I’m trying to start caddy with systemctl so that it can run in the background properly.
I’ve tried various things and read many tutorials but nothing seems to work.
I’ve also read this topic: Starting with systemd: Failed at step NAMESPACE spawning /usr/local/bin/caddy: No such file or directory
I’m using ubuntu 16.04 VPS.
This is the error I get:
● caddy.service - Caddy HTTP/2 web server Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Mon 2019-02-18 23:53:51 CET; 19h ago Docs: https://caddyserver.com/docs Main PID: 1164 (code=exited, status=226/NAMESPACE) Feb 18 23:53:51 ubuntu systemd: Started Caddy HTTP/2 web server. Feb 18 23:53:51 ubuntu systemd: caddy.service: Main process exited, code=exited, status=226/NAMESPACE Feb 18 23:53:51 ubuntu systemd: caddy.service: Unit entered failed state. Feb 18 23:53:51 ubuntu systemd: caddy.service: Failed with result 'exit-code'.
And this is how my caddy.service file looks like:
[Unit] Description=Caddy HTTP/2 web server Documentation=https://caddyserver.com/docs After=network-online.target Wants=network-online.target systemd-networkd-wait-online.service [Service] Restart=on-abnormal ; User and group the process will run as. User=www-data Group=www-data ; Letsencrypt-issued certificates will be written to this directory. Environment=CADDYPATH=/etc/ssl/caddy ; Always set "-root" to something safe in case it gets forgotten in the Caddyfile. ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp ExecReload=/bin/kill -USR1 $MAINPID ; Use graceful shutdown with a reasonable timeout KillMode=mixed KillSignal=SIGQUIT TimeoutStopSec=5s ; Limit the number of file descriptors; see `man systemd.exec` for more limit settings. LimitNOFILE=1048576 ; Unmodified caddy is not expected to use more than that. LimitNPROC=512 ; Use private /tmp and /var/tmp, which are discarded after caddy stops. PrivateTmp=true ; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.) PrivateDevices=false ; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys. ProtectHome=true ; Make /usr, /boot, /etc and possibly some more folders read-only. ProtectSystem=full ; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there. ; This merely retains r/w access rights, it does not add any new. Must still be writable on the host! ReadWriteDirectories=/etc/ssl/caddy ; The following additional security directives only work with systemd v229 or later. ; They further restrict privileges that can be gained by caddy. Uncomment if you like. ; Note that you may have to add capabilities required by any plugins in use. ;CapabilityBoundingSet=CAP_NET_BIND_SERVICE ;AmbientCapabilities=CAP_NET_BIND_SERVICE ;NoNewPrivileges=true [Install] WantedBy=multi-user.target