Caddy - a lightweight HTTP2 web server

[pwired]

Can you use Caddy like Wamp or Lamp ? I don't see a gui or a database part of it so what's the point, static html ?

[LostKobrakai]

Caddy is another webserver like apache or nginx. It's not meant to be a all-in-one dev environment. 

[Beluga]

Can you use Caddy like Wamp or Lamp ? I don't see a gui or a database part of it so what's the point, static html ?

https://caddyserver.com/docs/faq

What's on the roadmap for Caddy?

Exciting things. Here's what's coming:

• API for remote management
• Web-based control panel

These aren't in any particular order and are subject to change, but Caddy is well on its way to making these things happen.

(don't want to spam, so edit): Wow, I just got this to work on an Arch Linux server Just testing with a static file for now.

The package is in AUR: https://aur.archlinux.org/packages/caddy

I used git clone and then the makepkg command.

I did edit the .service file and remove -host="::" -port="80" as they did not seem to be working. It launched with HTTPS even with that -port parameter, so I put everything to the caddy.conf file.

I noticed in the logs when it tried to create the Let's Encrypt cert that the user (http) could not write to /srv/http, so I did this to prevent confusion in the future:

sudo chown http /srv/http

 

I put the log files to a new folder and gave http user ownership:

sudo mkdir /var/log/www

sudo chown http /var/log/www

[Beluga]

Ok, now getting to the fun stuff.

PHP message: PHP Fatal error:  Class 'ProcessPageType' not found in /var/www/user/pw/wire/modules/LanguageSupport/ProcessLanguage.module on line 18
08/Mar/2016:21:06:48 +0200 [ERROR 200 /index.php] PHP message: PHP Fatal error:  Uncaught Error: Call to a member function ready() on null in /var/www/user/pw/wire/core/ProcessWire.php:351
Stack trace:
#0 /var/www/user/pw/wire/core/Wire.php(398): ProcessWire->___ready()
#1 /var/www/user/pw/wire/core/Wire.php(333): Wire->runHooks('ready', Array)
#2 /var/www/user/pw/wire/core/ProcessWire.php(404): Wire->__call('ready', Array)
#3 /var/www/user/pw/wire/core/ProcessWire.php(324): ProcessWire->__call('ready', Array)
#4 /var/www/user/pw/wire/modules/Process/ProcessPageView.module(227): ProcessWire->setStatus(4)
#5 /var/www/user/pw/wire/core/Wire.php(398): ProcessPageView->___ready()
#6 /var/www/user/pw/wire/core/Wire.php(333): Wire->runHooks('ready', Array)
#7 /var/www/user/pw/wire/modules/Process/ProcessPageView.module(152): Wire->__call('ready', Array)
#8 /var/www/user/pw/wire/core/Wire.php(398): ProcessPageView->___execute(true)
#9 /var/www/user/pw/wire/core/Wire.php(333): Wire->runHooks('execute', Array)
#10 /var/...
PHP message: PHP Fatal error:  Class 'ProcessPageType' not found in /var/www/user/pw/wire/modules/LanguageSupport/ProcessLanguage.module on line 18

I'm using pwFoo's config and the only thing I changed was this section:

http://mysite.eu:80 {

    root /var/www/user/pw

fastcgi / /var/run/php-fpm/php-fpm.sock {
         ext .php
    }

PHP in itself works, as phpinfo(); works ok.

Any tips on troubleshooting?

Btw. I also noticed this in the error log:

08/Mar/2016:20:50:45 +0200 [ERROR 403 /] Access to the script '/var/www/user/pw' has been denied (see security.limit_extensions)

So it seems "the script" is the folder name..? Is there any harm in that? I did try temporarily setting security.limit_extensions to FALSE in php-fpm's www.conf, but it was not the cause of the PHP fatal error.

[Beluga]

If I change the #GLOBAL rewrite to

to {path} {path}/ /index.php?it={path}&{query}

I get "Access denied" from my site root. If I visit index.php, I get the same fatal error as in my previous message.

This rewrite setting seems to be the one that also produces the "Access to the script has been denied" error seen in the log.

edit: the docs/blogs other sources are a bit confusing. I guess it should be {uri} instead of {path} after all, but the rewrite docs only speak of {path} and {uri} is mentioned in the blog and the source code. Yet, the net result was the same access denied.

[gurkendoktor]

which user / group and permissions does this folder have? to which user does your php process belong (ps aux)? 

[Beluga]

which user / group and permissions does this folder have? to which user does your php process belong (ps aux)? 

Folder and files owned by user and group: http

Files were ftp'd directly from a working PW installation so permissions stayed intact.

in /etc/php/php-fpm.d/www.conf I have:

user = http

group = http

From sudo ps aux | grep php:

root      4554  0.0  0.1  99696  7268 ?        Ss   22:26   0:00 php-fpm: master process (/etc/php/php-fpm.conf)
http      4555  0.0  0.0  99696  3500 ?        S    22:26   0:00 php-fpm: pool www
http      4556  0.0  0.0  99696  3500 ?        S    22:26   0:00 php-fpm: pool www

[cstevensjr]

Folder and files owned by user and group: http

Files were ftp'd directly from a working PW installation so permissions stayed intact.

in /etc/php/php-fpm.d/www.conf I have:

user = http

group = http

From sudo ps aux | grep php:

root      4554  0.0  0.1  99696  7268 ?        Ss   22:26   0:00 php-fpm: master process (/etc/php/php-fpm.conf)
http      4555  0.0  0.0  99696  3500 ?        S    22:26   0:00 php-fpm: pool www
http      4556  0.0  0.0  99696  3500 ?        S    22:26   0:00 php-fpm: pool www

Maybe nothing at all,  I wouldn't be using "http" as an user or group name in Linux/Unix or any Operating System.

[Beluga]

Maybe nothing at all,  I wouldn't be using "http" as an user or group name in Linux/Unix or any Operating System.

Ah you mean having security by obscurity? http is an existing user and group at least in the Arch Linux automated install in OVH Kimsufi.

Note that when I temporarily set security.limit_extensions to FALSE in php-fpm's www.conf, it makes the "Access denied" go away and change to "No input file specified". This was in the log after the change and access attempt:

10/Mar/2016:20:42:56 +0200 [ERROR 404 /] PHP message: PHP Warning: Unknown: failed to open stream: Success in Unknown on line 0

Unable to open primary script: /var/www/user/pw (Success)

[Beluga]

Ok, guys, I'll go back to good old Apache + regular PHP tomorrow, so last chance to give any debugging tips..

[Beluga]

Whew! I got help from Caddy developer abiosoft and now I have a working ProcessWire config! It is included below. Note certain things:

- the "php" in the fastcgi line defines a preset, so we don't need to use any "ext" stuff.

- the new style rewrite which does not use {uri}: to {path} {path}/ /index.php?it={path}&{query}

Abiosoft is also looking into a webtrees instance I have. So far the routing is solved by a workaround of adding a /slash to a certain line the webtrees index.php. Once the issue is solved properly, I can publish the Caddy config on the webtrees forum

I urge everyone using Caddy with PW to donate bitcoins to abiosoft!
 

https://mysite.com, https://www.mysite.com {
    root /wherever/your/files/are

    fastcgi / unix:/var/run/php-fpm/php-fpm.sock php

    internal /forbidden

    rewrite {
        r /\.
        to /forbidden
    }
    rewrite {
        r /(COPYRIGHT|LICENSE|README|htaccess)\.txt
        to /forbidden
    }
    rewrite {
        r ^/site(-[^/]+)?/assets/(.*\.php|backups|cache|config|install|logs|sessions)
        to /forbidden
    }
    rewrite {
        r ^/site(-[^/]+)?/install
        to /forbidden
    }
    rewrite {
        r ^/(site(-[^/]+)?|wire)/(config(-dev)?|index\.config)\.php
        to /forbidden
    }
    rewrite {
        r ^/((site(-[^/]+)?|wire)/modules|wire/core)/.*\.(inc|module|php|tpl)
        to /forbidden
    }
    rewrite {
        r ^/(site(-[^/]+)?|wire)/templates(-admin)?/.*\.(inc|html?|php|tpl)
        to /forbidden
    }

    # GLOBAL
    rewrite {
        to {path} {path}/ /index.php?it={path}&{query}
    }
    log /var/log/www/access.log {
      rotate {
        size      50
        age       7
        keep      5
      }
    }
    errors {
      log /var/log/www/error.log {
        size      50
        age       7
        keep      5
      }
    }
}

[pwFoo]

At the moment Caddy will get new features and rewritten from 0.8x to 0.9. So it could be an interesting alternative to apache and nginx in the future. At the moment I use Caddy 0.8.3 with some plugins (git,...).

Did you do more tests with Processwire & Caddy? Any problems or missing features (PW frontend edit? ...) with the latest rewrite rules? 
I did a short test (PW install, backend, frontend, image upload,...).

I like caddy and use it as docker reverse proxy (dynamic caddyfile with docker-gen) and would use Caddy as webserver.

[Beluga]

4 hours ago, pwFoo said:

At the moment Caddy will get new features and rewritten from 0.8x to 0.9. So it could be an interesting alternative to apache and nginx in the future. At the moment I use Caddy 0.8.3 with some plugins (git,...).

Did you do more tests with Processwire & Caddy? Any problems or missing features (PW frontend edit? ...) with the latest rewrite rules? 
I did a short test (PW install, backend, frontend, image upload,...).

 

I don't use frontend editing in PW. It is working fine for me so far.

I donated some more bitcoins to Abiosoft as the coin price got so good.. so he will have some compensation for working on the Webtrees rule issue.

[Beluga]

Caddy just got a $50k grant from Mozilla.

Quote

This award will be used to add a REST API, web UI, and new documentation, all of which make it easier to deploy more services with TLS.

 

[LostKobrakai]

Uhh, that sounds nice. I'm still eagerly waiting for the project to become stable. This might finally make the whole server setup setup less error-prone.

[pwFoo]

Yes, great to see increasing caddy usage

There are some docker images to use caddy as webserver , reverse proxy. And one with processwire cloned by git extension.

[LostKobrakai]

Laravel valet is also using caddy for their local webserver needs.

[clsource]

we should add caddy example file for processwire I think

[Beluga]

Caddy 0.9 released with rewritten core

[pwFoo]

I use 0.9 beta and will update my docker image soon...

[bernhard]

Can anybody of you give a short quickstart how to use caddy with processwire? I read the thread and am curious but don't know where to start an which file to use...

Thanks in advance

[pwFoo]

Example caddyfile

:80 {
    # document root
    root /home/httpd/public_html

    # fastcgi / <PHP-HOST>:<PHP-PORT> php
    fastcgi / 127.0.0.1:9000 php

    # converted htaccess rewrites
    internal /forbidden
    rewrite {
        r /\.
        to /forbidden
    }
    rewrite {
        r /(COPYRIGHT|LICENSE|README|htaccess)\.txt
        to /forbidden
    }
    rewrite {
        r ^/site(-[^/]+)?/assets/(.*\.php|backups|cache|config|install|logs|sessions)
        to /forbidden
    }
    rewrite {
        r ^/site(-[^/]+)?/install
        to /forbidden
    }
    rewrite {
        r ^/(site(-[^/]+)?|wire)/(config(-dev)?|index\.config)\.php
        to /forbidden
    }
    rewrite {
        r ^/((site(-[^/]+)?|wire)/modules|wire/core)/.*\.(inc|module|php|tpl)
        to /forbidden
    }
    rewrite {
        r ^/(site(-[^/]+)?|wire)/templates(-admin)?/.*\.(inc|html?|php|tpl)
        to /forbidden
    }
    # GLOBAL
    rewrite {
        to {path} {path}/ /index.php?it={path}&{query}
    }

    log logs/access.log {
      rotate {
        size      50
        age       7
        keep      5
      }
    }
 
    errors {
      log logs/error.log {
        size      50
        age       7
        keep      5
      }
    }
}

 

You need php-fpm installed to pass php requests to.

Log file path is relative to workdir (/home/httpd/). 

Used with Caddy 0.8.3 and 0.9beta2 behind a caddy reverseproxy.

[clsource]

I sent the merge request

https://github.com/caddyserver/examples/issues/10

so the official examples have processwire

[pwFoo]

Nice New plugins 

https://caddyserver.com/docs/minify

https://caddyserver.com/docs/filemanager

[pwFoo]

Found a docker-compose to test it with docker / caddy + hhvm 

https://github.com/ubergarm/caddy-hhvm

 

Looks good and feels fast.