I’m trying to test Caddy as a replacement for nginx on a Debian 9 (stretch) system. I’ve followed the instructions at https://github.com/caddyserver/caddy/tree/master/dist/init/linux-systemd up to a prick, /etc/caddy/Caddyfile is -rw-r--r-- 1 root root, cadyy runs as user www-data (well, should run, but should be no problem, because nginx runs successful as www-data).
Despite all this, starting the service fails with the error message:
loading Caddyfile via flag: open /etc/caddy/Caddyfile: permission denied
Ironically, running caddy from the command line works fine. I’ve tried to chown the Caddyfile to user www-data, and even setting it to 666, but it’s always the same.
What could I try to change for letting the caddy.service work?
If it’s working on the command line with the right permissions, but systemd has decided that it doesn’t like it… Well. I’ve personally done as much as I can to avoid using systemd.
I figure it probably has something to do with this section:
Seems to be focused on restricting access. Could try commenting ProtectSystem, maybe.
Outside of that, and assuming we don’t have any systemd gurus pop in on this thread, you might have better luck on a systemd-specific forum somewhere.
@Whitestrake, thanks for your answer and the welcome!
I’m not insisting on systemd, I followed the description an GitHub because I thought this would be the ‘official’ way to get caddy up and running. I saw that the nginx on my server doesn’t use systemd, but has a simple (OK, not so simple … ) start/stop script in /etc/init.d/. Do you (or someone else) have a working script you could show me – I assume your not really starting caddy from the command line manually …
I commented out all the “Private” and “Protect” related lines and skipped the “log” and “root” arguments from the start line, but to no avail.
OK, now I detected that there is a SysVinit file at https://github.com/caddyserver/caddy/tree/master/dist/init/linux-sysvinit (looks very similar to my working nginx script). I downloaded it, but now it’s getting more complicated: when I do service caddy start the script seemingly runs successful, and I get the syslog message
systemd[1]: Starting LSB: starts the caddy web server...
caddy[6262]: Starting caddy
but the server is not running anyway. service caddy status yields exited. Again, on the command line, Caddy starts flawlessly.
Turned out, the problem was a simple misconfiguration of directory /etc/caddy. I don’t know why, but it was drwx------ 2 root www-data, not drwxr-xr-x 2 root root, as all the other directories in /etc.
Now I don’t know why this has to be so, but with those permissions Caddy runs perfectly with systemd and the caddy.service file on GitHub. Many thanks to @aspeteRakete, which apparently set up the instructions there. I propose to add sudo chmod 755 /etc/caddyafter sudo chown -R root:root /etc/caddy.