Jump to content

Caddy - a lightweight HTTP2 web server


gurkendoktor
 Share

Recommended Posts

Can you use Caddy like Wamp or Lamp ? I don't see a gui or a database part of it so what's the point, static html ?

https://caddyserver.com/docs/faq

What's on the roadmap for Caddy?

Exciting things. Here's what's coming:

  • API for remote management
  • Web-based control panel
These aren't in any particular order and are subject to change, but Caddy is well on its way to making these things happen.

(don't want to spam, so edit): Wow, I just got this to work on an Arch Linux server :) Just testing with a static file for now.

The package is in AUR: https://aur.archlinux.org/packages/caddy

I used git clone and then the makepkg command.

I did edit the .service file and remove -host="::" -port="80" as they did not seem to be working. It launched with HTTPS even with that -port parameter, so I put everything to the caddy.conf file.

I noticed in the logs when it tried to create the Let's Encrypt cert that the user (http) could not write to /srv/http, so I did this to prevent confusion in the future:

sudo chown http /srv/http
 
I put the log files to a new folder and gave http user ownership:
sudo mkdir /var/log/www
sudo chown http /var/log/www
Link to comment
Share on other sites

Ok, now getting to the fun stuff.

PHP message: PHP Fatal error:  Class 'ProcessPageType' not found in /var/www/user/pw/wire/modules/LanguageSupport/ProcessLanguage.module on line 18
08/Mar/2016:21:06:48 +0200 [ERROR 200 /index.php] PHP message: PHP Fatal error:  Uncaught Error: Call to a member function ready() on null in /var/www/user/pw/wire/core/ProcessWire.php:351
Stack trace:
#0 /var/www/user/pw/wire/core/Wire.php(398): ProcessWire->___ready()
#1 /var/www/user/pw/wire/core/Wire.php(333): Wire->runHooks('ready', Array)
#2 /var/www/user/pw/wire/core/ProcessWire.php(404): Wire->__call('ready', Array)
#3 /var/www/user/pw/wire/core/ProcessWire.php(324): ProcessWire->__call('ready', Array)
#4 /var/www/user/pw/wire/modules/Process/ProcessPageView.module(227): ProcessWire->setStatus(4)
#5 /var/www/user/pw/wire/core/Wire.php(398): ProcessPageView->___ready()
#6 /var/www/user/pw/wire/core/Wire.php(333): Wire->runHooks('ready', Array)
#7 /var/www/user/pw/wire/modules/Process/ProcessPageView.module(152): Wire->__call('ready', Array)
#8 /var/www/user/pw/wire/core/Wire.php(398): ProcessPageView->___execute(true)
#9 /var/www/user/pw/wire/core/Wire.php(333): Wire->runHooks('execute', Array)
#10 /var/...
PHP message: PHP Fatal error:  Class 'ProcessPageType' not found in /var/www/user/pw/wire/modules/LanguageSupport/ProcessLanguage.module on line 18

I'm using pwFoo's config and the only thing I changed was this section:

http://mysite.eu:80 {

    root /var/www/user/pw

fastcgi / /var/run/php-fpm/php-fpm.sock {
         ext .php
    }

PHP in itself works, as phpinfo(); works ok.

Any tips on troubleshooting?

Btw. I also noticed this in the error log:

08/Mar/2016:20:50:45 +0200 [ERROR 403 /] Access to the script '/var/www/user/pw' has been denied (see security.limit_extensions)

So it seems "the script" is the folder name..? Is there any harm in that? I did try temporarily setting security.limit_extensions to FALSE in php-fpm's www.conf, but it was not the cause of the PHP fatal error.

Link to comment
Share on other sites

If I change the #GLOBAL rewrite to

to {path} {path}/ /index.php?it={path}&{query}

I get "Access denied" from my site root. If I visit index.php, I get the same fatal error as in my previous message.

This rewrite setting seems to be the one that also produces the "Access to the script has been denied" error seen in the log.

edit: the docs/blogs other sources are a bit confusing. I guess it should be {uri} instead of {path} after all, but the rewrite docs only speak of {path} and {uri} is mentioned in the blog and the source code. Yet, the net result was the same access denied.

Link to comment
Share on other sites

which user / group and permissions does this folder have? to which user does your php process belong (ps aux)? 

Folder and files owned by user and group: http

Files were ftp'd directly from a working PW installation so permissions stayed intact.

in /etc/php/php-fpm.d/www.conf I have:

user = http

group = http

From sudo ps aux | grep php:

root      4554  0.0  0.1  99696  7268 ?        Ss   22:26   0:00 php-fpm: master process (/etc/php/php-fpm.conf)
http      4555  0.0  0.0  99696  3500 ?        S    22:26   0:00 php-fpm: pool www
http      4556  0.0  0.0  99696  3500 ?        S    22:26   0:00 php-fpm: pool www
Link to comment
Share on other sites

Folder and files owned by user and group: http

Files were ftp'd directly from a working PW installation so permissions stayed intact.

in /etc/php/php-fpm.d/www.conf I have:

user = http

group = http

From sudo ps aux | grep php:

root      4554  0.0  0.1  99696  7268 ?        Ss   22:26   0:00 php-fpm: master process (/etc/php/php-fpm.conf)
http      4555  0.0  0.0  99696  3500 ?        S    22:26   0:00 php-fpm: pool www
http      4556  0.0  0.0  99696  3500 ?        S    22:26   0:00 php-fpm: pool www

Maybe nothing at all,  I wouldn't be using "http" as an user or group name in Linux/Unix or any Operating System.

Link to comment
Share on other sites

Maybe nothing at all,  I wouldn't be using "http" as an user or group name in Linux/Unix or any Operating System.

Ah you mean having security by obscurity? :) http is an existing user and group at least in the Arch Linux automated install in OVH Kimsufi.

Note that when I temporarily set security.limit_extensions to FALSE in php-fpm's www.conf, it makes the "Access denied" go away and change to "No input file specified". This was in the log after the change and access attempt:

10/Mar/2016:20:42:56 +0200 [ERROR 404 /] PHP message: PHP Warning: Unknown: failed to open stream: Success in Unknown on line 0

Unable to open primary script: /var/www/user/pw (Success)

Link to comment
Share on other sites

  • 2 weeks later...

Whew! I got help from Caddy developer abiosoft and now I have a working ProcessWire config! It is included below. Note certain things:

- the "php" in the fastcgi line defines a preset, so we don't need to use any "ext" stuff.

- the new style rewrite which does not use {uri}: to {path} {path}/ /index.php?it={path}&{query}

Abiosoft is also looking into a webtrees instance I have. So far the routing is solved by a workaround of adding a /slash to a certain line the webtrees index.php. Once the issue is solved properly, I can publish the Caddy config on the webtrees forum :)

I urge everyone using Caddy with PW to donate bitcoins to abiosoft!
 

https://mysite.com, https://www.mysite.com {
    root /wherever/your/files/are

    fastcgi / unix:/var/run/php-fpm/php-fpm.sock php

    internal /forbidden

    rewrite {
        r /\.
        to /forbidden
    }
    rewrite {
        r /(COPYRIGHT|LICENSE|README|htaccess)\.txt
        to /forbidden
    }
    rewrite {
        r ^/site(-[^/]+)?/assets/(.*\.php|backups|cache|config|install|logs|sessions)
        to /forbidden
    }
    rewrite {
        r ^/site(-[^/]+)?/install
        to /forbidden
    }
    rewrite {
        r ^/(site(-[^/]+)?|wire)/(config(-dev)?|index\.config)\.php
        to /forbidden
    }
    rewrite {
        r ^/((site(-[^/]+)?|wire)/modules|wire/core)/.*\.(inc|module|php|tpl)
        to /forbidden
    }
    rewrite {
        r ^/(site(-[^/]+)?|wire)/templates(-admin)?/.*\.(inc|html?|php|tpl)
        to /forbidden
    }

    # GLOBAL
    rewrite {
        to {path} {path}/ /index.php?it={path}&{query}
    }
    log /var/log/www/access.log {
      rotate {
        size      50
        age       7
        keep      5
      }
    }
    errors {
      log /var/log/www/error.log {
        size      50
        age       7
        keep      5
      }
    }
}
  • Like 6
Link to comment
Share on other sites

  • 2 months later...

At the moment Caddy will get new features and rewritten from 0.8x to 0.9. So it could be an interesting alternative to apache and nginx in the future. At the moment I use Caddy 0.8.3 with some plugins (git,...).

Did you do more tests with Processwire & Caddy? Any problems or missing features (PW frontend edit? ...) with the latest rewrite rules? 
I did a short test (PW install, backend, frontend, image upload,...).

I like caddy and use it as docker reverse proxy (dynamic caddyfile with docker-gen) and would use Caddy as webserver.

Link to comment
Share on other sites

4 hours ago, pwFoo said:

At the moment Caddy will get new features and rewritten from 0.8x to 0.9. So it could be an interesting alternative to apache and nginx in the future. At the moment I use Caddy 0.8.3 with some plugins (git,...).

Did you do more tests with Processwire & Caddy? Any problems or missing features (PW frontend edit? ...) with the latest rewrite rules? 
I did a short test (PW install, backend, frontend, image upload,...).

 

I don't use frontend editing in PW. It is working fine for me so far.

I donated some more bitcoins to Abiosoft as the coin price got so good.. so he will have some compensation for working on the Webtrees rule issue.

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Example caddyfile

:80 {
    # document root
    root /home/httpd/public_html

    # fastcgi / <PHP-HOST>:<PHP-PORT> php
    fastcgi / 127.0.0.1:9000 php

    # converted htaccess rewrites
    internal /forbidden
    rewrite {
        r /\.
        to /forbidden
    }
    rewrite {
        r /(COPYRIGHT|LICENSE|README|htaccess)\.txt
        to /forbidden
    }
    rewrite {
        r ^/site(-[^/]+)?/assets/(.*\.php|backups|cache|config|install|logs|sessions)
        to /forbidden
    }
    rewrite {
        r ^/site(-[^/]+)?/install
        to /forbidden
    }
    rewrite {
        r ^/(site(-[^/]+)?|wire)/(config(-dev)?|index\.config)\.php
        to /forbidden
    }
    rewrite {
        r ^/((site(-[^/]+)?|wire)/modules|wire/core)/.*\.(inc|module|php|tpl)
        to /forbidden
    }
    rewrite {
        r ^/(site(-[^/]+)?|wire)/templates(-admin)?/.*\.(inc|html?|php|tpl)
        to /forbidden
    }
    # GLOBAL
    rewrite {
        to {path} {path}/ /index.php?it={path}&{query}
    }

    log logs/access.log {
      rotate {
        size      50
        age       7
        keep      5
      }
    }
 
    errors {
      log logs/error.log {
        size      50
        age       7
        keep      5
      }
    }
}

 

You need php-fpm installed to pass php requests to.

Log file path is relative to workdir (/home/httpd/). 

Used with Caddy 0.8.3 and 0.9beta2 behind a caddy reverseproxy.

  • Like 2
Link to comment
Share on other sites

  • 4 months later...
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...