1. Caddy version (caddy version):
on local, docker. Now I am doing the migartion to AWS ECS, and I’m facing an issue with php
2. How I run Caddy:
a. System environment:
Docker with linux alpine and my machine is Windows 11 on local
linux containers on AWS ECS
b. Command:
Caddy runs automatically, this is because I am using a boilerplate from github. I trust that this is not my issue
c. Service/unit/compose file:
This is my docker-compose file (runs correctly on local environment)
version: "3.4"
services:
php:
build:
context: .
target: symfony_php
args:
SYMFONY_VERSION: ${SYMFONY_VERSION:-}
SKELETON: ${SKELETON:-symfony/skeleton}
STABILITY: ${STABILITY:-stable}
restart: unless-stopped
volumes:
- php_socket:/var/run/php
healthcheck:
interval: 10s
timeout: 3s
retries: 3
start_period: 30s
environment:
# Run "composer require symfony/orm-pack" to install and configure Doctrine ORM
DATABASE_URL: postgresql://${POSTGRES_USER:-symfony}:${POSTGRES_PASSWORD:-ChangeMe}@database:5432/${POSTGRES_DB:-app}?serverVersion=${POSTGRES_VERSION:-13}
# Run "composer require symfony/mercure-bundle" to install and configure the Mercure integration
MERCURE_URL: ${CADDY_MERCURE_URL:-http://caddy/.well-known/mercure}
MERCURE_PUBLIC_URL: https://${SERVER_NAME:-localhost}/.well-known/mercure
MERCURE_JWT_SECRET: ${CADDY_MERCURE_JWT_SECRET:-!ChangeMe!}
caddy:
build:
context: .
target: symfony_caddy
depends_on:
- php
environment:
SERVER_NAME: ${SERVER_NAME:-localhost, caddy:80}
MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeMe!}
MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeMe!}
restart: unless-stopped
volumes:
- php_socket:/var/run/php
- caddy_data:/data
- caddy_config:/config
ports:
# HTTP
- target: 80
published: ${HTTP_PORT:-80}
protocol: tcp
# HTTPS
- target: 443
published: ${HTTPS_PORT:-443}
protocol: tcp
# HTTP/3
- target: 443
published: ${HTTP3_PORT:-443}
protocol: udp
# Mercure is installed as a Caddy module, prevent the Flex recipe from installing another service
###> symfony/mercure-bundle ###
###< symfony/mercure-bundle ###
###> doctrine/doctrine-bundle ###
database:
image: postgres:${POSTGRES_VERSION:-13}-alpine
ports:
- "5432:5432"
environment:
POSTGRES_DB: ${POSTGRES_DB:-app}
# You should definitely change the password in production
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-ChangeMe}
POSTGRES_USER: ${POSTGRES_USER:-symfony}
volumes:
- db-data:/var/lib/postgresql/data:rw
# You may use a bind-mounted host directory instead, so that it is harder to accidentally remove the volume and lose all your data!
# - ./docker/db/data:/var/lib/postgresql/data:rw
###< doctrine/doctrine-bundle ###
volumes:
php_socket:
caddy_data:
caddy_config:
###> symfony/mercure-bundle ###
###< symfony/mercure-bundle ###
###> doctrine/doctrine-bundle ###
db-data:
###< doctrine/doctrine-bundle ###
and here is the task definition on ECS
{
"taskDefinitionArn": "arn:aws:ecs:eu-west-1:AWS_ACCOUNT_ID:task-definition/prototype-TF:8",
"containerDefinitions": [
{
"name": "database",
"image": "AWS_ACCOUNT_ID.dkr.ecr.eu-west-1.amazonaws.com/prototype/postgres",
"cpu": 0,
"links": [],
"portMappings": [
{
"containerPort": 5432,
"hostPort": 5432,
"protocol": "tcp"
}
],
"essential": true,
"entryPoint": [],
"command": [],
"environment": [
{
"name": "POSTGRES_USER",
"value": "symfony"
},
{
"name": "POSTGRES_PASSWORD",
"value": "ChangeMe"
},
{
"name": "POSTGRES_DB",
"value": "app"
}
],
"environmentFiles": [],
"mountPoints": [],
"volumesFrom": [],
"secrets": [],
"dnsServers": [],
"dnsSearchDomains": [],
"extraHosts": [],
"dockerSecurityOptions": [],
"dockerLabels": {},
"ulimits": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/prototype-TF",
"awslogs-region": "eu-west-1",
"awslogs-stream-prefix": "ecs"
},
"secretOptions": []
},
"systemControls": []
},
{
"name": "php",
"image": "AWS_ACCOUNT_ID.dkr.ecr.eu-west-1.amazonaws.com/prototype/perlo_php",
"cpu": 0,
"links": [],
"portMappings": [],
"essential": true,
"entryPoint": [],
"command": [],
"environment": [
{
"name": "MERCURE_URL",
"value": "http://caddy/.well-known/mercure"
},
{
"name": "MERCURE_JWT_SECRET",
"value": "!ChangeMe!"
},
{
"name": "DATABASE_URL",
"value": "postgresql://symfony:ChangeMe@localhost:5432/app?serverVersion=13"
},
{
"name": "MERCURE_PUBLIC_URL",
"value": "http://localhost/.well-known/mercure"
}
],
"environmentFiles": [],
"mountPoints": [],
"volumesFrom": [],
"secrets": [],
"dnsServers": [],
"dnsSearchDomains": [],
"extraHosts": [],
"dockerSecurityOptions": [],
"dockerLabels": {},
"ulimits": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/prototype-TF",
"awslogs-region": "eu-west-1",
"awslogs-stream-prefix": "ecs"
},
"secretOptions": []
},
"systemControls": []
},
{
"name": "caddy",
"image": "AWS_ACCOUNT_ID.dkr.ecr.eu-west-1.amazonaws.com/prototype/perlo_caddy",
"cpu": 0,
"links": [],
"portMappings": [
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
},
{
"containerPort": 443,
"hostPort": 443,
"protocol": "tcp"
},
{
"containerPort": 443,
"hostPort": 443,
"protocol": "udp"
}
],
"essential": true,
"entryPoint": [],
"command": [],
"environment": [
{
"name": "MERCURE_SUBSCRIBER_JWT_KEY",
"value": "!ChangeMe!"
},
{
"name": "SERVER_NAME",
"value": "https://ecs.staging.perlosoftware.com"
},
{
"name": "MERCURE_PUBLISHER_JWT_KEY",
"value": "!ChangeMe!"
}
],
"environmentFiles": [],
"mountPoints": [],
"volumesFrom": [],
"secrets": [],
"dnsServers": [],
"dnsSearchDomains": [],
"extraHosts": [],
"dockerSecurityOptions": [],
"dockerLabels": {},
"ulimits": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/prototype-TF",
"awslogs-region": "eu-west-1",
"awslogs-stream-prefix": "ecs"
},
"secretOptions": []
},
"systemControls": []
}
],
"family": "prototype-TF",
"executionRoleArn": "arn:aws:iam::AWS_ACCOUNT_ID:role/ecsTaskExecutionRole",
"networkMode": "awsvpc",
"revision": 8,
"volumes": [],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "ecs.capability.execution-role-awslogs"
},
{
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
},
{
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "ecs.capability.task-eni"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2",
"FARGATE"
],
"runtimePlatform": {
"cpuArchitecture": "X86_64",
"operatingSystemFamily": "LINUX"
},
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "1024",
"memory": "3072",
"registeredAt": "2022-05-23T10:54:24.604Z",
"registeredBy": "arn:aws:iam::AWS_ACCOUNT_ID:user/AWS_ACCOUNT_NAME",
"tags": [
{
"key": "ecs:taskDefinition:createdFrom",
"value": "ecs-console-v2"
},
{
"key": "ecs:taskDefinition:stackId",
"value": "arn:aws:cloudformation:eu-west-1:AWS_ACCOUNT_ID:stack/ECS-Console-V2-TaskDefinition-10d89988-fc37-41da-8006-46e2d6288f75/b200ea40-da86-11ec-ab5b-0672fc179563"
}
]
}
d. My complete Caddyfile or JSON config:
{
# Debug
{$DEBUG}
# HTTP/3 support
servers {
protocol {
experimental_http3
}
}
}
{$SERVER_NAME}
log
route {
root * /srv/app/public
mercure {
# Transport to use (default to Bolt)
transport_url {$MERCURE_TRANSPORT_URL:bolt:///data/mercure.db}
# Publisher JWT key
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
# Subscriber JWT key
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
# Allow anonymous subscribers (double-check that it's what you want)
anonymous
# Enable the subscription API (double-check that it's what you want)
subscriptions
# Extra directives
{$MERCURE_EXTRA_DIRECTIVES}
}
vulcain
push
php_fastcgi unix//var/run/php/php-fpm.sock
encode zstd gzip
file_server
}
3. The problem I’m having:
while hosted on ECS, the caddy server throws this error when I try to open it via the domain name
dialing backend: dial unix /var/run/php/php-fpm.sock: connect: no such file or directory
the caddy container is not even reaching the php container, as the logs of the php container state that fpm is running and ready to handle connections.
4. Error messages and/or full log output:
{
"level": "error",
"ts": 1653305339.3780262,
"logger": "http.log.error",
"msg": "dialing backend: dial unix /var/run/php/php-fpm.sock: connect: no such file or directory",
"request": {
"remote_ip": "178.135.8.139",
"remote_port": "1417",
"proto": "HTTP/2.0",
"method": "GET",
"host": "ecs.staging.perlosoftware.com",
"uri": "/",
"headers": {
"Sec-Fetch-User": [
"?1"
],
"Pragma": [
"no-cache"
],
"Sec-Ch-Ua-Platform": [
"\"Windows\""
],
"Sec-Fetch-Mode": [
"navigate"
],
"Sec-Fetch-Dest": [
"document"
],
"Accept-Encoding": [
"gzip, deflate, br"
],
"Accept-Language": [
"en-US,en;q=0.9"
],
"Cache-Control": [
"no-cache"
],
"Sec-Ch-Ua": [
"\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"101\", \"Google Chrome\";v=\"101\""
],
"User-Agent": [
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36"
],
"Sec-Ch-Ua-Mobile": [
"?0"
],
"Accept": [
"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
],
"Sec-Fetch-Site": [
"none"
],
"Upgrade-Insecure-Requests": [
"1"
]
},
"tls": {
"resumed": false,
"version": 772,
"cipher_suite": 4865,
"proto": "h2",
"server_name": "ecs.staging.perlosoftware.com"
}
},
"duration": 0.00029972,
"status": 502,
"err_id": "bt2jnizb4",
"err_trace": "reverseproxy.statusError (reverseproxy.go:1196)"
}
{
"level": "error",
"ts": 1653305339.3780568,
"logger": "http.log.access",
"msg": "handled request",
"request": {
"remote_ip": "178.135.8.139",
"remote_port": "1417",
"proto": "HTTP/2.0",
"method": "GET",
"host": "ecs.staging.perlosoftware.com",
"uri": "/",
"headers": {
"Cache-Control": [
"no-cache"
],
"Sec-Ch-Ua": [
"\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"101\", \"Google Chrome\";v=\"101\""
],
"User-Agent": [
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36"
],
"Sec-Fetch-Dest": [
"document"
],
"Accept-Encoding": [
"gzip, deflate, br"
],
"Accept-Language": [
"en-US,en;q=0.9"
],
"Sec-Ch-Ua-Mobile": [
"?0"
],
"Accept": [
"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
],
"Sec-Fetch-Site": [
"none"
],
"Upgrade-Insecure-Requests": [
"1"
],
"Pragma": [
"no-cache"
],
"Sec-Ch-Ua-Platform": [
"\"Windows\""
],
"Sec-Fetch-Mode": [
"navigate"
],
"Sec-Fetch-User": [
"?1"
]
},
"tls": {
"resumed": false,
"version": 772,
"cipher_suite": 4865,
"proto": "h2",
"server_name": "ecs.staging.perlosoftware.com"
}
},
"user_id": "",
"duration": 0.00029972,
"size": 0,
"status": 502,
"resp_headers": {
"Server": [
"Caddy"
],
"Alt-Svc": [
"h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000"
]
}
}
5. What I already tried:
In the third to last line of the caddy file, I tried changing php_fastcgi unix//var/run/php/php-fpm.sock
to another directory, but I was unsure what to change it to, or if that is the root of the issue.