Problems setting up Wordpress with Caddy

1. Output of caddy version:

v2.6.1 h1:EDqo59TyYWhXQnfde93Mmv4FJfYe00dO60zMiEt+pzo=

2. How I run Caddy:

systemd

a. System environment:

DigitalOcean droplet with Ubuntu 22.04

b. Command:

c. Service/unit/compose file:

d. My complete Caddy config:

test.genuineandalusia.com {
	root * /var/www/html
	php_fastcgi unix//run/php/php8.1-fpm.sock
	encode gzip
	file_server

	@disallowed {
		path /xmlrpc.php
		path *.sql
		path /wp-content/uploads/*.php
	}

	rewrite @disallowed '/index.php'
}

3. The problem I’m having:

I’m trying to get Caddy up and running with Wordpress but hit a dead end.
First my problem was that I had tls internal in my Caddy config, not realizing the generated certificates will not be trusted by browsers by default (if I understood correctly).
I removed it and now at least I can curl my server (test.genuineandalusia.com) but all I get back is a “500 Internal Server Error”.

Also, Chrome and Firefox still tell me the connection to the server is not secure, but maybe they’re caching the previous, not-trusted certificate?

4. Error messages and/or full log output:

Sep 25 11:14:06 genuine-andalusia systemd[1]: Starting Caddy...
Sep 25 11:14:06 genuine-andalusia caddy[2904]: caddy.HomeDir=/var/lib/caddy
Sep 25 11:14:06 genuine-andalusia caddy[2904]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Sep 25 11:14:06 genuine-andalusia caddy[2904]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Sep 25 11:14:06 genuine-andalusia caddy[2904]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Sep 25 11:14:06 genuine-andalusia caddy[2904]: caddy.Version=v2.6.1 h1:EDqo59TyYWhXQnfde93Mmv4FJfYe00dO60zMiEt+pzo=
Sep 25 11:14:06 genuine-andalusia caddy[2904]: runtime.GOOS=linux
Sep 25 11:14:06 genuine-andalusia caddy[2904]: runtime.GOARCH=amd64
Sep 25 11:14:06 genuine-andalusia caddy[2904]: runtime.Compiler=gc
Sep 25 11:14:06 genuine-andalusia caddy[2904]: runtime.NumCPU=1
Sep 25 11:14:06 genuine-andalusia caddy[2904]: runtime.GOMAXPROCS=1
Sep 25 11:14:06 genuine-andalusia caddy[2904]: runtime.Version=go1.19.1
Sep 25 11:14:06 genuine-andalusia caddy[2904]: os.Getwd=/
Sep 25 11:14:06 genuine-andalusia caddy[2904]: LANG=C.UTF-8
Sep 25 11:14:06 genuine-andalusia caddy[2904]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Sep 25 11:14:06 genuine-andalusia caddy[2904]: NOTIFY_SOCKET=/run/systemd/notify
Sep 25 11:14:06 genuine-andalusia caddy[2904]: HOME=/var/lib/caddy
Sep 25 11:14:06 genuine-andalusia caddy[2904]: LOGNAME=caddy
Sep 25 11:14:06 genuine-andalusia caddy[2904]: USER=caddy
Sep 25 11:14:06 genuine-andalusia caddy[2904]: INVOCATION_ID=7771137379274e938ce40d84ae21247c
Sep 25 11:14:06 genuine-andalusia caddy[2904]: JOURNAL_STREAM=8:31598
Sep 25 11:14:06 genuine-andalusia caddy[2904]: SYSTEMD_EXEC_PID=2904
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"info","ts":1664104446.1511278,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"warn","ts":1664104446.1535056,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"info","ts":1664104446.1555185,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"info","ts":1664104446.1559248,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"info","ts":1664104446.156102,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"info","ts":1664104446.157724,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"info","ts":1664104446.1580703,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"debug","ts":1664104446.1584394,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"info","ts":1664104446.1586442,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"debug","ts":1664104446.1588974,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"info","ts":1664104446.1591015,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"info","ts":1664104446.1592672,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["test.genuineandalusia.com"]}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"debug","ts":1664104446.159922,"logger":"tls","msg":"loading managed certificate","domain":"test.genuineandalusia.com","expiration":1671874421,"issuer_key":"acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"debug","ts":1664104446.1605139,"logger":"tls.cache","msg":"added certificate to cache","subjects":["test.genuineandalusia.com"],"expiration":1671874421,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"622fdcf9afa7461fb1c19375f66a18f9aaab9a04f34181ea9934b29de9739245","cache_size":1,"cache_capacity":10000}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"debug","ts":1664104446.1606967,"logger":"events","msg":"event","name":"cached_managed_cert","id":"972290b3-00c0-4cf7-977e-b3b62ecc0f42","origin":"tls","data":{"sans":["test.genuineandalusia.com"]}}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"info","ts":1664104446.161006,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Sep 25 11:14:06 genuine-andalusia systemd[1]: Started Caddy.
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"info","ts":1664104446.164919,"msg":"serving initial configuration"}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"info","ts":1664104446.1677127,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002a7960"}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"info","ts":1664104446.1679797,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Sep 25 11:14:06 genuine-andalusia caddy[2904]: {"level":"info","ts":1664104446.1688337,"logger":"tls","msg":"finished cleaning storage units"}

5. What I already tried:

I thought maybe PHP is the problem, so I followed a blog post’s advice and changed the user, group, listen.user and listen.group values in the PHP config from www-data to caddy, also also ran chown caddy:caddy /var/www/html, but this didn’t change anything.

That’s right.

That’s very possible. Browsers do cache things. Try clearing your browser cache and try again.

That’s probably a configuration error on the side of WordPress. That error wouldn’t be from Caddy. Check your PHP logs. You might want to turn on the new capture_stderr option to write your PHP errors to Caddy’s logs.

php_fastcgi unix//run/php/php8.1-fpm.sock {
	capture_stderr
}

Thanks for the quick reply!

You’re right, when I replace the index.php of Wordpress with a simple “hello world” index.php, it’s rendered correctly (and the browsers don’t show any “connection not secure” message anymore), so it’s not Caddy’s fault.

This topic was automatically closed after 30 days. New replies are no longer allowed.