1. Caddy version (caddy version
):
v2.3.0
2. How I run Caddy:
Typically run with a service
systemctl start caddy
a. System environment:
Ubuntu 18.04.5
systemd 237
b. Command:
systemctl start caddy
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
{
on_demand_tls {
ask https://fleetwire.io/custom-domain-check
}
}
www.fleetwire.io {
redir https://{host}{uri}
}
:80 {
# respond `*.fleetwire.com {host}`
# root * /var/www/fleetwire.io/current/public
redir https://fleetwire.io{uri}
header {
Access-Control-Allow-Origin *
Access-Control-Allow-Methods "GET, POST, PUT, PATCH, OPTIONS"
Strict-Transport-Security max-age=31536000
Referrer-Policy "no-referrer, strict-origin-when-cross-origin, no-referrer-when-downgrade"
X-Content-Type-Options nosniff
Access-Control-Allow-Headers "Origin, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Accept, Content-Type, X-Auth-Token, X-Requested-With"
X-GRE true
Server Avoca
}
}
:443 {
root * /var/www/fleetwire.io/current/public
# root * /var/www/fleetwire.io/releases/20210402231953/public
header {
Access-Control-Allow-Origin *
Access-Control-Allow-Methods "GET, POST, PUT, PATCH, OPTIONS"
Strict-Transport-Security max-age=31536000
Referrer-Policy "no-referrer, strict-origin-when-cross-origin, no-referrer-when-downgrade"
X-Content-Type-Options nosniff
Access-Control-Allow-Headers "Origin, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Accept, Content-Type, X-Auth-Token, X-Requested-With"
CustomDomainHost {host}
FWServe sub2
X-Real-IP {remote}
X-Forwarded-For {remote}
X-Self-Sub true
Server Avoca
}
header /images {
Cache-Control "public, max-age=31536000"
}
log {
output file /var/log/caddy/access2.log
format console
}
tls {
on_demand
}
encode gzip
php_fastcgi unix//run/php/php-fpm.sock {
resolve_root_symlink
}
file_server
}
https://fleetwire.io {
@cachedFiles {
path *.jpg *.jpeg *.png *.gif *.ico *.svg *.webp
}
root * /var/www/fleetwire.io/current/public
# root * /var/www/fleetwire.io/releases/20210402231953/public
header {
Access-Control-Allow-Origin *
Access-Control-Allow-Methods "GET, POST, PUT, PATCH, OPTIONS"
Strict-Transport-Security max-age=31536000
Referrer-Policy "no-referrer, strict-origin-when-cross-origin, no-referrer-when-downgrade"
X-Content-Type-Options nosniff
Access-Control-Allow-Headers "Origin, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Accept, Content-Type, X-Auth-Token, X-Requested-With"
CustomDomainHost {host}
FWServe main
X-Real-IP {remote}
X-Forwarded-For {remote}
X-Self-Sub false
Server Avoca
}
header @cachedFiles Cache-Control "public, max-age=31536001"
log {
output file /var/log/caddy/access2.log
format console
level error
}
encode gzip
php_fastcgi unix//run/php/php-fpm.sock {
resolve_root_symlink
}
file_server
}
3. The problem I’m having:
Out of nowhere yesterday, the browser was giving a 502… then after a caddy reload browser was giving a ERR_SSL_PROTOCOL_ERROR.
I would reload caddy service systemctl reload caddy
systemctl status caddy
would show its running. but still SSL error.
4. Error messages and/or full log output:
Here is the last several lines of journalctl -u caddy --no-pager | less
Apr 07 18:09:04 FW caddy[2051]: caddy.HomeDir=/var/lib/caddy
Apr 07 18:09:04 FW caddy[2051]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Apr 07 18:09:04 FW caddy[2051]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Apr 07 18:09:04 FW caddy[2051]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Apr 07 18:09:04 FW caddy[2051]: caddy.Version=v2.3.0
Apr 07 18:09:04 FW caddy[2051]: runtime.GOOS=linux
Apr 07 18:09:04 FW caddy[2051]: runtime.GOARCH=amd64
Apr 07 18:09:04 FW caddy[2051]: runtime.Compiler=gc
Apr 07 18:09:04 FW caddy[2051]: runtime.NumCPU=2
Apr 07 18:09:04 FW caddy[2051]: runtime.GOMAXPROCS=2
Apr 07 18:09:04 FW caddy[2051]: runtime.Version=go1.15.6
Apr 07 18:09:04 FW caddy[2051]: os.Getwd=/
Apr 07 18:09:04 FW caddy[2051]: LANG=C.UTF-8
Apr 07 18:09:04 FW caddy[2051]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Apr 07 18:09:04 FW caddy[2051]: HOME=/var/lib/caddy
Apr 07 18:09:04 FW caddy[2051]: LOGNAME=caddy
Apr 07 18:09:04 FW caddy[2051]: USER=caddy
Apr 07 18:09:04 FW caddy[2051]: INVOCATION_ID=550621e47f8a4d77a3e0f6c643b32223
Apr 07 18:09:04 FW caddy[2051]: JOURNAL_STREAM=9:23546
Apr 07 18:09:04 FW caddy[2051]: {"level":"info","ts":1617818944.4790885,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Apr 07 18:09:04 FW caddy[2051]: {"level":"info","ts":1617818944.4872315,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["127.0.0.1:2019","localhost:2019"
,"[::1]:2019"]}
Apr 07 18:09:04 FW caddy[2051]: {"level":"info","ts":1617818944.4884343,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv
0","https_port":443}
Apr 07 18:09:04 FW caddy[2051]: {"level":"info","ts":1617818944.488704,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Apr 07 18:09:04 FW caddy[2051]: {"level":"info","ts":1617818944.4889064,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http
_port":80}
Apr 07 18:09:04 FW caddy[2051]: {"level":"info","ts":1617818944.4893084,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002d6000"}
Apr 07 18:09:04 FW caddy[2051]: {"level":"warn","ts":1617818944.4897614,"logger":"http","msg":"user server is listening on same interface as automatic HTTP->HTTPS redirects; user-configured routes might override these
redirects","server_name":"srv1","interface":"tcp/:80"}
Apr 07 18:09:04 FW caddy[2051]: run: loading initial config: loading new config: http app module: start: tcp: listening on :443: listen tcp :443: bind: address already in use
Apr 07 18:09:04 FW systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Apr 07 18:09:04 FW systemd[1]: caddy.service: Failed with result 'exit-code'.
Apr 07 18:10:06 FW systemd[1]: Started Caddy.
Apr 07 18:10:06 FW caddy[2189]: caddy.HomeDir=/var/lib/caddy
Apr 07 18:10:06 FW caddy[2189]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Apr 07 18:10:06 FW caddy[2189]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Apr 07 18:10:06 FW caddy[2189]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Apr 07 18:10:06 FW caddy[2189]: caddy.Version=v2.3.0
Apr 07 18:10:06 FW caddy[2189]: runtime.GOOS=linux
Apr 07 18:10:06 FW caddy[2189]: runtime.GOARCH=amd64
Apr 07 18:10:06 FW caddy[2189]: runtime.Compiler=gc
Apr 07 18:10:06 FW caddy[2189]: runtime.NumCPU=2
Apr 07 18:10:06 FW caddy[2189]: runtime.GOMAXPROCS=2
Apr 07 18:10:06 FW caddy[2189]: runtime.Version=go1.15.6
Apr 07 18:10:06 FW caddy[2189]: os.Getwd=/
Apr 07 18:10:06 FW caddy[2189]: LANG=C.UTF-8
Apr 07 18:10:06 FW caddy[2189]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Apr 07 18:10:06 FW caddy[2189]: HOME=/var/lib/caddy
Apr 07 18:10:06 FW caddy[2189]: LOGNAME=caddy
Apr 07 18:10:06 FW caddy[2189]: USER=caddy
Apr 07 18:10:06 FW caddy[2189]: INVOCATION_ID=43c2ac49f80843fcaac1b468d812b29b
Apr 07 18:10:06 FW caddy[2189]: JOURNAL_STREAM=9:26091
Apr 07 18:10:06 FW caddy[2189]: {"level":"info","ts":1617819006.867895,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Apr 07 18:10:06 FW caddy[2189]: {"level":"info","ts":1617819006.873816,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127
.0.0.1:2019"]}
Apr 07 18:10:06 FW caddy[2189]: {"level":"info","ts":1617819006.8747046,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv
0","https_port":443}
Apr 07 18:10:06 FW caddy[2189]: {"level":"info","ts":1617819006.874772,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Apr 07 18:10:06 FW caddy[2189]: {"level":"info","ts":1617819006.8747876,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http
_port":80}
Apr 07 18:10:06 FW caddy[2189]: {"level":"warn","ts":1617819006.8748279,"logger":"http","msg":"user server is listening on same interface as automatic HTTP->HTTPS redirects; user-configured routes might override these
redirects","server_name":"srv1","interface":"tcp/:80"}
Apr 07 18:10:06 FW caddy[2189]: {"level":"info","ts":1617819006.8776834,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000300230"}
Apr 07 18:10:06 FW caddy[2189]: {"level":"info","ts":1617819006.8783784,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["www.fleetwire.io","fleetwire.io"]}
Apr 07 18:10:06 FW caddy[2189]: {"level":"info","ts":1617819006.8787916,"logger":"tls","msg":"cleaned up storage units"}
Apr 07 18:10:06 FW caddy[2189]: {"level":"info","ts":1617819006.8820753,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Apr 07 18:10:06 FW caddy[2189]: {"level":"info","ts":1617819006.882483,"msg":"serving initial configuration"}
Apr 07 18:24:48 FW systemd[1]: Reloading Caddy.
Apr 07 18:24:48 FW caddy[1693]: {"level":"info","ts":1617819888.397296,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Apr 07 18:24:48 FW caddy[2189]: {"level":"info","ts":1617819888.4031405,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:59088","headers":{"Ac
cept-Encoding":["gzip"],"Content-Length":["4983"],"Content-Type":["application/json"],"Origin":["localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Apr 07 18:24:48 FW caddy[2189]: {"level":"info","ts":1617819888.4061742,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","12
7.0.0.1:2019"]}
Apr 07 18:24:48 FW caddy[2189]: {"level":"info","ts":1617819888.407006,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000300d90"}
Apr 07 18:24:48 FW caddy[2189]: {"level":"info","ts":1617819888.4070225,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv
0","https_port":443}
Apr 07 18:24:48 FW caddy[2189]: {"level":"info","ts":1617819888.4075787,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Apr 07 18:24:48 FW caddy[2189]: {"level":"info","ts":1617819888.4078357,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http
_port":80}
Apr 07 18:24:48 FW caddy[2189]: {"level":"warn","ts":1617819888.408104,"logger":"http","msg":"user server is listening on same interface as automatic HTTP->HTTPS redirects; user-configured routes might override these r
edirects","server_name":"srv1","interface":"tcp/:80"}
Apr 07 18:24:48 FW caddy[2189]: {"level":"info","ts":1617819888.410428,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["www.fleetwire.io","fleetwire.io"]}
Apr 07 18:24:49 FW caddy[2189]: {"level":"info","ts":1617819889.4110723,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc000300230"}
Apr 07 18:24:49 FW caddy[2189]: {"level":"info","ts":1617819889.4123678,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Apr 07 18:24:49 FW caddy[2189]: {"level":"info","ts":1617819889.412397,"logger":"admin.api","msg":"load complete"}
Apr 07 18:24:49 FW systemd[1]: Reloaded Caddy.
Apr 07 18:24:49 FW caddy[2189]: {"level":"info","ts":1617819889.9067647,"logger":"admin","msg":"stopped previous server"}
Apr 07 18:25:57 FW systemd[1]: Reloading Caddy.
Apr 07 18:25:57 FW caddy[1854]: {"level":"info","ts":1617819957.8305073,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Apr 07 18:25:57 FW caddy[2189]: {"level":"info","ts":1617819957.836819,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:59116","headers":{"Acc
ept-Encoding":["gzip"],"Content-Length":["5032"],"Content-Type":["application/json"],"Origin":["localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Apr 07 18:25:57 FW caddy[2189]: {"level":"info","ts":1617819957.838862,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127
.0.0.1:2019"]}
Apr 07 18:25:57 FW caddy[2189]: {"level":"info","ts":1617819957.8394814,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv
0","https_port":443}
Apr 07 18:25:57 FW caddy[2189]: {"level":"info","ts":1617819957.8397255,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Apr 07 18:25:57 FW caddy[2189]: {"level":"info","ts":1617819957.8399162,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http
_port":80}
Apr 07 18:25:57 FW caddy[2189]: {"level":"warn","ts":1617819957.840123,"logger":"http","msg":"user server is listening on same interface as automatic HTTP->HTTPS redirects; user-configured routes might override these r
edirects","server_name":"srv1","interface":"tcp/:80"}
Apr 07 18:25:57 FW caddy[2189]: {"level":"info","ts":1617819957.8405902,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000300a80"}
Apr 07 18:25:57 FW caddy[2189]: {"level":"info","ts":1617819957.8418517,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["www.fleetwire.io","fleetwire.io"]}
Apr 07 18:25:58 FW caddy[2189]: {"level":"info","ts":1617819958.8423522,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc000300d90"}
Apr 07 18:25:58 FW caddy[2189]: {"level":"info","ts":1617819958.8426676,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Apr 07 18:25:58 FW caddy[2189]: {"level":"info","ts":1617819958.8427114,"logger":"admin.api","msg":"load complete"}
Apr 07 18:25:58 FW systemd[1]: Reloaded Caddy.
Apr 07 18:25:59 FW caddy[2189]: {"level":"info","ts":1617819959.3392932,"logger":"admin","msg":"stopped previous server"}
Apr 07 18:27:14 FW systemd[1]: Reloading Caddy.
Apr 07 18:27:14 FW caddy[1962]: {"level":"info","ts":1617820034.9846587,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Apr 07 18:27:14 FW caddy[2189]: {"level":"info","ts":1617820034.9891536,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:59144","headers":{"Ac
cept-Encoding":["gzip"],"Content-Length":["5064"],"Content-Type":["application/json"],"Origin":["localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Apr 07 18:27:14 FW caddy[2189]: {"level":"info","ts":1617820034.9905572,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","12
7.0.0.1:2019"]}
Apr 07 18:27:14 FW caddy[2189]: {"level":"info","ts":1617820034.9909117,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv
0","https_port":443}
Apr 07 18:27:14 FW caddy[2189]: {"level":"info","ts":1617820034.9909406,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Apr 07 18:27:14 FW caddy[2189]: {"level":"info","ts":1617820034.9909523,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http
_port":80}
Apr 07 18:27:14 FW caddy[2189]: {"level":"warn","ts":1617820034.99098,"logger":"http","msg":"user server is listening on same interface as automatic HTTP->HTTPS redirects; user-configured routes might override these re
directs","server_name":"srv1","interface":"tcp/:80"}
Apr 07 18:27:14 FW caddy[2189]: {"level":"info","ts":1617820034.9913468,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000300d90"}
Apr 07 18:27:14 FW caddy[2189]: {"level":"info","ts":1617820034.9923973,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["www.fleetwire.io","fleetwire.io"]}
Apr 07 18:27:15 FW caddy[2189]: {"level":"info","ts":1617820035.992729,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc000300a80"}
Apr 07 18:27:15 FW caddy[2189]: {"level":"info","ts":1617820035.9938047,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Apr 07 18:27:15 FW caddy[2189]: {"level":"info","ts":1617820035.9940188,"logger":"admin.api","msg":"load complete"}
Apr 07 18:27:16 FW systemd[1]: Reloaded Caddy.
Apr 07 18:27:16 FW caddy[2189]: {"level":"info","ts":1617820036.4911058,"logger":"admin","msg":"stopped previous server"}
Apr 07 18:32:37 FW systemd[1]: Reloading Caddy.
Apr 07 18:32:37 FW caddy[2257]: {"level":"info","ts":1617820357.485482,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Apr 07 18:32:37 FW caddy[2189]: {"level":"info","ts":1617820357.4923513,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:59242","headers":{"Ac
cept-Encoding":["gzip"],"Content-Length":["5064"],"Content-Type":["application/json"],"Origin":["localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Apr 07 18:32:37 FW caddy[2189]: {"level":"info","ts":1617820357.4936342,"logger":"admin.api","msg":"config is unchanged"}
Apr 07 18:32:37 FW caddy[2189]: {"level":"info","ts":1617820357.4936569,"logger":"admin.api","msg":"load complete"}
Apr 07 18:32:37 FW systemd[1]: Reloaded Caddy.
Apr 07 18:42:27 FW systemd[1]: Stopping Caddy...
Apr 07 18:42:27 FW caddy[2189]: {"level":"info","ts":1617820947.428719,"msg":"shutting down apps then terminating","signal":"SIGTERM"}
Apr 07 18:42:28 FW caddy[2189]: {"level":"info","ts":1617820948.42929,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc000300d90"}
Apr 07 18:42:28 FW caddy[2189]: {"level":"info","ts":1617820948.929691,"logger":"admin","msg":"stopped previous server"}
Apr 07 18:42:28 FW caddy[2189]: {"level":"info","ts":1617820948.9297621,"msg":"shutdown done","signal":"SIGTERM"}
Apr 07 18:42:28 FW systemd[1]: Stopped Caddy.
(END)
5. What I already tried:
I had to kill the caddy service process:
netstat -tulpn | grep 2019
sudo kill -9 PID
Then run caddy run
After killing the caddy service process and cd /etc/caddy && caddy run
the site is back up. The site it currently running this was I was afraid to touch it without some guidance.
The logs do show port 2019 already in use but I did end up killing the process and trying again.