Install Caddy V2 with FreeNAS or FreeBSD

caddy-v2-wordpress-caddyfile

Install Caddy Server Version 2.0 for FreeNAS 11.2 ( might work with 11.1 or newer)

Instruction is only cater for FreeNAS, or FreeBSD. Tested and working on FreeNAS 11.2-U7 and FreeNAS 11.2-U8

Find the Caddy V2 Official Release from here :

#STEP

a) go the your jail
at termainal , type

root@FreeNAS[/]# > jls

it should list out your current running jail

root@turbology[/]# jls
   JID  IP Address      Hostname                      Path
     1                  insidejail                    /mnt/MAIN/iocage/jails/insidejail/root
root@turbology[/]#

b) to enter your jail through therminal
type > jexec tcsh
example , > jexec 1 tcsh

root@FreeNAS[/]# jexec 1 tcsh
root@insidejail:/ #

c) fetch the Caddy program
type > fetch https://github.com/caddyserver/caddy/releases/download/v2.0.0/caddy_2.0.0_freebsd_amd64.tar.gz

root@insidejail:/ # fetch https://github.com/caddyserver/caddy/releases/download/v2.0.0/caddy_2.0.0_freebsd_amd64.tar.gz
caddy_2.0.0_freebsd_amd64.tar.gz                        11 MB  728 kBps    16s
root@insidejail:/ #

d) untar the file
type > tar -xjf caddy_2.0.0_freebsd_amd64.tar.gz

root@insidejail:/ #  tar -xjf caddy_2.0.0_freebsd_amd64.tar.gz
root@insidejail:/ #

e) confirm the caddy version

type > ./caddy version
v2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8=

root@onlyoffice:/ # ./caddy version
v2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8=
root@onlyoffice:/ #

Note: after the h1: is the version,
it might be vary. but as long as v2.0.0 you are good

f) in case you face file cannot run due to permsion:

type > chmod 744 caddy
change the permision of file, so you can run it.

root@onlyoffice:/ # chmod 744 caddy
root@onlyoffice:/ #

g) copy the file to bin so you can run it anywhere

type > cp caddy /usr/local/bin

For quicker method, you can fetch script to run the above by typing below inside your jail

root@FreeNAS:/ # fetch https://github.com/caddyserver/examples/blob/master/nextcloud/Caddyfile -o installcaddyv2.sh

root@onlyoffice:/ # ./installcaddyv2.sh

or pull a request if you think you can improve it.
default location is /usr/local/www
use text editor if you prefer it at somewhere.

Good Luck and have fun

1 Like

The instructions above are now out-of-date. Caddy V2 was first ported to the FreeBSD rc.d framework in August 2020. Caddy integration within the framework has since matured. That together with the caddy upgrade command introduced in Caddy 2.4.0 make it very easy today to keep Caddy up-to-date on FreeBSD and its derivates, such as FreeNAS.

References:

  1. caddy upgrade
  2. Caddy 2.4.0 beta 1 is now available
  3. Caddy on FreshPorts

Do not install Caddy within the OS. Always use a jail. These are the minimum commands required to install the most recent version of Caddy:

pkg install caddy
sysrc caddy_enable="YES"
service caddy start
caddy upgrade
service caddy restart

A sample session for installing Caddy version 2.4.1 and then upgrading it to 2.4.3 is included below.

root@caddy:~ # pkg install caddy
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        ca_root_nss: 3.63
        caddy: 2.4.1

Number of packages to be installed: 2

The process will require 37 MiB more space.
8 MiB to be downloaded.

Proceed with this action? [y/N]: y
[caddy] [1/2] Fetching caddy-2.4.1.txz: 100%    8 MiB   2.1MB/s    00:04
[caddy] [2/2] Fetching ca_root_nss-3.63.txz: 100%  276 KiB 282.4kB/s    00:01
Checking integrity... done (0 conflicting)
[caddy] [1/2] Installing ca_root_nss-3.63...
[caddy] [1/2] Extracting ca_root_nss-3.63: 100%
[caddy] [2/2] Installing caddy-2.4.1...
[caddy] [2/2] Extracting caddy-2.4.1: 100%
=====
Message from ca_root_nss-3.63:

--
FreeBSD does not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
system administrator.


This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual
intervention.

If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.

  * /etc/ssl/cert.pem
  * /usr/local/etc/ssl/cert.pem
  * /usr/local/openssl/cert.pem
=====
Message from caddy-2.4.1:

--
To enable caddy:

- Edit /usr/local/etc/caddy/Caddyfile
  See https://caddyserver.com/docs/
- Add caddy_enable="YES" to /etc/rc.conf

/usr/local/etc/rc.d/caddy has the following defaults:

- Server log: /var/log/caddy/caddy.log
  (runtime messages, NOT an access.log)
- Automatic SSL certificate storage: /var/db/caddy/data/caddy/
- Runs as root:wheel (you can run as another user, like www,
  but caddy will be unable to bind to low-numbered ports,
  including 80 and 443)
root@caddy:~ # sysrc caddy_enable="YES"
caddy_enable:  -> YES
root@caddy:~ # service caddy start
Starting caddy... done
Log: /var/log/caddy/caddy.log
root@caddy:~ # caddy version
(devel)
root@caddy:~ # caddy upgrade
2021/07/20 14:41:47.883 INFO    this executable will be replaced        {"path": "/usr/local/bin/caddy"}
2021/07/20 14:41:47.884 INFO    requesting build        {"os": "freebsd", "arch": "amd64", "packages": []}
2021/07/20 14:41:48.746 INFO    build acquired; backing up current executable   {"current_path": "/usr/local/bin/caddy", "backup_path": "/usr/local/bin/caddy.tmp"}
2021/07/20 14:41:48.746 INFO    downloading binary      {"source": "https://caddyserver.com/api/download?arch=amd64&os=freebsd", "destination": "/usr/local/bin/caddy"}
2021/07/20 14:42:00.660 INFO    download successful; displaying new binary details      {"location": "/usr/local/bin/caddy"}

Module versions:

admin.api.load v2.4.3
admin.api.metrics v2.4.3
admin.api.reverse_proxy v2.4.3
caddy.adapters.caddyfile v2.4.3
caddy.config_loaders.http v2.4.3
caddy.listeners.tls v2.4.3
caddy.logging.encoders.console v2.4.3
caddy.logging.encoders.filter v2.4.3
caddy.logging.encoders.filter.delete v2.4.3
caddy.logging.encoders.filter.ip_mask v2.4.3
caddy.logging.encoders.filter.replace v2.4.3
caddy.logging.encoders.json v2.4.3
caddy.logging.encoders.single_field v2.4.3
caddy.logging.writers.discard v2.4.3
caddy.logging.writers.file v2.4.3
caddy.logging.writers.net v2.4.3
caddy.logging.writers.stderr v2.4.3
caddy.logging.writers.stdout v2.4.3
caddy.storage.file_system v2.4.3
http v2.4.3
http.authentication.hashes.bcrypt v2.4.3
http.authentication.hashes.scrypt v2.4.3
http.authentication.providers.http_basic v2.4.3
http.encoders.gzip v2.4.3
http.encoders.zstd v2.4.3
http.handlers.acme_server v2.4.3
http.handlers.authentication v2.4.3
http.handlers.encode v2.4.3
http.handlers.error v2.4.3
http.handlers.file_server v2.4.3
http.handlers.headers v2.4.3
http.handlers.map v2.4.3
http.handlers.metrics v2.4.3
http.handlers.push v2.4.3
http.handlers.request_body v2.4.3
http.handlers.reverse_proxy v2.4.3
http.handlers.rewrite v2.4.3
http.handlers.static_response v2.4.3
http.handlers.subroute v2.4.3
http.handlers.templates v2.4.3
http.handlers.vars v2.4.3
http.matchers.expression v2.4.3
http.matchers.file v2.4.3
http.matchers.header v2.4.3
http.matchers.header_regexp v2.4.3
http.matchers.host v2.4.3
http.matchers.method v2.4.3
http.matchers.not v2.4.3
http.matchers.path v2.4.3
http.matchers.path_regexp v2.4.3
http.matchers.protocol v2.4.3
http.matchers.query v2.4.3
http.matchers.remote_ip v2.4.3
http.matchers.vars v2.4.3
http.matchers.vars_regexp v2.4.3
http.precompressed.br v2.4.3
http.precompressed.gzip v2.4.3
http.precompressed.zstd v2.4.3
http.reverse_proxy.selection_policies.cookie v2.4.3
http.reverse_proxy.selection_policies.first v2.4.3
http.reverse_proxy.selection_policies.header v2.4.3
http.reverse_proxy.selection_policies.ip_hash v2.4.3
http.reverse_proxy.selection_policies.least_conn v2.4.3
http.reverse_proxy.selection_policies.random v2.4.3
http.reverse_proxy.selection_policies.random_choose v2.4.3
http.reverse_proxy.selection_policies.round_robin v2.4.3
http.reverse_proxy.selection_policies.uri_hash v2.4.3
http.reverse_proxy.transport.fastcgi v2.4.3
http.reverse_proxy.transport.http v2.4.3
pki v2.4.3
tls v2.4.3
tls.certificates.automate v2.4.3
tls.certificates.load_files v2.4.3
tls.certificates.load_folders v2.4.3
tls.certificates.load_pem v2.4.3
tls.certificates.load_storage v2.4.3
tls.handshake_match.remote_ip v2.4.3
tls.handshake_match.sni v2.4.3
tls.issuance.acme v2.4.3
tls.issuance.internal v2.4.3
tls.issuance.zerossl v2.4.3
tls.stek.distributed v2.4.3
tls.stek.standard v2.4.3

  Standard modules: 83

  Non-standard modules: 0

  Unknown modules: 0

Version:
v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=

2021/07/20 14:42:00.783 INFO    upgrade successful; please restart any running Caddy instances  {"executable": "/usr/local/bin/caddy"}
root@caddy:~ # service caddy restart
Stopping caddy... done
Starting caddy... done
Log: /var/log/caddy/caddy.log
root@caddy:~ # caddy version
v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=
root@caddy:~ #
2 Likes

Hey, @basil, you seem to know your way around FreeBSD, run it in production, and know your way around BSD jails. Do you think you can draft a Bastille template? I noticed a while ago they’re missing a jail template for Caddy but I don’t have the expertise nor the time to tinker with FreeBSD to craft one.

1 Like

@Mohammed90 From what I understand, Bastille is a jail/container manager for FreeBSD. I actually use TrueNAS CORE (formerly FreeNAS), which is a NAS appliance built on a FreeBSD base. iXsystems, the developers of TrueNAS, have adopted iocage as the jail/container manager for TrueNAS. There are some similarities between Bastille and iocage. For instance, iocage has a template feature as well.

I’m hoping this will be as simple as outlined below:

  1. Install Caddy in a jail as suggested in a previous post
  2. Installing Bastille inside (or possibly outside?) the Caddy jail
  3. Create a Bastille template for Caddy using the installed version of Caddy.

I’ll need to make some inquiries within the TrueNAS and possibly FreeBSD communities on the proposed approach first. I’ll probably need to have a chat with Christer Edwards, the creator of Bastille, as well on the templating side. I’ll let you know how I go. It may take me a week or two to make those inquiries and to wrap my head around this. No promises at this stage, but if all the ducks line up, I’ll be happy to chip in and help out.

EDIT: You can follow my TrueNAS community inquiry trail in this thread Bastille template for Caddy.

2 Likes

@Mohammed90 You are not going to believe this!

I sent Christer Edwards this communique a couple of hours ago:…

Hi Christer,

I’ve been asked by the Caddy folk to see if I can help out with creating a Bastille template for Caddy that I believe they would like to have considered for inclusion in the templates repository.

I have zero experience with Bastille, some exposure to FreeBSD, but quite a lot of exposure to TrueNAS, a NAS appliance built on FreeBSD. I’ve outlined an approach I thought might work, but I’m having my doubts now after reviewing the templates section of the Bastille documentation. Please refer to this TrueNAS community thread for details Bastille template for Caddy.

I’m hoping, after having a look at the TrueNAS and Caddy threads that I’ve linked to, that you can give me some pointers on how I should commence my journey with Bastillle and template creation, and the process I should follow to get to the point of submitting a template to you for review.

Regards,

Basil

An hour later, Christer responded with this…

Hi Basil,

Thank you for reaching out to me and I’m happy to help! I had some free time while I was winding down today so I threw together a Caddy template for you. Actually, one of your snippets in the Caddy community thread had about everything needed.

We’ve designed the templates to be (hopefully) intuitive. The syntax you’d use on the command-line is generally what you’d use in the Bastillefile template.

Disclaimer: I haven’t used TrueNAS very much and it’s been a few years since I used iocage. Having said that, if you have Bastille installed on the host system (I have seen them side-by-side before) you should be able to use the template(s) easily.

https://gitlab.com/bastillebsd-templates/caddy

Instructions are in the README for bootstrapping and applying the template.

I’ve tested in my homelab and updated the CI/CD pipelines to do validation as well. The results should reflect in the GitLab repo soon.

I hope this helps. If you have any more questions feel free to ask.

Cheers,
Christer

Thanks to Christer’s :gift:, Caddy is now included in the Bastille templates repository BastilleBSD-Templates · GitLab

4 Likes