serv/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-01-09 04:18:50 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
caddy/dist/init/linux-systemd
History
Andreas Linz 53ae9b8521 Increase restart rate limit 
The previous setting caused the service to hit a rate-limit when it was
restarted more than 5 times in 24h.
Editing the Caddyfile and restarting the service could also easily
trigger this rate limit.
One could argue that users could simply call `systemctl reset-failed
caddy` to reset the rate-limit counter, but this is counterintuitive
because most users won't know this command and are possibly unaware that
they had hit a rate-limit.

The service is now allowed to restart 10 times in 10 seconds before
hitting a rate limit.
This should be conservative enough to rate limit quickly failing
services and to allow users to edit and test their caddy configuration.

This closes #1718

Remove restart limit settings and use defaults

By default 5 restarts within 10 seconds are allowed without
encountering a restart limit hit, see  `man systemd.unit` for details.

Set Restart to on-abnormal

The table in https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=
shows the conditions for which on-abnormal would restart the service.
It will *not* restart the service in the following cases:

- a non-zero exit status, e.g. an invalid Caddyfile
- a zero exit code (or those specified in SuccessExitStatus=) and a clean signal
    clean signals are SIGHUP, SIGINT, SIGTERM or SIGPIPE
    3536f49e8f/src/basic/exit-status.c (L205)

The service *will be restarted* in the following cases:

- a unclean signal, e.g. SIGKILL
- on start and watchdog timeout (we don't use those systemd service
constructs explicitly)
2017-08-13 16:38:19 +02:00
..
caddy.service Increase restart rate limit 2017-08-13 16:38:19 +02:00
README.md dist/init: Better way to get systemd version (#1612) 2017-04-26 10:45:57 -06:00

README.md

systemd Service Unit for Caddy

Please do not hesitate to ask on caddyserver/support if you have any questions. Feel free to prepend to your question the username of whoever touched the file most recently, for example @wmark re systemd: ….

The provided file should work with systemd version 219 or later. It might work with earlier versions. The easiest way to check your systemd version is to run systemctl --version.

Instructions

We will assume the following:

  • that you want to run caddy as user www-data and group www-data, with UID and GID 33
  • you are working from a non-root user account that can use 'sudo' to execute commands as root

Adjust as necessary or according to your preferences.

First, put the caddy binary in the system wide binary directory and give it appropriate ownership and permissions:

sudo cp /path/to/caddy /usr/local/bin
sudo chown root:root /usr/local/bin/caddy
sudo chmod 755 /usr/local/bin/caddy

Give the caddy binary the ability to bind to privileged ports (e.g. 80, 443) as a non-root user:

sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy

Set up the user, group, and directories that will be needed:

sudo groupadd -g 33 www-data
sudo useradd \
  -g www-data --no-user-group \
  --home-dir /var/www --no-create-home \
  --shell /usr/sbin/nologin \
  --system --uid 33 www-data

sudo mkdir /etc/caddy
sudo chown -R root:www-data /etc/caddy
sudo mkdir /etc/ssl/caddy
sudo chown -R www-data:root /etc/ssl/caddy
sudo chmod 0770 /etc/ssl/caddy

Place your caddy configuration file ("Caddyfile") in the proper directory and give it appropriate ownership and permissions:

sudo cp /path/to/Caddyfile /etc/caddy/
sudo chown www-data:www-data /etc/caddy/Caddyfile
sudo chmod 444 /etc/caddy/Caddyfile

Create the home directory for the server and give it appropriate ownership and permissions:

sudo mkdir /var/www
sudo chown www-data:www-data /var/www
sudo chmod 555 /var/www

Let's assume you have the contents of your website in a directory called 'example.com'. Put your website into place for it to be served by caddy:

sudo cp -R example.com /var/www/
sudo chown -R www-data:www-data /var/www/example.com
sudo chmod -R 555 /var/www/example.com

You'll need to explicitly configure caddy to serve the site from this location by adding the following to your Caddyfile if you haven't already:

example.com {
    root /var/www/example.com
    ...
}

Install the systemd service unit configuration file, reload the systemd daemon, and start caddy:

sudo cp caddy.service /etc/systemd/system/
sudo chown root:root /etc/systemd/system/caddy.service
sudo chmod 644 /etc/systemd/system/caddy.service
sudo systemctl daemon-reload
sudo systemctl start caddy.service

Have the caddy service start automatically on boot if you like:

sudo systemctl enable caddy.service

If caddy doesn't seem to start properly you can view the log data to help figure out what the problem is:

journalctl --boot -u caddy.service

Use log stdout and errors stderr in your Caddyfile to fully utilize systemd journaling.

If your GNU/Linux distribution does not use journald with systemd then check any logfiles in /var/log.

If you want to follow the latest logs from caddy you can do so like this:

journalctl -f -u caddy.service

You can make other certificates and private key files accessible to the www-data user with the following command:

setfacl -m user:www-data:r-- /etc/ssl/private/my.key