Why is caddy run --watch dangerous?

The Caddy 2 documentation for caddy run says:

--watch will watch the config file and automatically reload it after it changes. :warning: This feature is intended for use only in local development environments!

Why is there a warning? Does it have an impact on the performance (or similar runtime impact)? Or is it because a mistake in the Caddyfile would break the server?

I was planning to use that in my “home production” environment, where a mistake does not matter, and at the same time the feature would be useful (especially that I run Caddy in a docker container)

Not really. It does spawn a background goroutine (lightweight thread) that monitors the file for changes, which is unnecessary work in a production environment, but that’s not the main reason for the warning.

This is closer, but not quite precise enough. Invalid configs will not be loaded and will not cause downtime and will not stop the previously-running configuration. However, an unintentional change to the config file that still happens to be valid configuration can break your intended server behavior implicitly which can be scary in production.

For example, a partially-filled out root directive such as root * / – let’s suppose you get a phone call after typing this much and you’re pedantic like me so you save the file and forget to come back to this line later. Now you’re serving the root of your entire file system (yikes) just because you saved a file.
There’s a lot wrong here (changes to a running server should always involve some sort of explicit change IMO), and --watch just makes it easier to shoot yourself in the foot… but it is useful in local, private, rapid-development environments.

Even if your config is correct, every time Caddy loads the config it updates the autosave.json config file in the configuration folder. So if you run caddy with the --resume flag, it will effectively use the last version of the config file you saved, so if you relied on autosave.json as a backup, you’re out of luck even though you didn’t touch your server.

If mistakes don’t matter, --watch is very convenient.

1 Like

Thank you, this is very clear.

This topic was automatically closed after 30 days. New replies are no longer allowed.