V2: Logging to file, permissions issues

sckott · May 18, 2020, 5:30pm

1. Caddy version (`caddy version`):

v2.0.0

2. How I run Caddy:

installed with sudo apt install caddy

a. System environment:

Ubuntu 18.04.4 LTS bionic

b. Command:

sudo systemctl enable caddy
sudo systemctl start caddy

with Caddyfile at /etc/caddy/Caddyfile

d. My complete Caddyfile or JSON config:

plantsdb.xyz {
  encode gzip
  log {
    output file plantsdb.log {
      roll_size 5
      roll_age 5000
      roll_keep 1000
    }
  }
  tls myrmecocystus@gmail.com
  reverse_proxy localhost:8888
}

ftdoi.org {
  encode gzip
  log {
    output file pubpatterns.log {
      roll_size 5
      roll_age 5000
      roll_keep 1000
    }
  }
  tls myrmecocystus@gmail.com
  try_files .html /
  reverse_proxy localhost:8876
}

3. The problem I’m having:

I don’t understand where logs are being recorded. I think I have logs set up with the log directive to go to a file for each of my domains. With Caddy v1 access logs were written to the file. I’m not seeing logs recorded to these files with Caddy v2.

4. Error messages and/or full log output:

running sudo systemctl status caddy I see

write error: can't rename log file: rename plantsdb.log plantsdb-2020-05-18T17-22-08.158.log: permission denied
write error: can't rename log file: rename pubpatterns.log pubpatterns-2020-05-18T17-22-24.066.log: permission denied

If i try deleting the existing log files (from previous Caddy v1) i get

write error: can't open new logfile: open plantsdb.log: permission denied

5. What I already tried:

I tried changing permissions of the log files (e.g., chmod 755 pubpatterns.log) but that doesn’t seem to help.

6. Links to relevant resources:

possibly related posts:

francislavoie · May 18, 2020, 5:43pm

I don’t think the caddy user has permission to write to that location. I think if you specify the log file path as /var/log/caddy/plantsdb.log, it might work.

FYI, I don’t think this will do what you want. This will check if there’s a file on disk (relative to the directory in which Caddy is running) named .html (there won’t be), otherwise it will check for a file / on disk (there will pass, because the current directory exists).

try_files isn’t very useful along with reverse_proxy because Caddy doesn’t know what files the proxy is serving.

I think you’re probably looking for something closer to this, but I’m just hazarding a guess:

@notHtml {
    not path *.html
}
rewrite @notHtml {path}.html

sckott · May 18, 2020, 6:00pm

Thanks @francislavoie

Created /var/log/caddy/ directory, and tried that file path in the Caddyfile. That results in the same error, permission denied.

Is there docs on where caddy user has permission to write?

Thanks for the try_files tips. I was confused about that so glad to have some help.

francislavoie · May 18, 2020, 7:45pm

When installing with the apt repo, currently it’s only directories where the caddy user has permissions. I think by default it’s only /var/lib/caddy and /tmp, maybe a few more places. See here, this is essentially what the apt repo does:

Along with the next releases, we’ll add the caddy user to the www-data group so that should allow it to access more relevant locations on disk.

For now, I think you could create the /var/log/caddy directory and chown it to allow the caddy user to write there.

sckott · May 18, 2020, 8:16pm

Thanks very much. chown the /var/log/caddy dir fixed it.

system · June 17, 2020, 5:30pm

This topic was automatically closed after 30 days. New replies are no longer allowed.