Hello,
I’m using Caddy with Systemd like shown in this documentation page: https://github.com/mholt/caddy/tree/master/dist/init/linux-systemd
I activated the telemetry when I installed Caddy, now I’m interested to take a look a the stats. So as mentioned on this page (https://caddyserver.com/stats) I’m looking for the UUID file, but I can find none.
Thanks in advance for your help.
Regards,
Hello, thanks for answering.
As I said, there is none:
cat: /etc/ssl/caddy/uuid: No such file or directory
It’s where I looked first because of the following line in the service file:
Environment=CADDYPATH=/etc/ssl/caddy
Well, doesn’t get much more unclear than that. That’s clearly the Caddypath, and it’s clearly got write permissions.
CC @matt, any ideas where this rogue uuid file might have gotten to?
Hmm, either the environment variable is not set like you think it is, or the permissions on the directory must be wrong. If all else fails, the uuid is ephemeral. If all env variables are empty, and if the current working directory has write permissions, the uuid file will be written to the current directory. Or maybe in .caddy in the current directory, I can’t remember exactly (I’m mobile).
Hello thanks for answering,
The variables are set exactly as mentioned, here is the service file used:
~ # cat /etc/systemd/system/caddy.service
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network.service
[Service]
Restart=on-abnormal
; User and group the process will run as.
User=caddy
Group=caddy
;
; Letsencrypt-issued certificates will be written to this directory.
Environment=CADDYPATH=/etc/ssl/caddy
;
; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID
;
; Use graceful shutdown with a reasonable timeout
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s
;
; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
LimitNOFILE=1048576
; Unmodified caddy is not expected to use more than that.
; LimitNPROC=512
;
; Use private /tmp and /var/tmp, which are discarded after caddy stops.
PrivateTmp=true
; Use a minimal /dev
PrivateDevices=true
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
ProtectHome=true
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full
; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
; This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
ReadWriteDirectories=/etc/ssl/caddy
;
; The following additional security directives only work with systemd v229 or later.
; They further retrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
;
[Install]
WantedBy=multi-user.target
Also the directory permissions looks good to me, here they are:
~ # ls -lah /etc/ssl/caddy/
total 16K
drwxrwx--- 4 caddy caddy 4.0K May 27 17:26 .
drwxr-xr-x 5 root root 4.0K May 27 16:50 ..
drwx------ 4 caddy caddy 4.0K May 27 17:25 acme
drwx------ 2 caddy caddy 4.0K Jun 2 12:14 ocsp
I also always launched Caddy from the root user, using the provided service file. So obviously there is no .caddy directory in my /root/ (as forbidden by the permissions set). Did I done something wrong?
Best,
@matt @Whitestrake, thanks for your answers.
I gave a test to downloading the binary directly without using the https://getcaddy.com URL and it worked! I obviously missed something about telemetry deployment, who seems disabled for the download script.
So I got my UUID, it’s perfect.
Have a good day,
Glad you figured it out. When using getcaddy.com, you have to turn telemetry on by setting CADDY_TELEMETRY=on (as documented). But in the future we’ll probably make it on by default.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.