git ssb

0+

Rômulo Alves / website



Commit f46ef21400fa104ed9a1f41f7d389ea002f5a4fc

Adding Caddy server

Rômulo Alves committed on 4/6/2017, 11:29:29 PM
Parent: 9463914bacee0c5f97d3a89696bf64a3fe3c2e0b

Files changed

gulpfile.jschanged
src/index.htmlchanged
src/Caddyfileadded
src/Dockerfileadded
caddy/caddyadded
caddy/init/README.mdadded
caddy/init/freebsd/caddyadded
caddy/init/linux-systemd/README.mdadded
caddy/init/linux-systemd/caddy.serviceadded
caddy/init/linux-sysvinit/README.mdadded
caddy/init/linux-sysvinit/caddyadded
caddy/init/linux-upstart/README.mdadded
caddy/init/linux-upstart/caddy.confadded
caddy/init/linux-upstart/caddy.conf.centos-6added
caddy/init/linux-upstart/caddy.conf.ubuntu-12.04added
caddy/init/mac-launchd/README.mdadded
caddy/init/mac-launchd/com.caddyserver.web.plistadded
gulpfile.jsView
@@ -14,8 +14,8 @@
1414 }))
1515 .pipe(gulp.dest('dist/')))
1616
1717 gulp.task('copy', () =>
18- gulp.src('./src/favicon.png')
18+ gulp.src(['./src/favicon.png', './src/Dockerfile', './src/Caddyfile', './caddy/**/*'])
1919 .pipe(gulp.dest('dist/')))
2020
2121 gulp.task('default', ['usemin', 'copy'])
src/index.htmlView
@@ -34,9 +34,9 @@
3434 E-mail
3535 </a>
3636 </li>
3737 <li class="no-margin-right">
38- <a href="https://blog.romuloalv.es" title="blog" target="_blank">
38+ <a href="https://medium.com/@romuloalves" title="blog" target="_blank">
3939 Blog
4040 </a>
4141 </li>
4242 </ul>
src/CaddyfileView
@@ -1,0 +1,6 @@
1+romuloalv.es, www.romuloalv.es, romulo.pro, www.romulo.pro {
2+ tls me@romuloalv.es
3+
4+ gzip
5+ ext .html
6+}
src/DockerfileView
@@ -1,0 +1,10 @@
1+FROM alpine
2+
3+RUN apk --no-cache add curl
4+
5+COPY * /
6+
7+EXPOSE 80
8+EXPOSE 443
9+
10+CMD ["./caddy", "-conf=/Caddyfile", "-agree"]
caddy/caddyView
The diff is too large to show. Use a local git client to view these changes.
Old file size: 0 bytes
New file size: 15616331 bytes
caddy/init/README.mdView
@@ -1,0 +1,28 @@
1+Init/Service Scripts
2+====================
3+
4+This folder contains init/service scripts for using Caddy on various Linux and BSD distributions. They are created and maintained by the community.
5+
6+## Getting Help
7+
8+Different scripts have different maintainers; please consult the comments in the file and any README for assistance setting it up. Do not open an issue on the Caddy project about these scripts; instead, to ask a question or suggest a change, please contact the maintainer of the script directly.
9+
10+## Disclaimer
11+
12+The files contained herein are not officially supported by the Caddy project author and/or contributors, and as such, the files are not endorsed by the same. The Caddy project author and its contributors are not responsible for the function or malfunction of these scripts/files, or any unintended consequences to your system or website in attempting to set up Caddy. Users are expected to know how to administer their system, and these files should be considered as only a guide or suggestion for using Caddy in certain environments.
13+
14+## Guidelines
15+
16+The files distributed here should adhere to these principles where relevant (adjust accordingly for each system/platform):
17+
18+- Don't run as root.
19+- Create a no-shell default user to run it.
20+- Raise file descriptor limits.
21+- Don't restart endlessly; if Caddy fails to start, there's a reason -- fix it, don't hammer it.
22+- Allow Caddy to re-use the same, persistent folder for storage.
23+- Stay as simple and minimal as possible.
24+- Be idempotent.
25+- Use comments to explain unexpected or unusual lines/patterns.
26+- Be secure by default.
27+
28+Thank you for using Caddy! May it serve you well.
caddy/init/freebsd/caddyView
@@ -1,0 +1,83 @@
1+#!/bin/sh
2+#
3+# PROVIDE: caddy
4+# REQUIRE: networking
5+# KEYWORD: shutdown
6+
7+#
8+# Add the following lines to /etc/rc.conf to enable caddy:
9+# caddy_enable (bool): Set to "NO" by default.
10+# Set it to "YES" to enable caddy
11+#
12+# caddy_cert_email (str): Set to "" by default.
13+# Defines the SSL certificate issuer email. By providing an
14+# email address you automatically agree to letsencrypt.org's
15+# general terms and conditions
16+#
17+# caddy_bin_path (str): Set to "/usr/local/bin/caddy" by default.
18+# Provides the path to the caddy server executable
19+#
20+# caddy_cpu (str): Set to "99%" by default.
21+# Configures, how much CPU capacity caddy may gain
22+#
23+# caddy_config_path (str): Set to "/usr/local/www/Caddyfile" by default.
24+# Defines the path for the configuration file caddy will load on boot
25+#
26+# caddy_run_user (str): Set to "root" by default.
27+# Defines the user that caddy will run on
28+#
29+
30+. /etc/rc.subr
31+
32+name="caddy"
33+rcvar="${name}_enable"
34+
35+load_rc_config $name
36+: ${caddy_enable:=no}
37+: ${caddy_cert_email=""}
38+: ${caddy_bin_path="/usr/local/bin/caddy"}
39+: ${caddy_cpu="99%"} # was a bug for me that caused a crash within jails
40+: ${caddy_config_path="/usr/local/www/Caddyfile"}
41+: ${caddy_run_user="root"}
42+
43+if [ "$caddy_cert_email" = "" ]
44+then
45+ echo "rc variable \$caddy_cert_email is not set. Please provide a valid SSL certificate issuer email."
46+ exit 1
47+fi
48+
49+pidfile="/var/run/caddy.pid"
50+logfile="/var/log/caddy.log"
51+
52+command="${caddy_bin_path} -log ${logfile} -cpu ${caddy_cpu} -conf ${caddy_config_path} -agree -email ${caddy_cert_email}"
53+
54+start_cmd="caddy_start"
55+status_cmd="caddy_status"
56+stop_cmd="caddy_stop"
57+
58+caddy_start() {
59+ echo "Starting ${name}..."
60+ /usr/sbin/daemon -u ${caddy_run_user} -c -p ${pidfile} -f ${command}
61+}
62+
63+caddy_status() {
64+ if [ -f ${pidfile} ]; then
65+ echo "${name} is running as $(cat $pidfile)."
66+ else
67+ echo "${name} is not running."
68+ return 1
69+ fi
70+}
71+
72+caddy_stop() {
73+ if [ ! -f ${pidfile} ]; then
74+ echo "${name} is not running."
75+ return 1
76+ fi
77+
78+ echo -n "Stopping ${name}..."
79+ kill -KILL $(cat $pidfile) 2> /dev/null && echo "stopped"
80+ rm -f ${pidfile}
81+}
82+
83+run_rc_command "$1"
caddy/init/linux-systemd/README.mdView
@@ -1,0 +1,128 @@
1+# systemd Service Unit for Caddy
2+
3+Please do not hesitate to ask on
4+[caddyserver/support](https://gitter.im/caddyserver/support)
5+if you have any questions. Feel free to prepend to your question
6+the username of whoever touched the file most recently, for example
7+`@wmark re systemd: …`.
8+
9+The provided file should work with systemd version 219 or later. It might work with earlier versions.
10+The easiest way to check your systemd version is to look at the version of the installed package
11+(e.g. 'sudo yum info systemd' on RedHat/Fedora systems).
12+
13+## Instructions
14+
15+We will assume the following:
16+
17+* that you want to run caddy as user `www-data` and group `www-data`, with UID and GID 33
18+* you are working from a non-root user account that can use 'sudo' to execute commands as root
19+
20+Adjust as necessary or according to your preferences.
21+
22+First, put the caddy binary in the system wide binary directory and give it
23+appropriate ownership and permissions:
24+
25+```bash
26+sudo cp /path/to/caddy /usr/local/bin
27+sudo chown root:root /usr/local/bin/caddy
28+sudo chmod 755 /usr/local/bin/caddy
29+```
30+
31+Give the caddy binary the ability to bind to privileged ports (e.g. 80, 443) as a non-root user:
32+
33+```bash
34+sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
35+```
36+
37+Set up the user, group, and directories that will be needed:
38+
39+```bash
40+sudo groupadd -g 33 www-data
41+sudo useradd \
42+ -g www-data --no-user-group \
43+ --home-dir /var/www --no-create-home \
44+ --shell /usr/sbin/nologin \
45+ --system --uid 33 www-data
46+
47+sudo mkdir /etc/caddy
48+sudo chown -R root:www-data /etc/caddy
49+sudo mkdir /etc/ssl/caddy
50+sudo chown -R www-data:root /etc/ssl/caddy
51+sudo chmod 0770 /etc/ssl/caddy
52+```
53+
54+Place your caddy configuration file ("Caddyfile") in the proper directory
55+and give it appropriate ownership and permissions:
56+
57+```bash
58+sudo cp /path/to/Caddyfile /etc/caddy/
59+sudo chown www-data:www-data /etc/caddy/Caddyfile
60+sudo chmod 444 /etc/caddy/Caddyfile
61+```
62+
63+Create the home directory for the server and give it appropriate ownership
64+and permissions:
65+
66+```bash
67+sudo mkdir /var/www
68+sudo chown www-data:www-data /var/www
69+sudo chmod 555 /var/www
70+```
71+
72+Let's assume you have the contents of your website in a directory called 'example.com'.
73+Put your website into place for it to be served by caddy:
74+
75+```bash
76+sudo cp -R example.com /var/www/
77+sudo chown -R www-data:www-data /var/www/example.com
78+sudo chmod -R 555 /var/www/example.com
79+```
80+
81+You'll need to explicitly configure caddy to serve the site from this location by adding
82+the following to your Caddyfile if you haven't already:
83+
84+```
85+example.com {
86+ root /var/www/example.com
87+ ...
88+}
89+```
90+
91+Install the systemd service unit configuration file, reload the systemd daemon,
92+and start caddy:
93+
94+```bash
95+sudo cp caddy.service /etc/systemd/system/
96+sudo chown root:root /etc/systemd/system/caddy.service
97+sudo chmod 744 /etc/systemd/system/caddy.service
98+sudo systemctl daemon-reload
99+sudo systemctl start caddy.service
100+```
101+
102+Have the caddy service start automatically on boot if you like:
103+
104+```bash
105+sudo systemctl enable caddy.service
106+```
107+
108+If caddy doesn't seem to start properly you can view the log data to help figure out what the problem is:
109+
110+```bash
111+journalctl --boot -u caddy.service
112+```
113+
114+Use `log stdout` and `errors stderr` in your Caddyfile to fully utilize systemd journaling.
115+
116+If your GNU/Linux distribution does not use *journald* with *systemd* then check any logfiles in `/var/log`.
117+
118+If you want to follow the latest logs from caddy you can do so like this:
119+
120+```bash
121+journalctl -f -u caddy.service
122+```
123+
124+You can make other certificates and private key files accessible to the `www-data` user with the following command:
125+
126+```bash
127+setfacl -m user:www-data:r-- /etc/ssl/private/my.key
128+```
caddy/init/linux-systemd/caddy.serviceView
@@ -1,0 +1,48 @@
1+[Unit]
2+Description=Caddy HTTP/2 web server
3+Documentation=https://caddyserver.com/docs
4+After=network-online.target
5+Wants=network-online.target systemd-networkd-wait-online.service
6+
7+[Service]
8+Restart=on-failure
9+StartLimitInterval=86400
10+StartLimitBurst=5
11+
12+; User and group the process will run as.
13+User=www-data
14+Group=www-data
15+
16+; Letsencrypt-issued certificates will be written to this directory.
17+Environment=CADDYPATH=/etc/ssl/caddy
18+
19+; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
20+ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
21+ExecReload=/bin/kill -USR1 $MAINPID
22+
23+; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
24+LimitNOFILE=1048576
25+; Unmodified caddy is not expected to use more than that.
26+LimitNPROC=64
27+
28+; Use private /tmp and /var/tmp, which are discarded after caddy stops.
29+PrivateTmp=true
30+; Use a minimal /dev
31+PrivateDevices=true
32+; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
33+ProtectHome=true
34+; Make /usr, /boot, /etc and possibly some more folders read-only.
35+ProtectSystem=full
36+; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
37+; This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
38+ReadWriteDirectories=/etc/ssl/caddy
39+
40+; The following additional security directives only work with systemd v229 or later.
41+; They further retrict privileges that can be gained by caddy. Uncomment if you like.
42+; Note that you may have to add capabilities required by any plugins in use.
43+;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
44+;AmbientCapabilities=CAP_NET_BIND_SERVICE
45+;NoNewPrivileges=true
46+
47+[Install]
48+WantedBy=multi-user.target
caddy/init/linux-sysvinit/README.mdView
@@ -1,0 +1,11 @@
1+SysVinit conf for Caddy
2+=======================
3+
4+Usage
5+-----
6+
7+* Download the appropriate Caddy binary in `/usr/local/bin/caddy` or use `curl https://getcaddy.com | bash`.
8+* Save the SysVinit config file in `/etc/init.d/caddy`.
9+* Ensure that the folder `/etc/caddy` exists and that the subfolder `ssl` is owned by `www-data`.
10+* Create a Caddyfile in `/etc/caddy/Caddyfile`
11+* Now you can use `service caddy start|stop|restart|reload|status` as `root`.
caddy/init/linux-sysvinit/caddyView
@@ -1,0 +1,93 @@
1+#!/bin/sh
2+### BEGIN INIT INFO
3+# Provides: caddy
4+# Required-Start: $local_fs $network $named $time $syslog
5+# Required-Stop: $local_fs $network $named $time $syslog
6+# Default-Start: 2 3 4 5
7+# Default-Stop: 0 1 6
8+# Short-Description: starts the caddy web server
9+# Description: starts caddy using start-stop-daemon
10+### END INIT INFO
11+
12+# Original Author: Frédéric Galusik (fredg)
13+# Maintainer: Daniel van Dorp (djvdorp)
14+
15+DESC="the caddy web server"
16+NAME=caddy
17+DAEMON=$(which caddy)
18+
19+DAEMONUSER=www-data
20+PIDFILE=/var/run/$NAME.pid
21+LOGFILE=/var/log/$NAME.log
22+CONFIGFILE=/etc/caddy/Caddyfile
23+DAEMONOPTS="-agree=true -pidfile=$PIDFILE -log=$LOGFILE -conf=$CONFIGFILE"
24+
25+USERBIND="setcap cap_net_bind_service=+ep"
26+STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}"
27+
28+test -x $DAEMON || exit 0
29+
30+# Set the CADDYPATH; Let's Encrypt certificates will be written to this directory.
31+export CADDYPATH=/etc/caddy/ssl
32+
33+# Set the ulimits
34+ulimit -n 8192
35+
36+
37+start() {
38+ $USERBIND $DAEMON
39+ start-stop-daemon --start --quiet --make-pidfile --pidfile $PIDFILE \
40+ --background --chuid $DAEMONUSER --oknodo --exec $DAEMON -- $DAEMONOPTS
41+}
42+
43+stop() {
44+ start-stop-daemon --stop --quiet --pidfile $PIDFILE --retry=$STOP_SCHEDULE \
45+ --name $NAME --oknodo
46+ rm -f $PIDFILE
47+}
48+
49+reload() {
50+ start-stop-daemon --stop --quiet --signal USR1 --pidfile $PIDFILE \
51+ --name $NAME
52+}
53+
54+status() {
55+ if [ -f $PIDFILE ]; then
56+ if kill -0 $(cat "$PIDFILE"); then
57+ echo "$NAME is running"
58+ else
59+ echo "$NAME process is dead, but pidfile exists"
60+ fi
61+ else
62+ echo "$NAME is not running"
63+ fi
64+}
65+
66+case "$1" in
67+ start)
68+ echo "Starting $NAME"
69+ start
70+ ;;
71+ stop)
72+ echo "Stopping $NAME"
73+ stop
74+ ;;
75+ restart)
76+ echo "Restarting $NAME"
77+ stop
78+ start
79+ ;;
80+ reload)
81+ echo "Reloading $NAME configuration"
82+ reload
83+ ;;
84+ status)
85+ status
86+ ;;
87+ *)
88+ echo "Usage: $0 {start|stop|restart|reload|status}"
89+ exit 2
90+ ;;
91+esac
92+
93+exit 0
caddy/init/linux-upstart/README.mdView
@@ -1,0 +1,14 @@
1+Upstart conf for Caddy
2+=====================
3+
4+Usage
5+-----
6+
7+Usage in this blogpost: [Running Caddy Server as a service with Upstart](https://denbeke.be/blog/servers/running-caddy-server-as-a-service/).
8+Short recap:
9+
10+* Download Caddy in `/usr/local/bin/caddy` and execute `sudo setcap cap_net_bind_service=+ep /usr/local/bin/caddy`.
11+* Save the appropriate upstart config file in `/etc/init/caddy.conf`.
12+* Ensure that the folder `/etc/caddy` exists and that the subfolder .caddy is owned by `www-data`.
13+* Create a Caddyfile in `/etc/caddy/Caddyfile`.
14+* Now you can use `sudo service caddy start|stop|restart`.
caddy/init/linux-upstart/caddy.confView
@@ -1,0 +1,25 @@
1+description "Caddy HTTP/2 web server"
2+
3+start on runlevel [2345]
4+stop on runlevel [016]
5+
6+console log
7+
8+setuid www-data
9+setgid www-data
10+
11+respawn
12+respawn limit 10 5
13+
14+reload signal SIGUSR1
15+
16+# Let's Encrypt certificates will be written to this directory.
17+env CADDYPATH=/etc/caddy
18+
19+limit nofile 1048576 1048576
20+
21+script
22+ cd /etc/caddy
23+ rootdir="$(mktemp -d -t "caddy-run.XXXXXX")"
24+ exec /usr/local/bin/caddy -agree -log=stdout -conf=/etc/caddy/Caddyfile -root=$rootdir
25+end script
caddy/init/linux-upstart/caddy.conf.centos-6View
@@ -1,0 +1,28 @@
1+description "Caddy HTTP/2 web server"
2+
3+start on runlevel [2345]
4+stop on runlevel [016]
5+
6+# centos 6 upstart version does not support console
7+console log
8+
9+# centos 6 upstart version does not support setuid/setgid
10+setuid www-data
11+setgid www-data
12+
13+respawn
14+respawn limit 10 5
15+
16+# centos 6 upstart version does not support reload
17+reload signal SIGUSR1
18+
19+# Let's Encrypt certificates will be written to this directory.
20+env CADDYPATH=/etc/caddy
21+
22+limit nofile 1048576 1048576
23+
24+script
25+ cd /etc/caddy
26+ rootdir="$(mktemp -d -t "caddy-run.XXXXXX")"
27+ exec /usr/local/bin/caddy -agree -log=stdout -conf=/etc/caddy/Caddyfile -root=$rootdir
28+end script
caddy/init/linux-upstart/caddy.conf.ubuntu-12.04View
@@ -1,0 +1,26 @@
1+description "Caddy HTTP/2 web server"
2+
3+start on runlevel [2345]
4+stop on runlevel [016]
5+
6+console log
7+
8+setuid www-data
9+setgid www-data
10+
11+respawn
12+respawn limit 10 5
13+
14+# 12.04 upstart version does not support reload
15+#reload signal SIGUSR1
16+
17+# Let's Encrypt certificates will be written to this directory.
18+env CADDYPATH=/etc/caddy
19+
20+limit nofile 1048576 1048576
21+
22+script
23+ cd /etc/caddy
24+ rootdir="$(mktemp -d -t "caddy-run.XXXXXX")"
25+ exec /usr/local/bin/caddy -agree -log=stdout -conf=/etc/caddy/Caddyfile -root=$rootdir
26+end script
caddy/init/mac-launchd/README.mdView
@@ -1,0 +1,12 @@
1+launchd service for macOS
2+=========================
3+
4+This is a sample file for a *launchd* service on Mac.
5+Edit the paths and email in the plist file to match your info.
6+
7+Start and Stop the Caddy launchd service using the following commands:
8+
9+ $ launchctl load ~/Library/LaunchAgents/com.caddyserver.web.plist
10+ $ launchctl unload ~/Library/LaunchAgents/com.caddyserver.web.plist
11+
12+More information can be found in this blogpost: [Running Caddy as a service on macOS X server](https://denbeke.be/blog/software/running-caddy-as-a-service-on-macos-os-x-server/)
caddy/init/mac-launchd/com.caddyserver.web.plistView
@@ -1,0 +1,31 @@
1+<?xml version="1.0" encoding="UTF-8"?>
2+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
3+<plist version="1.0">
4+ <dict>
5+ <key>Label</key>
6+ <string>com.caddyserver.web</string>
7+ <key>EnvironmentVariables</key>
8+ <dict>
9+ <key>HOME</key>
10+ <string>/Users/mathias</string>
11+ </dict>
12+ <key>ProgramArguments</key>
13+ <array>
14+ <string>sh</string>
15+ <string>-c</string>
16+ <string>ulimit -n 8192; cd /Users/mathias/Sites; ./caddy -agree -email my_email@domain.com -conf=/Users/mathias/Sites/Caddyfile</string>
17+ </array>
18+ <key>UserName</key>
19+ <string>www</string>
20+ <key>RunAtLoad</key>
21+ <true/>
22+ <key>KeepAlive</key>
23+ <true/>
24+ <key>WorkingDirectory</key>
25+ <string>/Users/mathias/Sites</string>
26+ <key>StandardOutPath</key>
27+ <string>/Users/mathias/Sites/caddy.log</string>
28+ <key>StandardErrorPath</key>
29+ <string>/Users/mathias/Sites/caddy_error.log</string>
30+ </dict>
31+</plist>

Built with git-ssb-web