Probleme configuring second website on a caddy web server

corent1lb · February 12, 2024, 11:54pm

1. The problem I’m having:

I’m trying to run two sites on the same caddy server : domain01.com and subdomain.domain01.com

I’ve tested my DNS configuration separately and it works properly for both domain and subdomain.

Caddy is run by the caddy user of the caddy group.
The directories of both websites are configured exactly the same, including access, reader, write and execute permissions.

2. Error messages and/or full log output:

The first site, domain01.com, works properly both in HTML and PHP.
The second one, submdomain.domain01.com, return 403 for the index.html file et 404 for info.php

3. Caddy version: v2.7.6

4. How I installed and ran Caddy:

I followed the official Rocky Linux tutorial for caddy installation : Caddy Web Server - Documentation

a. System environment:

Rocky Linux 9.3

b. Command:

sudo systemctl start caddy

c. Service/unit/compose file:

d. My complete Caddy config:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# https://caddyserver.com/docs/caddyfile


# The configuration below serves a welcome page over HTTP on port 80.  To use
# your own domain name with automatic HTTPS, ensure your A/AAAA DNS record is
# pointing to this machine's public IP, then replace `http://` with your domain
# name.  Refer to the documentation for full instructions on the address
# specification.
#
# https://caddyserver.com/docs/caddyfile/concepts#addresses
# Domaine domain01.com
domain01.com {
	# Set this path to your site's directory.
	root * /srv/www/domain01.com/htdocs

	# Enable the static file server.
	file_server

	# Another common task is to set up a reverse proxy:
	# reverse_proxy localhost:8080

	# Or serve a PHP site through php-fpm:
	php_fastcgi 127.0.0.1:9000

	# Refer to the directive documentation for more options.
	# https://caddyserver.com/docs/caddyfile/directives
}

# Redirection www vers domain01.com nu
www.domain01.com {
	redir https://domain01.com{uri}
}

# domaine subdomain.domain01.com
subdomain.domain01.com {
	root * /srv/www/subdomain.domain01.com/htdocs
	file_server
	php_fastcgi 127.0.0.1:9000
	log { 
		output file /var/log/caddy/subdomain.domain01.log
	}
}

# As an alternative to editing the above site block, you can add your own site
# block files in the Caddyfile.d directory, and they will be included as long
# as they use the .caddyfile extension.
# import Caddyfile.d/*.caddyfile

5. Links to relevant resources:

francislavoie · February 13, 2024, 12:51am

Check the file/directory permissions. Make sure the caddy user can read those files.

Show ls -la for /srv/www/subdomain.domain01.com and /srv/www/subdomain.domain01.com/htdocs.

corent1lb · February 13, 2024, 1:38am

Here are the results :

[rocky@vps ~]$ ls -la /srv/www/subdomain.domain01.com
total 0
drwxr-xr-x. 3 caddy caddy    20 Feb  6 19:51 .
drwxrwxr-x. 4 rocky sftpteam 54 Feb  7 04:16 ..
drwxr-xr-x. 2 caddy caddy    67 Feb 12 22:14 htdocs

[rocky@vps ~]$ ls -la /srv/www/subdomain.domain01.com/htdocs
total 164
drwxr-xr-x. 2 caddy caddy     67 Feb 12 22:14 .
drwxr-xr-x. 3 caddy caddy     20 Feb  6 19:51 ..
-rw-r--r--. 1 caddy caddy     13 Feb 12 22:14 index.html
-rw-r--r--. 1 caddy caddy     20 Feb 12 22:14 info.php

francislavoie · February 13, 2024, 6:56am

Hmm, that does seem fine.

Add this to the top of your Caddyfile:

{
	debug
}

Then make a request with curl -v, show that output, then show your Caddy logs (the command to use to see your logs can be found here Keep Caddy Running — Caddy Documentation)

Does Rocky Linux have SELinux enabled? Maybe there’s some SELinux rule preventing access of those files?

corent1lb · February 13, 2024, 12:37pm

Here is the results :

[rocky@vps ~]$ curl -v subdomain.domain01.com
*   Trying 111.22.33.44:80...
* Connected to subdomain.domain01.com (111.22.33.44) port 80 (#0)
> GET / HTTP/1.1
> Host: subdomain.domain01.com
> User-Agent: curl/7.76.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://subdomain.domain01.com/
< Server: Caddy
< Date: Tue, 13 Feb 2024 12:26:39 GMT
< Content-Length: 0
<
* Closing connection 0

The log show :

{"level":"info","ts":1707827199.2037675,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"111.22.333.44","remote_port":"40896","client_ip":"111.22.333.44","proto":"HTTP/1.1","method":"GET","host":"subdomain.domain01.com","uri":"/","headers":{"User-Agent":["curl/7.76.1"],"Accept":["*/*"]}},"bytes_read":0,"user_id":"","duration":0.00003663,"size":0,"status":308,"resp_headers":{"Content-Type":[],"Server":["Caddy"],"Connection":["close"],"Location":["https://subdomain.domain01.com/"]}}

and :

[rocky@vps ~]$ journalctl -u caddy --no-pager | less +G
ort":443,"Zone":""}}}}
Feb 13 12:26:37 vps-abcdefgh.net caddy[341324]: {"level":"debug","ts":1707827197.545008,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"mail2.vrnao.info"}
Feb 13 12:26:37 vps-abcdefgh.net caddy[341324]: {"level":"debug","ts":1707827197.5450168,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.vrnao.info"}
Feb 13 12:26:37 vps-abcdefgh.net caddy[341324]: {"level":"debug","ts":1707827197.5450208,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.info"}
Feb 13 12:26:37 vps-abcdefgh.net caddy[341324]: {"level":"debug","ts":1707827197.5450249,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Feb 13 12:26:37 vps-abcdefgh.net caddy[341324]: {"level":"debug","ts":1707827197.5450325,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","remote_ip":"162.0.231.109","remote_port":"40986","server_name":"mail2.vrnao.info","remote":"162.0.231.109:40986","identifier":"mail2.vrnao.info","cipher_suites":[52392,52393,49199,49200,49195,49196,49171,49161,49172,49162,156,157,47,53,49170,10],"cert_cache_fill":0.0003,"load_or_obtain_if_necessary":true,"on_demand":false}
Feb 13 12:26:37 vps-abcdefgh.net caddy[341324]: {"level":"debug","ts":1707827197.545111,"logger":"http.stdlib","msg":"http: TLS handshake error from 162.0.231.109:40986: no certificate available for 'mail2.vrnao.info'"}

Yes SELinux is enabled…

francislavoie · February 13, 2024, 1:50pm

That’s an HTTP request, so it just serves the HTTP->HTTPS redirect (the Location header is a redirect). Try curl -v https://subdomain.domain01.com instead.

Then it’s quite possible SELinux rules are blocking access to the files.

You could go through these steps to debug SELinux issues:

github.com/caddyserver/dist

Investigate whether SELinux rules need to be added for rpm

opened 12:23PM - 17 Jan 23 UTC

closed 02:03AM - 26 Jul 23 UTC

francislavoie

question

I'm opening this up as followup from mentioning this in Slack. We've had some… users in the forums recently that got snagged on SELinux rules preventing the `caddy` user from reading/writing files in `/var/www/html` and `/var/log/caddy`. - https://caddy.community/t/centos-7-installation/18329/14 - https://caddy.community/t/caddy-erros-page-can-t-be-found-and-access-to-sub-domainname-com-was-denied/18408/8 - https://caddy.community/t/caddy-unable-to-access-certificates-after-upgrade-from-2-6-2-to-2-6-4/18989 Is there anything that can be done in the `.rpm` to smooth this over?

corent1lb · February 13, 2024, 1:58pm

Before I read your answer I tried to disabled SELinux and then my both site works fine.

So probably it comes from SELinux,

Thanks for your help !

system · March 14, 2024, 1:59pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.