§2023-04-15

• Source Release
• Caddy Home Site
• Download precompiled binary

Caddy is a ULTIMATE SERVER, a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go.

-The followings are installing precompiled binary instrusttuctions by @digitalocaean

試作機器: hc4Jammy.yushei.net

1. Download precompiled binary arm64 version

$ wget https://github.com/caddyserver/xcaddy/releases/download/v0.3.2/xcaddy_0.3.2_linux_arm64.tar.gz
$ cd ..
$ mkdir Xcaddy-0.3.2 && cd S_
$ tar xvf ../src/xcaddy_0.3.2_linux_arm64.tar.gz 
$ ls -l
total 2836
-rw-r--r-- 1 alexlai alexlai   11357 Feb  7 07:44 LICENSE
-rw-r--r-- 1 alexlai alexlai    6833 Feb  7 07:44 README.md

2. Move xcaddy to /usr/bin then use it to build caddy

• requires go installed, if not sudo apt install golang-go in ubuntu, sudo pacman -S go

$ sudo cp -v xcaddy /usr/bin
$ mkdir ~/build/caddy && cd $_
$ time xcaddy build
real    5m31.525s
user    12m49.548s
sys     1m8.708s
$ ./caddy version
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

xcaddy build v2.6.1 # to specify version, but v2.4.3 not working

3. great caddy user and group

• on arch caddy:x:961:961:caddy daemon:/var/lib/caddy:/usr/bin/nologin

$ sudo groupadd --system --gid 961 caddy
$ sudo useradd --system  --gid 961 --uid 961 --create-home \
  --home-dir /var/lib/caddy \
  --shell /usr/sbin/nologin \
  --comment "Caddy web server" \
  caddy
$ grep caddy /etc/passwd
caddy:x:961:961:Caddy web server:/var/lib/caddy:/usr/sbin/nologin
$ grep caddy /etc/group
caddy:x:961:

4. cp caddy into /usr/bin

alexlai@hc4Jammy:~/build/caddy$ sudo cp -v caddy /usr/bin/
'caddy' -> '/usr/bin/caddy'
$ sudo chown root:root /usr/bin/caddy
$ sudo chmod 755 /usr/bin/caddy

5. Create a directory where you’ll store Caddy’s configuration files:

$ sudo mkdir /etc/caddy
$ sudo chown -R root:caddy /etc/caddy

6. enable automatic TLS certificate provisioning from Let’s Encrypt

sudo mkdir /etc/ssl/caddy
sudo chown -R root:caddy /etc/ssl/caddy
sudo chmod 0770 /etc/ssl/caddy

7. create a directory to store the files that Caddy will host:

sudo mkdir /var/www
sudo chown caddy:caddy /var/www

8. Get caddy.service

sudo sh -c 'curl https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service > /etc/systemd/system/caddy.service'

• /etc/systemd/system/caddy.service

# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

9. Configuring caddy

• /var/www/index.html as

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Hello from Caddy!</title>
</head>
<body>
<h1 style="font-family: sans-serif">This page is being served via Caddy</h1>
</body>
</html>

• /etc/caddy/Caddyfile as

http:// {
    root * /var/www
    encode gzip
    file_server
}

10. test

# systemctl status caddy 
● caddy.service - Caddy
     Loaded: loaded (/etc/systemd/system/caddy.service; disabled; vendor preset: enabled)
     Active: active (running) since Sat 2023-04-15 10:25:32 CST; 13s ago
       Docs: https://caddyserver.com/docs/
   Main PID: 98229 (caddy)
      Tasks: 9 (limit: 3421)
     Memory: 10.6M
        CPU: 165ms
     CGroup: /system.slice/caddy.service
             └─98229 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

Apr 15 10:25:32 hc4Jammy caddy[98229]: {"level":"warn","ts":1681525532.807849,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
Apr 15 10:25:32 hc4Jammy caddy[98229]: {"level":"info","ts":1681525532.8107123,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Apr 15 10:25:32 hc4Jammy caddy[98229]: {"level":"warn","ts":1681525532.8112032,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
Apr 15 10:25:32 hc4Jammy caddy[98229]: {"level":"info","ts":1681525532.8113337,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x40000b35e0"}
Apr 15 10:25:32 hc4Jammy caddy[98229]: {"level":"info","ts":1681525532.8131459,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Apr 15 10:25:32 hc4Jammy caddy[98229]: {"level":"info","ts":1681525532.8133574,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Apr 15 10:25:32 hc4Jammy caddy[98229]: {"level":"info","ts":1681525532.8139906,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Apr 15 10:25:32 hc4Jammy caddy[98229]: {"level":"info","ts":1681525532.8142328,"msg":"serving initial configuration"}
Apr 15 10:25:32 hc4Jammy systemd[1]: Started Caddy.
Apr 15 10:25:32 hc4Jammy caddy[98229]: {"level":"info","ts":1681525532.8153074,"logger":"tls","msg":"finished cleaning storage units"}

• The page will be display

This page is being served via Caddy