V1 > V2 CaddyFile converting nightmare, can't get rewrites right

1. Caddy version (caddy version):

v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=

2. How I run Caddy:

a. System environment:

Raspi4, Raspbian 10 (buster)

b. Command:

caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
sudo service caddy restart

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

http://anel.cx:45, http://www.anel.cx:45 {

	file_server {
	root /var/www/      
	index index.html index.php
	}
}
	
php_fastcgi /var/run/lighttpd/php.socket-0 php
rewrite {
        ext !svg !gif !png !html !ttf !woff !ico !jpg !jpeg
        r ^/index.php/(.+)$
        to /{1} /index.php?{1}
    }
#rewrite {
#        ext .svg .gif .png .html .ttf .woff .ico .jpg .jpeg
#        r ^/index.php/(.+)$
#        to /{1} /index.php?{1}
#    }

rewrite {
	r ^/index.php/.*$
	to /index.php?{query}
	}
rewrite {
    r /(.git|admin|pihole|logs|backups|tests)/.*$
    to /denyaccess
}
	}
	
https://anel.cx, https://www.anel.cx:443 {
	file_server {
	root /var/www/      
	index index.php index.html
	}
	tls /etc/cert/fullchain.pem /etc/cert/privkey.pem
	    
	fastcgi / /var/run/lighttpd/php.socket-0 php

rewrite {
    r /(.git|admin|pihole|logs|backups|tests)/.*$
    to /denyaccess
	}
}
  
https://bae.anel.cx:443 {
	reverse_proxy localhost:9999
	tls /etc/cert/fullchain.pem /etc/cert/privkey.pem
	}

https://doom.anel.cx:443 {
	reverse_proxy localhost:10666
	tls /etc/cert/fullchain.pem /etc/cert/privkey.pem
	}

https://mc.anel.cx:443 {
	reverse_proxy localhost:25565
	tls /etc/cert/fullchain.pem /etc/cert/privkey.pem
	}

https://ongeki.anel.cx:443 {
	file_server {
	root /var/www/ongeki/dist/aqua-viewer      
	index index.html index.php
	}
	rewrite {
	to {path} /
	}
	tls /etc/cert/fullchain.pem /etc/cert/privkey.pem
	}

https://patcher.anel.cx:443 {
	file_server {
	root /var/www/BemaniPatcher/    
	index index.html index.php
	}     
	tls /etc/cert/fullchain.pem /etc/cert/privkey.pem
	}
	
https://bms.anel.cx:443 {
	file_server {
	root /var/www/bms/   
	index index.html index.php
	}     
	tls /etc/cert/fullchain.pem /etc/cert/privkey.pem
	header /* Access-Control-Allow-Origin "*"
	}


3. The problem I’m having:

Hi, I had some trouble enabling cors among other stuff so I’ve decided to make the jump to V2. I have been doing changes to my V1 CaddyFile but I just can’t get the rewrites done.

4. Error messages and/or full log output:

caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
2020/09/12 08:54:07.393 INFO using provided configuration {“config_file”: “/etc/caddy/Caddyfile”, “config_adapter”: “caddyfile”}
run: adapting config using caddyfile: parsing caddyfile tokens for ‘rewrite’: /etc/caddy/Caddyfile:10 - Error during parsing: Wrong argument count or unexpected line ending after ‘rewrite’

5. What I already tried:

I readed all the documentation specially the V2 made for migration. I couldn’t see any info about ext and I tried removing r & to. but it’s something I just can’t get it done. While I honestly don’t want my files completely done, I would appreciate some tips on this.

Thanks in advance

6. Links to relevant resources:

Please use caddy fmt to clean up your config, it’ll fix all the indentation and make your config much easier to read!

The rewrite directive in v2 has different syntax. It doesn’t take subdirectives anymore for request matching, instead it uses the generalized request matching system introduced in v2.

For example, this one:

rewrite {
    r /(.git|admin|pihole|logs|backups|tests)/.*$
    to /denyaccess
}

Would become:

@deny path_regexp /(.git|admin|pihole|logs|backups|tests)/.*$
rewrite @deny /denyaccess

Read more about request matching here:

Also, have you gone through the upgrade guide? It should cover a lot of the other things you’ve missed, like:

  • how to use the php_fastcgi directive (no php preset anymore at the end of the line, new syntax for unix sockets)
  • the change to root (you need * as the first param as the matcher if using a absolute path, i.e. path starting with /, because things starting with / can be path matchers)
  • you should use the root directive rather than the root subdirective to file_server, so that root is set for all directives rather than just file_servers (because php_fastcgi needs to know where the files are stored as well)
  • the php_fastcgi directive has built-in try_files behaviour so you should no longer need the to /index.php?{1} rewrites
2 Likes

Hi! Thanks for the swift response, I didn’t even knew that fmt existed!

I made the following changes thanks to your response and everything seems to work fine :smiley:

{
	http_port 80
	https_port 443
}

http://anel.cx:45, http://www.anel.cx:45 {
	root * /var/www/
	file_server {
		root /var/www/
		index index.html index.php
	}
	php_fastcgi /var/run/lighttpd/php.socket-0

	@deny path_regexp /(.git|admin|pihole|logs|backups|tests)/.*$
	rewrite @deny /denyaccess
}

https://anel.cx, https://www.anel.cx:443 {
	root * /var/www/
	tls /etc/cert/fullchain.pem /etc/cert/privkey.pem
	file_server {
		root /var/www/
		index index.html index.php
	}
	php_fastcgi /var/run/lighttpd/php.socket-0
	@deny path_regexp /(.git|admin|pihole|logs|backups|tests)/.*$
	rewrite @deny /denyaccess
}

https://bae.anel.cx:443 {
	reverse_proxy localhost:9999
	tls /etc/cert/fullchain.pem /etc/cert/privkey.pem
}

https://doom.anel.cx:443 {
	reverse_proxy localhost:10666
	tls /etc/cert/fullchain.pem /etc/cert/privkey.pem
}

https://mc.anel.cx:443 {
	reverse_proxy localhost:25565
	tls /etc/cert/fullchain.pem /etc/cert/privkey.pem
}

https://ongeki.anel.cx:443 {
	root * /var/www/ongeki/dist/aqua-viewer
	file_server {
		root /var/www/ongeki/dist/aqua-viewer
		index index.html index.php
	}
	tls /etc/cert/fullchain.pem /etc/cert/privkey.pem
}

https://patcher.anel.cx:443 {
	file_server {
		root /var/www/BemaniPatcher
		index index.html index.php
	}
	tls /etc/cert/fullchain.pem /etc/cert/privkey.pem
}

https://bms.anel.cx:443 {
	root * /var/www/bms/
	file_server {
		root /var/www/bms/
		index index.html index.php
	}
	tls /etc/cert/fullchain.pem /etc/cert/privkey.pem
	header /* Access-Control-Allow-Origin "*"
}

I wanted to add some error pages but I heard they’re being reworked for 2.1. so I’ll wait a little.
I definitely need to start studying again all of this. I forgot most of it!

Thank you so much again for all the assistance!

1 Like

Great!

A few more things I’m noticing - you need to add unix/ as a prefix to the socket path for your php_fastcgi directive for Caddy to understand that it’s a unix socket. Like this:

php_fastcgi unix//var/run/lighttpd/php.socket-0

Also, you can remove both subdirectives to file_server because you already set root, and php_fastcgi takes care of making index.php an index file already.

And finally, you can omit the /* on your header directive, because omitting a matcher is the same as “match all requests” (as long as the first argument doesn’t start with / or @)

1 Like