Caddy - a lightweight HTTP2 web server

[gurkendoktor]

I read about this new HTTP/2 webserver, Caddy. It's written in Go and it is really super lightweight, the binary is just 3 MB. And the best thing is, that it's super easy to use. You just put the binary in the path of your website and start caddy – and already you have an HTTP/2 server running that serves static files (and who doesn't want, as HTTP/2 is The Future™). And the best thing is: no PITA with certificates and all these thing, as Caddy has letsencrypt already built in. So as you start it, the certs get generated and your site is automatically running on an encrypted connection (which is by the way required for HTTP/2). 

The best part is however, that you can connect any backend to Caddy, for example php-fpm. This comes even with a "recipe", so you usually don't need to worry about configuration this. So I cobbled something together to have Processwire running with this server, and guess what: it works.

Almost. The site is running, but the admin area is still behaving a little bit weird. I cannot edit pages (instead I get the "bookmarks" page) and all the behaviour of the admin area is a bit strange. The other option is that I get "Unrecognized path" I believe this is still a problem with rewriting which I can't figure.

This is my Caddyfile: 

mydomain.com {
        root /var/www/mypath
        fastcgi / unix:/run/php/php7.0-fpm.sock  php

        rewrite  {
                regexp .*
                ext /
                to /index.php?it={dir}&{args}#{frag}
        }
}

I go crazy with the rewriting. Here is the documentation, maybe someone has an idea.

Thanks and maybe you have a reason now to try Caddy yourself. 

[gurkendoktor]

OK, got it. 

         rewrite  {

                regexp .*
                ext /
                to /index.php?it={path}&{query}&{args}#{frag}
        }

Admin area is working!!! Still no uploads possible, but this might also have another reason. 

[LostKobrakai]

This sounds useful, but I'm not sure about sending all request (assets!) through php-fpm, even if they could be directly served.

[gurkendoktor]

Yes, this is the basic setup. With this, it's running. Of course you can define rules and everything, like in nginx.

To be honest, I'm not even sure if I would want this server to be in a production environment. I just like playing around with things, and I like how straightforward and simple this is  

[pwFoo]

I found Caddy a short time ago and it sounds really interesting.

If I have some time I also will start tests. Maybe it could be useful for some setups / sites

Extensions are also nice

https://caddyserver.com/docs/git

[pwFoo]

Image upload could be the following 500 error?

"POST /index.php?it=/admin/page/edit/&id=1004&InputfieldFileAjax=1&{args} HTTP/2.0" 500 228

No time to take a closer look yet... But looks PW@caddy seems to be fast

Caddyfile

https:example.com {
    root public_html

    fastcgi / 127.0.0.1:9000 {
#        ext .php .module
         ext .php
    }

    internal /forbidden

    rewrite {
      r /\.
      to /forbidden
    }
    rewrite {
      r /(COPYRIGHT|LICENSE|README|htaccess)\.txt
      to /forbidden
    }
    rewrite {
        r ^/site(-[^/]+)?/assets/(.*\.php|backups|cache|config|install|logs|sessions)
        to /forbidden
    }
    rewrite {
        r ^/site(-[^/]+)?/install
        to /forbidden
    }
    rewrite {
        r ^/(site(-[^/]+)?|wire)/(config(-dev)?|index\.config)\.php
        to /forbidden
    }
    rewrite {
        r ^/((site(-[^/]+)?|wire)/modules|wire/core)/.*\.(inc|module|php|tpl)
        to /forbidden
    }
    rewrite {
        r ^/(site(-[^/]+)?|wire)/templates(-admin)?/.*\.(inc|html?|php|tpl)
        to /forbidden
    }

    # GLOBAL
    rewrite {
        r .*
        ext /
        to /index.php?it={path}&{query}
#        to /index.php?it={path}&{query}&{args}#{frag}
#        to /index.php?it={uri}&{query}
#        to {uri} {uri}/ /index.php?it={uri}&{query}
    }

  log logs/access.log {
    rotate {
      size      50
      age       7
      keep      5
    }
  }
  errors {
    log logs/error.log {
      size      50
      age       7
      keep      5
    }
  }
}

Next release will have some improvements to replace like that

to {uri} {uri}/ /index.php?it={uri}&{query}

=> file if exists OR directory if exists OR rewrite to index.php...

Maybe some PW directories should be moved to make htaccess file / nginx | caddy rewrite easier and much shorter (disallowed directories could be moved to a sub directory?).

[gurkendoktor]

i see myself in your rewrite { } section

[pwFoo]

Yes, your rewrite works, but with the next release it should be replaced with

to {uri} {uri}/ /index.php?it={uri}&{query}

We'll see

[LostKobrakai]

I just noticed, that this might actually be a great option for packing offline, html+js only apps for clients (e.g. localstorage needs an server to function). Just let them double-click the thing and it's working. 

[pwFoo]

It could also used as docker http/s reverse proxy with ssl offloading. No need to renew and replace certificates.

With a second container (docker-gen) the Caddyfile will be generated / updated and the server process notified to reload. First test works (with generated Caddyfile, but at the moment manual reload).

[gurkendoktor]

I just noticed, that this might actually be a great option for packing offline, html+js only apps for clients (e.g. localstorage needs an server to function). Just let them double-click the thing and it's working. 

Yes, or to work with designers and give them an easy way to start the project.

Or as a replacement for MAMP / XAMP / whatever. For everyone who needs a local dev server and doesn't want to bother with Docker or Vagrant

[gurkendoktor]

It could also used as docker http/s reverse proxy with ssl offloading. No need to renew and replace certificates.

With a second container (docker-gen) the Caddyfile will be generated / updated and the server process notified to reload. First test works (with generated Caddyfile, but at the moment manual reload).

Why you want a second Docker container? Or do you mean the Docker container that is to be proxied is generating the Caddyfile?

Well I thought of putting together a Docker container / Dockerfile for Processwire, why not also make one with Caddy? Only issue is that my Docker skills are rather on the user side

[pwFoo]

Take a look at docker-gen (https://github.com/jwilder/docker-gen) and

nginx-proxy (https://hub.docker.com/r/jwilder/nginx-proxy/).

Docker-gen needs access to the docker socket. Because of the exposed proxy ports (80,443) I build two separated containers.

Just replace nginx with caddy.

The revProxy (docker-gen, caddy) helps to work with multiple webspaces / hostings, SSL and ssl offloading. If you add / remove webspaces caddy proxy will be notified and update the Caddyfile.

A webspace is based on different linked containers (webserver, php-fpm, persistent volume). Because of memory usage I use a global MySQL container instead of a own container for each webspace.

[gurkendoktor]

I personally use docker solely for local development, but in the way it is intended (i.e. 3 containers per project). For my own webhosting, I don't use it yet. We had a live docker env in the company however, as a first "live test" of deployment and operations. It's also running behind nginx.

However, the SSL offloading with the easy letsencrypt cert generation is one main reason to at least keep a keen eye on Caddy. I think I might migrate one of my VPS to this one just proxying. Let's see. 

[bombemedia]

Would Caddy be safe for production environment ? I really like having automatic SSL.

I have 2 low traffic websites that currently run on Digital Ocean, with a simple Apache2/Mysql setup.

I want to host both websites on the same droplet and will need SSL for simple forms.

[gurkendoktor]

"low traffic" is not "production"  

but yes, you're right: you want no downtime, however much traffic you have. in terms of reliability I really don't have so much experience with caddy yet. I don't know how much you know about the init/upstart or supervisord processes of unix / linux. if your answer is "what?" – stick to apache. otherwise you can at least duct-tape a nice environment which should be quite reliable.

If you only want to have "automatic SSL" you can install the letsencrypt-client (https://letsencrypt.org/). This comes with Apache integration, which saves you a lot of hassle in generating certificates and updating your config – it runs more or less automatically.

I want to host both websites on the same droplet and will need SSL for simple forms.

I suggest you run all your websites on SSL. And not only the forms, but the complete site. On low traffic sites, it doesn't matter that you put a bit more load on the server. What you gain from it (and more so your audience / visitors) is well worth it.

[gurkendoktor]

There is also a forum thread about letsencrypt: https://processwire.com/talk/topic/8338-free-ssl-from-q2-2015/

[pwired]

Is a processwire backend compatible/working with caddy ? mysql ?

[gurkendoktor]

should be, but see pwFoo and my posts about image uploading. mysql is not the problem, as this is a task of a a process further "in the back" such as PHP or HHVM. I'm currently traveling, as soon as I'm back I'll have a look and will post an answer to this (approx. weekend)

[pwFoo]

At the moment caddy is used as revproxy in my test environment, but would also do more tests with caddy as apache replacement.

With some rewrite rules backend, frontend, url rewrite like done with htaccess seems to work, but image upload doesn't work (get a 500 error also with optimized rewrite). I don't know why, but will do more tests as soon as I'm have some time...

[pwFoo]

I fixed the image upload issue and think I shouldn't post it here... 

I take a closer look...

Nothing in the caddy error log, access.log shows me the 500 error code. 

Look into the PW error log...

Error:  Call to undefined function ProcessWire\mb_strtolower() (line 378 of /home/caddy/public_html/wire/core/WireUpload.php)

Then ...      no, it was more like

 

Solution (CentOS):

yum install php-mbstring 

Upload works fine. It's NOT a PW or Caddy bug! Just a missing PHP package

Done some more testing (add / edit fields, edit content, upload images, insert images, ... works fine

But frontend edit doesn't work. Nothing happend during click the "Save" button. Also no log entry (access, error or PW).

[OrganizedFellow]

Glad to see some progress being made here.

Is there direct support on Caddy from the developer?

[gurkendoktor]

Hmm, there are message boards and everything, and a small community. You might be able to get "direct support", but in case of bugs or feature request I suggest opening an issue on GitHub. This is the problem with new things, there is not a solution to every newly discovered problem yet

[Beluga]

Any more interesting problems discovered?

pwFoo: did you get the frontend stuff working?

If you are confident that it works flawlessly, the a guide could be added to https://github.com/caddyserver/examples

[pwFoo]

At the moment I'm playing with docker and docker gui apps, but I'll move back to Caddy and PW soon...

But frontend edit doesn't work. Nothing happend during click the "Save" button. Also no log entry (access, error or PW).

Don't know if it's a Caddy bug... Haven't tested it again.

You will get support and answers. Also the developers are helping with examples.