1. Output of caddy version
:
v2.6.1 h1:EDqo59TyYWhXQnfde93Mmv4FJfYe00dO60zMiEt+pzo=
2. How I run Caddy:
Use systemctl enable caddy, systemctl start caddy
a. System environment:
NAME=“Ubuntu”
VERSION=“18.04.6 LTS (Bionic Beaver)” systemd
b. Command:
/usr/bin/caddy
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
{
order reverse_proxy before route
admin off
log {
output file /var/log/caddy/access.log
level ERROR
}
}
:443, mywebsite.com {
tls {
ciphers TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
curves x25519 secp521r1 secp384r1 secp256r1
alpn http/1.1 h2
}
@tws {
header Connection *Upgrade*
header Upgrade websocket
path /apathname }
reverse_proxy @tws 127.0.0.1:2022
@host {
host mywebsite.com }
route @host {
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
file_server {
root /var/www/html }
}
}
3. The problem I’m having:
It’s said /etc/caddy is read-only although:
/etc/caddy# ll
total 16
drwxrwxr-x 3 caddy caddy 4096 Oct 8 09:14 ./
drwxr-xr-x 86 root root 4096 Oct 8 02:17 …/
drwxrwxr-x 3 caddy caddy 4096 Feb 22 2022 .config/
-rw-rw-r-- 1 caddy caddy 1119 Oct 8 09:14 Caddyfile
4. Error messages and/or full log output:
{"level":"error","ts":1665220447.3730838,"logger":"tls","msg":"job failed","error":"mywebsite.com: obtaining certificate: failed storage check: mkdir /etc/caddy/.local: read-only file system - storage is probably misconfigured"}
{"level":"error","ts":1665220447.4814124,"msg":"unable to autosave config","file":"/etc/caddy/.config/caddy/autosave.json","error":"open /etc/caddy/.config/caddy/autosave.json: read-only file system"}
{"level":"error","ts":1665220447.481637,"logger":"tls","msg":"job failed","error":"mywebsite.com: obtaining certificate: failed storage check: mkdir /etc/caddy/.local: read-only file system - storage is probably misconfigured"}
{"level":"error","ts":1665222732.764062,"msg":"unable to autosave config","file":"/etc/caddy/.config/caddy/autosave.json","error":"open /etc/caddy/.config/caddy/autosave.json: read-only file system"}
{"level":"error","ts":1665222732.7723339,"logger":"tls","msg":"job failed","error":"mywebsite.com: obtaining certificate: failed storage check: mkdir /etc/caddy/.local: read-only file system - storage is probably misconfigured"}
{"level":"error","ts":1665222732.7731318,"logger":"tls","msg":"job failed","error":"mywebsite.com: obtaining certificate: failed storage check: mkdir /etc/caddy/.local: read-only file system - storage is probably misconfigured"}
{"level":"error","ts":1665222942.4845963,"msg":"unable to autosave config","file":"/etc/caddy/.config/caddy/autosave.json","error":"open /etc/caddy/.config/caddy/autosave.json: read-only file system"}
{"level":"error","ts":1665222942.492277,"logger":"tls","msg":"job failed","error":"mywebsite.com: obtaining certificate: failed storage check: mkdir /etc/caddy/.local: read-only file system - storage is probably misconfigured"}
{"level":"error","ts":1665222942.4925766,"logger":"tls","msg":"job failed","error":"mywebsite.com: obtaining certificate: failed storage check: mkdir /etc/caddy/.local: read-only file system - storage is probably misconfigured"}
5. What I already tried:
Tried to give w permission to caddy:caddy for /etc/caddy