1. Caddy version (caddy version
):
v2.4.6
2. How I run Caddy:
I run Arch Linux on Scaleway VPS. It has a public and private IP.
When I run the following command I do not see the public IP:
$ sudo ip -4 a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
altname enp0s2
altname ens2
inet <private IP>/31 metric 100 scope global dynamic eth0
valid_lft 51079sec preferred_lft 51079sec
Apparently the default Caddyfile
loads configs from config.d
so I included two config files in that directory. One config is set to serve the website on private IP and another on public IP.
$ cat t0
<private IP> {
tls internal
respond "Hello World!"
}
$ cat t1
<public IP> {
tls internal
respond "Hello World!"
}
a. System environment:
Arch Linux, Using systemd
b. Command:
sudo systemctl start caddy
c. Service/unit/compose file:
[Unit]
Description=Caddy web server
Documentation=https://caddyserver.com/docs/
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
StartLimitIntervalSec=14400
StartLimitBurst=10
[Service]
User=caddy
Group=caddy
Environment=XDG_DATA_HOME=/var/lib
Environment=XDG_CONFIG_HOME=/etc
ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
ExecStopPost=/usr/bin/rm -f /run/caddy/admin.socket
# Do not allow the process to be restarted in a tight loop. If the
# process fails to start, something critical needs to be fixed.
Restart=on-abnormal
# Use graceful shutdown with a reasonable timeout
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
# Hardening options
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
DevicePolicy=closed
LockPersonality=true
MemoryAccounting=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProcSubset=pid
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=strict
RemoveIPC=true
ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
[Install]
WantedBy=multi-user.target
caddy fmt
:
# The Caddyfile is an easy way to configure your Caddy web server.
#
# https://caddyserver.com/docs/caddyfile
#
# The configuration below serves a welcome page over HTTP on port 80.
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace the line below with your
# domain name.
#
# https://caddyserver.com/docs/caddyfile/concepts#addresses
{
# Restrict the admin interface to a local unix file socket whose directory
# is restricted to caddy:caddy. By default the TCP socket allows arbitrary
# modification for any process and user that has access to the local
# interface. If admin over TCP is turned on one should make sure
# implications are well understood.
admin "unix//run/caddy/admin.socket"
}
# Import additional caddy config files in /etc/caddy/conf.d/
import /etc/caddy/conf.d/*
3. The problem I’m having:
As I have mentioned earlier I have two config files: t0
config files serves the website on a private IP and t1
serves the website on the public IP.
The website is being served only on the private IP.
$ curl --insecure https://<private IP>
Hello World!
$ curl --insecure https://<public IP>
curl: (7) Failed to connect to <public IP> port 443 after 1 ms: No route to host
4. Error messages and/or full log output:
â—Ź caddy.service - Caddy web server
Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2022-02-16 20:30:19 UTC; 31min ago
Docs: https://caddyserver.com/docs/
Process: 5416 ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile (code=exited, status=0/SUCCESS)
Main PID: 5279 (caddy)
Tasks: 7 (limit: 1141)
Memory: 16.5M
CPU: 783ms
CGroup: /system.slice/caddy.service
└─5279 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
Feb 16 20:38:56 sirius caddy[5279]: {"level":"info","ts":1645043936.481402,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/autosave.json"}
Feb 16 20:38:56 sirius caddy[5279]: {"level":"info","ts":1645043936.4816153,"logger":"admin.api","msg":"load complete"}
Feb 16 20:38:56 sirius caddy[5279]: {"level":"info","ts":1645043936.4845903,"logger":"admin","msg":"stopped previous server","address":"unix//run/caddy/admin.socket"}
Feb 16 20:38:56 sirius systemd[1]: Reloaded Caddy web server.
Feb 16 20:50:29 sirius systemd[1]: Reloading Caddy web server...
Feb 16 20:50:29 sirius caddy[5416]: {"level":"info","ts":1645044629.7391555,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Feb 16 20:50:29 sirius caddy[5279]: {"level":"info","ts":1645044629.744595,"logger":"admin.api","msg":"received request","method":"POST","host":"","uri":"/load","remote_addr":"@","headers":{"Accept-Encoding":["gzip"],"Content-Length":["562"],"Content-Type":["application/json"],"User-Agent":["Go-http-client/1.1"]}}
Feb 16 20:50:29 sirius caddy[5279]: {"level":"info","ts":1645044629.7449164,"logger":"admin.api","msg":"config is unchanged"}
Feb 16 20:50:29 sirius caddy[5279]: {"level":"info","ts":1645044629.7449396,"logger":"admin.api","msg":"load complete"}
Feb 16 20:50:29 sirius systemd[1]: Reloaded Caddy web server.
5. What I already tried:
I am really new to caddy
. I don’t know where to start. I have an inkling that the website is on public IP is not being served because the public IP is not present on any interface on the system… But ssh
is working with no issue…