Problem with filemanager plugin and systemd

I’ve tried to set up a filemanager site with caddy plugin http.filemanager.
My caddy version is Caddy 0.11.0 (non-commercial use only)
I have set database path in the Caddyfile, and trying to manage the daemon with systemctl.
systemctl start caddy
systemctl status caddy
and it shows me with failure

● caddy.service - Caddy HTTP/2 web server
   Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2018-05-21 10:14:00 CST; 35min ago
  Process: 31989 ExecStart=/usr/local/bin/caddy -conf /etc/caddy/Caddyfile -root /tmp (code=exited, status=1/FAILURE)
 Main PID: 31989 (code=exited, status=1/FAILURE)

5月 21 10:14:00 Host systemd[1]: Started Caddy HTTP/2 web server.
5月 21 10:14:00 Host caddy[31989]: Activating privacy features... done.
5月 21 10:14:00 Host caddy[31989]: 2018/05/21 10:14:00 open /etc/caddy/filemanager.db: read-only file system
5月 21 10:14:00 Host systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
5月 21 10:14:00 Host systemd[1]: caddy.service: Failed with result 'exit-code'.

I checked the privilege of the database file:

$ ls -la /etc/caddy/
总用量 60
drwxr-xr-x   2 www-data www-data  4096 5月  20 21:03 .
drwxr-xr-x 114 root     root     12288 5月  19 17:53 ..
-rw-r--r--   1 www-data www-data   999 5月  20 21:03 Caddyfile
-rw-r--r--   1 www-data www-data 65536 5月  20 21:19 filemanager.db

here is my Caddyfile:

$ cat /etc/caddy/Caddyfile 
file.mydomain:443 {
  log /var/log/caddy/fileserver.log {
    rotate_size 5
    rotate_age 20
    rotate_keep 20
  filemanager / /mnt/CloudDisk {
    url /
    database /etc/caddy/filemanager.db    
    allow_new false
    allow_publish true
    allow_edit false
    allow_commands false
    locale zh_cn

the systemd file:

$ cat /etc/systemd/system/caddy.service | sed -e '/^;/d'
Description=Caddy HTTP/2 web server
Documentation= systemd-networkd-wait-online.service

ExecStart=/usr/local/bin/caddy -conf /etc/caddy/Caddyfile -root /tmp
ExecReload=/bin/kill -USR1 $MAINPID


I also tried to run caddy with user www-data in command line without systemd, and it works:

$ sudo -u www-data caddy -conf /etc/caddy/Caddyfile -root /tmp/
Activating privacy features... done.
WARNING: File descriptor limit 1024 is too low for production servers. At least 8192 is recommended. Fix with "ulimit -n 8192".

So it really confuse me why it can’t work with systemd…

I’ve tried to delete database line in Caddyfile, and restart caddy. It said A database is going to be created for your File Manager instance at /etc/ssl/caddy/filemanager/4ed115735b4f7b1c8c9749fad3f9af19.db. It is highly recommended that you set the 'database' option to '4ed115735b4f7b1c8c9749fad3f9af19.db'

Then I set the database to /etc/ssl/caddy/filemanager/4ed115735b4f7b1c8c9749fad3f9af19.db and it works.

So for now i’m just asking why it can’t work if i set database to my custom path?

The answer for this oddity is within the systemd unit file.

From the documentation:

Takes a boolean argument or the special values “full” or “strict”. If true, mounts the /usr and /boot directories read-only for processes invoked by this unit. If set to “full”, the /etc directory is mounted read-only, too.


Immediately after that, we have this line:

Which explicitly grants Caddy the ability to read and write to this directory only. So regardless of the permissions on the host, systemd has made it impossible to write in /etc outside of that location.

1 Like

Great job! Thank you!

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.