1. Caddy version (caddy version
):
v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=
2. How I run Caddy:
a. System environment:
.-/+oossssoo+/-. aidan@Yamato
`:+ssssssssssssssssss+:` ------------
-+ssssssssssssssssssyyssss+- OS: Ubuntu 21.10 x86_64
.ossssssssssssssssssdMMMNysssso. Host: OptiPlex 790 01
/ssssssssssshdmmNNmmyNMMMMhssssss/ Kernel: 5.13.0-52-generic
+ssssssssshmydMMMMMMMNddddyssssssss+ Uptime: 18 mins
/sssssssshNMMMyhhyyyyhmNMMMNhssssssss/ Packages: 3131 (dpkg), 11 (snap)
.ssssssssdMMMNhsssssssssshNMMMdssssssss. Shell: bash 5.1.8
+sssshhhyNMMNyssssssssssssyNMMMysssssss+ Resolution: 6000x1440
ossyNMMMNyMMhsssssssssssssshmmmhssssssso Theme: Adwaita [GTK3]
ossyNMMMNyMMhsssssssssssssshmmmhssssssso Icons: Adwaita [GTK3]
+sssshhhyNMMNyssssssssssssyNMMMysssssss+ Terminal: /dev/pts/0
.ssssssssdMMMNhsssssssssshNMMMdssssssss. CPU: Intel i7-2600 (8) @ 3.800GHz
/sssssssshNMMMyhhyyyyhdNMMMNhssssssss/ GPU: Intel 2nd Generation Core Processor Family
+sssssssssdmydMMMMMMMMddddyssssssss+ Memory: 2371MiB / 7829MiB
/ssssssssssshdmNNNNmyNMMMMhssssss/
.ossssssssssssssssssdMMMNysssso.
-+sssssssssssssssssyyyssss+-
`:+ssssssssssssssssss+:`
.-/+oossssoo+/-.
b. Command:
systemctl start caddy
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
{
debug
}
(default) {
root * /usr/share/caddy/public_html
@php path /tt-rss/* /minecraft/solder/* /launcher-update/* #/rss-bridge/* /heimdall/*
php_fastcgi @php unix//run/php/php7.4-fpm.sock
#@heimdall_try {
# file {
# try_files /heimdall/public/* /heimdall/public/index.php
# }
#}
#rewrite @heimdall_try /heimdall/public/*
#try_files /heimdall/* /heimdall/public/index.php
#try_files /heimdall/public /heimdall/public/index.php
#try_files /heimdall/public/* /heimdall/public/index.php
file_server
}
(php) {
php_fastcgi unix//run/php/php8.0-fpm.sock
}
(tt-rss) {
root * /usr/share/caddy/tt-rss
import php
file_server
}
(heimdall) {
root * /usr/share/caddy/heimdall/public
import php
file_server
}
server.theundarkpixel.com { # http://localhost, , http://192.168.1.34
import heimdall
}
http://192.168.1.34 {
# tls internal
#import default
#handle_path /wallpapers/* {
# #root * /mnt/storage/aidan/Wallpapers/
# root * /usr/share/caddy/public_html
# import php
# file_server
#}
import heimdall
}
:6587 {
root * /mnt/storage/aidan/Wallpapers
import php
#uri replace feed feed.php
try_files {path} /index.php
file_server #browse
}
:8785 {
root * /usr/share/caddy/vault
}
ttrss.server.theundarkpixel.com { # , http://192.168.1.34
import tt-rss
}
minecraftplus.server.theundarkpixel.com :7780 { # , http://192.168.1.34
root * /usr/share/caddy/minecraftplus
@wasm {
path *.wasm
}
header @wasm Content-Type application/wasm
file_server
}
wrapped.server.theundarkpixel.com :8782 {
root * /usr/share/caddy/plex-wrapped
import php
file_server
}
nextcloud.server.theundarkpixel.com :7867 {
root * /usr/share/caddy/nextcloud
file_server
import php
header {
#enable HSTS
Strict-Transport-Security max-age=31536000;
}
#tls internal {
# on_demand
#}
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
respond @forbidden 404
}
http://192.168.1.34:8482 {
# tls internal
import tt-rss
}
hass.server.theundarkpixel.com {
reverse_proxy localhost:8123 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
header_up X-Forwarded-For {http.request.remote}
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-Proto {http.request.scheme}
}
}
wallpapergarden.server.theundarkpixel.com {
reverse_proxy localhost:8771 {
header_up Public true
}
}
plex.server.theundarkpixel.com {
reverse_proxy localhost:32400
}
tautulli.server.theundarkpixel.com {
reverse_proxy localhost:8181
}
friesandaioli.server.theundarkpixel.com {
reverse_proxy localhost:2368
}
pterodactyl.server.theundarkpixel.com :8084 {
root * /usr/share/caddy/pterodactyl/public
header {
X-Content-Type-Options nosniff
X-XSS-Protection "1; mode=block"
X-Robots-Tag none
Content-Security-Policy "frame-ancestors 'self'"
X-Frame-Options DENY
Referrer-Policy same-origin
}
@htFiles {
path_regexp /\.ht
}
respond @htFiles 403
import php
file_server
}
wings.server.theundarkpixel.com {
reverse_proxy localhost:8087 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote}
header_up X-Forwarded-For {http.request.remote}
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-Proto {http.request.scheme}
}
}
:4945 {
root * /usr/share/caddy/esivywp
import php
file_server browse
}
prometheus.theundarkpixel.com {
reverse_proxy 192.168.1.70
}
#plex.prometheus.theundarkpixel.com {
# reverse_proxy 192.168.1.70:32400
#}
tautulli.prometheus.theundarkpixel.com {
reverse_proxy 192.168.1.70:8181
}
nextcloud.prometheus.theundarkpixel.com {
reverse_proxy 192.168.1.70:7867
}
http://photoprism.prometheus.theundarkpixel.com {
reverse_proxy 192.168.1.70:2342
}
#librephotos.server.theundarkpixel.com
#:7680 {
# reverse_proxy :7680
# reverse_proxy * :7682 {
# header_up Host {http.request.host}
# }
# @api path /api/* /media/*
# reverse_proxy @api :7681 {
# header_up Host backend
# header_up X-Real-IP {http.request.remote}
# }
# @protected_media {
# remote_ip 127.0.0.1
# path /protected_media*
# }
# file_server @protected_media {
# root /var/lib/librephotos/
# }
# @original {
# remote_ip 127.0.0.1
# path /original*
# }
# handle @original {
# uri strip_prefix /original
# file_server {
# root /var/lib/librephotos/data/
# }
# }
# @nextcloud_original {
# remote_ip 127.0.0.1
# path /nextcloud_original*
# }
# handle @nextcloud_original {
# uri strip_prefix /nextcloud_original
# file_server {
# root /var/lib/librephotos/data/nextcloud_media/
# }
# }
#}
#git {
# path launcher-update
# repo http://25.4.88.33:3000/Minecraft/Launcher.git
# branch update-site
#}
#git {
# path launcher-extras
# repo http://25.4.88.33:3000/Minecraft/Launcher.git
# branch extras
#}
#browse /launcher-extras
#fastcgi / /var/run/php/php7.0-fpm.sock {
# ext .php
# split .php
# #index index.php
#}
# errors /home/caddy/errorlog.log
3. The problem I’m having:
I went through the manual upgrade process for Pterdactyl Panel and afterwards I haven’t been able to get any of my PHP pages to load.
$ curl -v https://pterodactyl.server.theundarkpixel.com
* Trying 72.179.21.5:443...
* Connected to pterodactyl.server.theundarkpixel.com (72.179.21.5) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=pterodactyl.server.theundarkpixel.com
* start date: May 30 01:40:59 2022 GMT
* expire date: Aug 28 01:40:58 2022 GMT
* subjectAltName: host "pterodactyl.server.theundarkpixel.com" matched cert's "pterodactyl.server.theundarkpixel.com"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x56248de4a510)
> GET / HTTP/2
> Host: pterodactyl.server.theundarkpixel.com
> user-agent: curl/7.74.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 500
< content-security-policy: frame-ancestors 'self'
< content-type: text/html; charset=UTF-8
< referrer-policy: same-origin
< server: Caddy
< status: 500 Internal Server Error
< x-content-type-options: nosniff
< x-frame-options: DENY
< x-robots-tag: none
< x-xss-protection: 1; mode=block
< content-length: 0
< date: Tue, 28 Jun 2022 17:31:27 GMT
<
* Connection #0 to host pterodactyl.server.theundarkpixel.com left intact
4. Error messages and/or full log output:
2022/06/28 17:34:35.602 DEBUG tls.handshake choosing certificate {"identifier": "pterodactyl.server.theundarkpixel.com", "num_choices": 1}
2022/06/28 17:34:35.602 DEBUG tls.handshake default certificate selection results {"identifier": "pterodactyl.server.theundarkpixel.com", "subjects": ["pterodactyl.server.theundarkpixel.com"], "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "17c9bb5982c823ff2c2cba4182766d36eac443b876678db4ae0490b7c254d4b7"}
2022/06/28 17:34:35.602 DEBUG tls.handshake matched certificate in cache {"subjects": ["pterodactyl.server.theundarkpixel.com"], "managed": true, "expiration": "2022/09/26 16:00:40.000", "hash": "17c9bb5982c823ff2c2cba4182766d36eac443b876678db4ae0490b7c254d4b7"}
2022/06/28 17:34:35.605 DEBUG http.handlers.rewrite rewrote request {"request": {"remote_ip": "72.179.21.5", "remote_port": "55890", "proto": "HTTP/2.0", "method": "GET", "host": "pterodactyl.server.theundarkpixel.com", "uri": "/", "headers": {"User-Agent": ["curl/7.74.0"], "Accept": ["*/*"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "pterodactyl.server.theundarkpixel.com"}}, "method": "GET", "uri": "/index.php"}
2022/06/28 17:34:35.605 DEBUG http.handlers.reverse_proxy selected upstream {"dial": "/run/php/php8.0-fpm.sock", "total_upstreams": 1}
2022/06/28 17:34:35.605 DEBUG http.reverse_proxy.transport.fastcgi roundtrip {"request": {"remote_ip": "72.179.21.5", "remote_port": "55890", "proto": "HTTP/2.0", "method": "GET", "host": "pterodactyl.server.theundarkpixel.com", "uri": "/index.php", "headers": {"Accept": ["*/*"], "X-Forwarded-For": ["72.179.21.5"], "X-Forwarded-Proto": ["https"], "X-Forwarded-Host": ["pterodactyl.server.theundarkpixel.com"], "User-Agent": ["curl/7.74.0"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "pterodactyl.server.theundarkpixel.com"}}, "dial": "/run/php/php8.0-fpm.sock", "env": {"REQUEST_SCHEME": "https", "DOCUMENT_URI": "/index.php", "AUTH_TYPE": "", "SCRIPT_FILENAME": "/usr/share/caddy/pterodactyl/public/index.php", "HTTPS": "on", "SSL_PROTOCOL": "TLSv1.3", "HTTP_ACCEPT": "*/*", "SERVER_NAME": "pterodactyl.server.theundarkpixel.com", "SCRIPT_NAME": "/index.php", "HTTP_X_FORWARDED_HOST": "pterodactyl.server.theundarkpixel.com", "REMOTE_IDENT": "", "PATH_INFO": "", "REMOTE_HOST": "72.179.21.5", "SERVER_PROTOCOL": "HTTP/2.0", "HTTP_X_FORWARDED_FOR": "72.179.21.5", "HTTP_X_FORWARDED_PROTO": "https", "CONTENT_LENGTH": "", "REMOTE_USER": "", "REQUEST_METHOD": "GET", "SERVER_SOFTWARE": "Caddy/v2.5.1", "SSL_CIPHER": "TLS_AES_128_GCM_SHA256", "GATEWAY_INTERFACE": "CGI/1.1", "REQUEST_URI": "/", "SERVER_PORT": "443", "DOCUMENT_ROOT": "/usr/share/caddy/pterodactyl/public", "QUERY_STRING": "", "REMOTE_ADDR": "72.179.21.5", "REMOTE_PORT": "55890", "HTTP_USER_AGENT": "curl/7.74.0", "CONTENT_TYPE": "", "HTTP_HOST": "pterodactyl.server.theundarkpixel.com"}}
2022/06/28 17:34:35.660 DEBUG http.handlers.reverse_proxy upstream roundtrip {"upstream": "unix//run/php/php8.0-fpm.sock", "duration": 0.054364981, "request": {"remote_ip": "72.179.21.5", "remote_port": "55890", "proto": "HTTP/2.0", "method": "GET", "host": "pterodactyl.server.theundarkpixel.com", "uri": "/index.php", "headers": {"X-Forwarded-Proto": ["https"], "X-Forwarded-Host": ["pterodactyl.server.theundarkpixel.com"], "User-Agent": ["curl/7.74.0"], "Accept": ["*/*"], "X-Forwarded-For": ["72.179.21.5"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "pterodactyl.server.theundarkpixel.com"}}, "headers": {"Status": ["500 Internal Server Error"], "Content-Type": ["text/html; charset=UTF-8"]}, "status": 500}
5. What I already tried:
- Restarted Caddy
- Restarted PHP
- Reset file ownership in
/usr/share/caddy/
- Check for
apt
updates (nothing relevant) - Restarted the system