-5 caddy[31729]: {"level":"info","ts":1597173287.0094943,"msg":"serving initial configuration"}
Aug 11 13:14:47 FLEX-5 caddy[31729]: 2020/08/11 13:14:47 [INFO][cache:0xc00066ed20] Started certificate maintenance routine

@francislavoie Everything is working! There’s a few hoops I had to go through.

caddy was not in sudoers, so had to do the following:

sudo  usermod -aG sudo caddy

and the files I wanted served were not accessible to Caddy, so had to:

sudo usermod -aG intelliview caddy

The intelliview user auto logs in (ie: after a reboot, loss of power, etc)

Now I am serving the website, files and all the reverse proxies on the web services.

Thank you so much for your help today. I really appreciate it!

This topic was automatically closed after 30 days. New replies are no longer allowed.