-
-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Full caddy production environment in a single command. #388
Comments
Make a service of it... (either systemd or upstart). |
Btw: why running Caddy as root? You can bind to port 80 as a normal user by using setcap
If you want to stick to |
SystemD Service
cat <<EOF > /etc/systemd/system/caddy@.service
[Unit]
Description=Caddy HTTP/2 web server %I
Documentation=https://caddyserver.com/docs
After=network.target
[Service]
User=%i
Environment=STNORESTART=yes
ExecStart=/usr/sbin/caddy -agree=true -conf=/etc/caddy/Caddyfile
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
|
Thanks guys, this is seriously really helpful. However, if caddy wants to be the easiest solution to integrate, maybe it's worth considering abstracting this process? Or at least put a tutorial somewhere with instructions for deploying a caddy server. |
Good suggestion... |
@klingtnet will that work and start on ports 80 and 443 with a regular user? |
Deploying an application is very different from serving websites; I don't want to get into that business... sounds more like sysadmin work. But perhaps we could post some examples to the caddyserver/examples repo in a new folder called "deployment" or something, since it's a common enough question. |
@mholt but that's something most of your target users will eventually want to do. Adding start/stop commands would fulfill most basic cases. |
@DenBeke using upstart, where is the |
|
Where lets encrypt key pairs go. Normally it's in the home folder ( |
@matthewp If you have run |
Can't we have Caddy in the package managers? Or an install script which downloads caddy, detects the correct init system, creates the correct start files, ...? |
I could setup an AUR repository for Arch Linux if someone is interested. |
@DenBeke it seems |
@calebmer How do you mean? |
@DenBeke caddy wants to put all of the lets encrypt configuration into |
I am with @DenBeke on this. I think this needs to happen for greater adoption. e.g. on Ubuntu $ sudo apt-get install caddy |
@abiosoft I'm afraid the Ubuntu packages won't be quickly enough released, so apt-get will always be an older version. Arch is much faster in this. For now a bootstrap script is maybe the most easy solution. I can help with this... |
@DenBeke I'd love your help 👍 |
I don't know if this will be helpful, but https://getcaddy.com |
That's a good starting point, @mholt! |
This is the (SysV?) init script I'm using at #!/bin/bash
# Caddy daemon
# chkconfig: 345 20 80
# description: Caddy daemon
# processname: caddy
DAEMON_PATH="/usr/local/bin"
DAEMON='./caddy'
DAEMONOPTS="-conf=/etc/caddy/Caddyfile -log /var/log/caddy.log"
NAME=caddy
DESC="Caddy upstart"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
case "$1" in
start)
printf "%-50s" "Starting $NAME..."
cd $DAEMON_PATH
PID=`$DAEMON $DAEMONOPTS > /dev/null 2>&1 & echo $!`
echo "Saving PID" $PID " to " $PIDFILE
if [ -z $PID ]; then
printf "%s\n" "Fail"
else
echo $PID > $PIDFILE
printf "%s\n" "Ok"
fi
;;
status)
printf "%-50s" "Checking $NAME..."
if [ -f $PIDFILE ]; then
PID=`cat $PIDFILE`
if [ -z "`ps axf | grep ${PID} | grep -v grep`" ]; then
printf "%s\n" "Process dead but pidfile exists"
else
echo "Running"
fi
else
printf "%s\n" "Service not running"
fi
;;
stop)
printf "%-50s" "Stopping $NAME"
PID=`cat $PIDFILE`
cd $DAEMON_PATH
if [ -f $PIDFILE ]; then
kill -HUP $PID
printf "%s\n" "Ok"
rm -f $PIDFILE
else
printf "%s\n" "pidfile not found"
fi
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 {status|start|stop|restart}"
exit 1
esac |
Got this working on my FreeBSD Server: https://gist.github.com/justrjlewis/a3b4c36767a98b8b3c75 |
I am puzzled beyond belief at your sysadmin vs serving websites comment. What is it you think that sysadmins do? (NOT trolling: Definitely want to start a dialogue....) |
I'm going to leave it up to the sysadmin to decide how he/she wants to run Caddy. All I meant by that comment is that Caddy serves websites, and I don't want the scope to creep up to the system environment level where it configures a system so it can run a certain way. |
@justrjlewis, thank for the start up script! I'm considering attempting to make caddy a port/package with freeBSD and that will help out a lot. @faddat, not everyone uses systemd and/or linux, and I'd rather a specific OS determine how to startup a process when it's installed in the OS. |
@jungle-boogie that would be great! |
@jungle-boogie That script needs some work - it's got some bugs. I haven't had a chance to jump back into it, but let me know if you come up with any changes! 👍 |
Thanks, @justrjlewis |
@mholt the comments at the top of https://getcaddy.com are wrong. It says:
These now need to be:
Or it fails saying "bash: line 1: a: No such file or directory" |
curl -L getcaddy.com | bash |
OK. I'd already got past it, so it was more of a nudge so that "getcaddy.com" is updated and more people don't hit this. Thanks though. |
I'd go with the Yeah, I'm aware it will redirect to https and I know many apps still use this as default way of installation. Just thinking as a random cautious first time user. |
Thanks for the reminder; will update that soon. |
Hey guys! FYI: new freebsd service script. I haven't tried it yet, but looks legit. 👍 |
@justrjlewis I didn't recognize you already made a service script, otherwise I would've saved me the hassle ;-) I enhanced my script so that you could change the user the process runs on. Please let me know if there are further issues in case you decide to use it. What I would love to see is privilege dropping within Caddy because running a webserver as root user is a pain in the ass, especially on FreeBSD where |
@dprandzioch If you change your port binding, you can run as your caddy user.
What I plan to work on, is updating the Caddy docs to be as platform agnostic as the server itself. It's early days, but for my mind doing that and having tons of examples for people is the key long term growth. I would love to see Caddy added to the package manager. I'm still new to freebsd myself and have four huge projects to finish up before I start playing with my freebsd box again, but message me if you start before I do. Also, check with @jungle-boogie - he may already be working on something. |
Yeah, with freeBSD you can use jails or MAC port access until Caddy can support some kind of privileg dropping: #528 |
@justrjlewis Thanks you so much, I already tried to figure out to get this running but didn't succeed until now. :-) @jungle-boogie Just added my 2c to #528. I'm currently running Caddy jailed anyway but'd rather prefer a native implementation that's just as self-contained as Caddy itself is. Anyway, I think it's better keeping that separate in the other bug report :-) However, is there any development going on regarding providing Caddy packages for various Linux / BSD systems? I think that will be interesting for many people for the long run, including sample configuration (however the current documentation is very good anyway) and most certainly an init script for systemd/rc.d (I think sysvinit and upstart can be dropped by now as the most Linux distros are migrating to systemd just to not make it more complicated as it needs to be?). On the other hand this kind of reduces the portability of that single statically-linked executable that I like so much but I think especially when it comes to larger production deployments you might wanna have more framework around the webserver itself. |
@dprandzioch There is some effort and definitely a lot of interest in distributing Caddy via system packages; anyone is welcome to step up to the plate in #395, where I invite anyone who would like to to be involved in that way. |
@justrjlewis @jungle-boogie @alexbilbie @klingtnet @calebmer @DenBeke (phew!) There is now a folder in dist/init where we are assembling "init" scripts. These are not officially part of the project, but if you would like to add your own to that folder (and keep them maintained if they change, please), we'd really appreciate it! Thanks to David for that PR above with the idea. When you submit your script, please include a brief paragraph in the README there about how to use it. Preferably, comment your script/config it so it can be customized easily, but choose sensible defaults. Also please include your GitHub username or email address so people can ask you their questions. |
@mholt Great! I will review my SystemD service file tomorrow and create a PR. |
@mholt I'm happy that this one finally made it into the repository. I'll try create a PR, commenting my init script as soon as possible. |
Yay, we've got two now. I also welcome discussion on how to improve getcaddy.com without getting too crazy about it. 😄 I'm going to close this issue. Feel free to continue the discussion though, and remember that you can add your own scripts to dist/init! Pull requests welcome. |
There are a couple of steps I need to take to start up a caddy server in production:
Is there a way to minimize this into one command?
Or maybe add a few new daemon style commands like:
It would need to do the following which I currently do manually:
.env
file (see the node dotenv package for more information, although it is using the bash script formatting options).Are these things possible? Is
nohup
the right way to run caddy in production?The text was updated successfully, but these errors were encountered: