1
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-16 21:56:40 -05:00
Commit graph

175 commits

Author SHA1 Message Date
Maxime Soulé
4b68de8418 FreeBSD init: PID file should not be executable (#2945) 2019-12-28 11:54:28 -07:00
Matthew Holt
aadda6e34e
Prepare v1.0.4 tag 2019-11-15 13:11:32 -07:00
Yuqian Ma
12107f035c dist: update caddy.service on Ubuntu 18 (#2866)
move `StartLimitIntervalSec` and `StartLimitBurst` from [Service] to [Unit]
ref: https://lists.freedesktop.org/archives/systemd-devel/2017-July/039255.html
2019-11-15 12:59:03 -07:00
Julian Kornberger
cc63eca0c8 Add flag to disable timestamps for process log (#2781)
* Add flag to enable/disable timstamps for process log.

solves #2615

* Remove timestamp argument from log.Printf()

* Add log-timestamps=false to systemd unit

* Copy log flags

* Fix argument list
2019-11-06 13:06:34 -07:00
Adam Daniels
8c860641b9 dist: Update FreeBSD Init script to support custom flags (#2796)
Clear rc_flags in start precmd. If these flags are still present during
start command, they are passed to daemon(8) instead of caddy(8).

Extract all options into $caddy_options environment variable.
2019-10-15 15:38:20 -06:00
Jacob Hoffman-Andrews
24b2e02ee5 init/systemd: Re-add ReadWriteDirectories. (#2798)
In systemd 231
(4f10b80786/NEWS (L3558-L3565)),
ReadWriteDirectories was renamed ReadWritePaths.

In https://github.com/caddyserver/caddy/pull/2620/files, @aspeteRakete
renamed the directive in Caddy's example systemd unit.

However, this means that if anyone runs this sytemd unit on a version of
systemd older than 231, Caddy will go into a crash loop that hammers
Let's Encrypt's servers. That's because the ProtectSystem=full directive
prevents writes to all paths that aren't explicitly permitted, and older
systemd doesn't see any paths being permitted.

To maximize compatibility, I re-add the original ReadWriteDirectories
directive. Older systemd will read that; newer systemd will read the
newer directive. Both should ignore the directive they do not recognize.

Another approach to solve this problem would be to remove
ProtectSystem=true, originally introduced in da8ae9e5. That would reduce
the risk of similar breakages in the future. It would make for a slightly
less "exemplary" systemd unit, but I think it would still be adequate,
given that this unit runs caddy as "www-data", a user the presumably has
low privileges.
2019-10-09 19:04:28 -06:00
Matt Holt
16b296c97e
systemd: Prevent excessive restarts in tight loop 2019-10-07 11:28:21 -06:00
Matthew Holt
bff2469d9d
Version 1.0.3 notes 2019-08-14 13:45:42 -06:00
Matthew Holt
28e1f7c562
Version 1.0.2 2019-08-13 14:37:58 -06:00
George Hartzell
d411b7d087 Add doc re running as non-root user on FreeBSD (#2655)
Add a README.md in `dist/init/freebsd` that describes how to configure
the system so that `caddy` can be run without root privileges.
2019-07-18 15:19:21 -06:00
George Hartzell
580f7677ad Use syslog to manage caddy std{out,err} on FreeBSD (#2652)
* Use syslog to manage caddy std{out,err} on FreeBSD

There is no good way to rotate the logfile created by the previous
FreeBSD rc.d script (it's the result of redirecting std{out,err} and
is held open by the shell).

This solves the problem by sending caddy's std{out,err} stream to
syslog, using the daemon command's builtin functionality.

It replaces the old `caddy_logfile` rc.conf variable with
`caddy_syslog_facility` (which defaults to 'local7') and
`caddy_syslog_level` (which defaults to 'notice').

By default, these messages will end up in /var/log/messages but can
be redirected as documented in the script's comments.

* Add info about rotating log with newsyslog

If you create a caddy specific logfile in `/var/log`, you should
rotate it.

This adds a bit of info to the dist/init/freebsd/README.md about
rotating that log file with newsyslog.
2019-07-18 13:58:40 -06:00
aspeteRakete
43458bda46 Updated systemd caddy.service (#2620)
According to https://github.com/systemd/systemd/blob/v241/NEWS#L2799
The Directive ReadWriteDirectories= has been renamed to ReadWritePaths=
in 241.
2019-07-18 13:46:00 -06:00
Matthew Holt
f6ee100bae
Update notes for v1.0.1 2019-07-02 13:08:31 -06:00
Matthew Holt
f5720fecd6
Change all import paths: mholt/caddy -> caddyserver/caddy
Includes updating go.mod to use new module path
2019-07-02 12:49:20 -06:00
Matthew Holt
15fecbc161
1.0 release 2019-04-24 11:24:40 -06:00
Matthew Holt
fb31669261 Release beta2 2019-04-20 13:13:42 -06:00
Matthew Holt
13d0454f71
Remove now-unused gitcookie 2019-04-20 00:52:23 -06:00
Matthew Holt
657780bcdf Prepare 1.0beta1 release 2019-04-09 11:29:06 -06:00
Matthew Holt
80dfb8b2a7
vendor: Update lego; notes for v0.11.5 2019-03-04 12:14:25 -07:00
Matthew Holt
118f666706
Update release notes for 0.11.4 2019-02-15 11:58:56 -07:00
Matthew Holt
2ea544e9a0
Notes for v0.11.3 2019-02-05 13:14:50 -07:00
Matthew Holt
8ab447e615
Cut release 0.11.2 2019-01-16 16:04:42 -07:00
Christoph Blecker
1c92557c8b Fix line endings (#2351) 2018-11-18 14:04:20 -07:00
Matthew Holt
1d9a094315
Update changes/readme for v0.11.1. 2018-11-12 14:39:01 -07:00
smlx
e263566673 init: Fix configuration permissions in systemd integration. (#2130)
This fixes the permissions on /etc/caddy to match standard linux
permissions for /etc, and makes the Caddyfile read-only for the caddy
user.
2018-06-19 09:15:38 -06:00
Matthew Holt
1f7b5abc80
Version 0.11 2018-05-10 09:45:05 -06:00
Matthew Holt
2922d09bef
Version 0.10.14 2018-04-19 18:11:50 -06:00
Matthew Holt
694d2c9b2e
Version 0.10.13 2018-04-18 17:09:54 -06:00
Matthew Holt
f379bf3421
Version 0.10.12 2018-03-26 22:09:10 -06:00
Matthew Holt
d3f338ddab
Update for version 0.10.11 2018-02-19 22:24:07 -07:00
magikstm
fd3fafa50c Disable PrivateDevices in systemd as it doesn't work for some devices (#1990) 2018-02-03 11:13:23 -07:00
Phillipp Engelke
e20779e405 Update README.md (#2004)
Adding the bash command for downloading the caddy.service file from the reposetory. Because it was easy to forget where you find it.
2018-02-02 23:53:40 -07:00
Michael Schubert
50ab4fe11e caddy.service: fix typo, s/retrict/restrict/ (#2008) 2018-01-30 07:19:02 -07:00
Andreas Ulm
8a326d4dc1 implemented sourcing of default file for sysvinit (#1984)
* implemented source of default file for sysvinit

Signed-off-by: root360-AndreasUlm <andreas.ulm@root360.de>

* added documentation in README

Signed-off-by: root360-AndreasUlm <andreas.ulm@root360.de>

* fixed sourcing command for sh

Signed-off-by: root360-AndreasUlm <andreas.ulm@root360.de>

* implemented source of default file for sysvinit

Signed-off-by: root360-AndreasUlm <andreas.ulm@root360.de>

* added documentation in README

Signed-off-by: root360-AndreasUlm <andreas.ulm@root360.de>

* fixed sourcing command for sh

Signed-off-by: root360-AndreasUlm <andreas.ulm@root360.de>

* implemented DAEMONOPTS overwrite

Signed-off-by: root360-AndreasUlm <andreas.ulm@root360.de>
2018-01-15 18:22:53 -07:00
Sean Lane
fc1509eed4 Update README.md (change to ownership command) (#1970)
* Update README.md

I believe the owner and group of the `chown` command here are mixed up. As it was caused a permissions issue, with the service being unable to read the directory.

* Update README.md

* Update README.md

Revert changes back to the original suggested changes
2018-01-15 18:15:17 -07:00
frk
34a34c565d FreeBSD init: Remove unnecessary daemon -u option (#1924)
The rc.subr framework already takes care of substituting user. So, using
daemon's -u option is double user-substitution and fails if $caddy_user
is non-root.
2017-10-31 10:31:09 -06:00
Eugene Dementiev
0548b97701 init: Fix upstart script for Centos6 (and Amazon Linux) (#1914) 2017-10-12 17:02:46 -06:00
Matthew Holt
c4dfbb9956
Update readme and changelog for v0.10.10 2017-10-08 22:20:05 -06:00
Matthew Holt
f71955e89c
Grammar improvements 2017-10-04 18:37:11 -06:00
Tim Lewis
fea8f37f9d Fix linux-sysvinit script to prevent missing caddy.log
Create /var/log/caddy.log and chown prior to starting caddy.
Caddy running as DAEMONUSER does not have permission to create the /var/log/caddy.log.
2017-09-18 19:16:15 -04:00
Tim Lewis
a808252079 Fix spurious .pid file error in linux-sysvinit
This change eliminates the `[ERROR] Could not write pidfile: open /var/run/caddy.pid: permission denied` from caddy.log.
The start-stop-daemon writes the file as root so the DAEMONUSER that caddy runs as cannot write to the .pid file.
2017-09-18 19:14:56 -04:00
Matthew Holt
545fa844bb
EULA: Remove restriction clause related to sponsors header 2017-09-14 21:45:32 -06:00
Matthew Holt
bc56793d3b
Update readme and changes for version 0.10.9 2017-09-12 11:02:53 -06:00
Matthew Holt
ad973f1d12 Merge branch 'sponsors-header' 2017-09-12 10:53:21 -06:00
Matthew Holt
9e156e0940
Update readme/changes for v0.10.8 2017-09-08 11:06:39 -06:00
Matthew Holt
f069a575cc
Add EULA
The End-User License Agreement applies to official Caddy binaries;
the source code is still under the same open source license.
2017-09-06 19:03:53 -06:00
Matthew Holt
0d99751a2f
Fix typos in changes file 2017-08-26 07:15:06 -06:00
Matthew Holt
0b4dda0aba Update readme for v0.10.7 2017-08-25 16:54:05 -06:00
Julian Mazzitelli
280ae833d4 Set LimitNPROC=512 for systemd 2017-08-14 19:25:08 -04:00
Andreas Linz
53ae9b8521 Increase restart rate limit
The previous setting caused the service to hit a rate-limit when it was
restarted more than 5 times in 24h.
Editing the Caddyfile and restarting the service could also easily
trigger this rate limit.
One could argue that users could simply call `systemctl reset-failed
caddy` to reset the rate-limit counter, but this is counterintuitive
because most users won't know this command and are possibly unaware that
they had hit a rate-limit.

The service is now allowed to restart 10 times in 10 seconds before
hitting a rate limit.
This should be conservative enough to rate limit quickly failing
services and to allow users to edit and test their caddy configuration.

This closes #1718

Remove restart limit settings and use defaults

By default 5 restarts within 10 seconds are allowed without
encountering a restart limit hit, see  `man systemd.unit` for details.

Set Restart to on-abnormal

The table in https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=
shows the conditions for which on-abnormal would restart the service.
It will *not* restart the service in the following cases:

- a non-zero exit status, e.g. an invalid Caddyfile
- a zero exit code (or those specified in SuccessExitStatus=) and a clean signal
    clean signals are SIGHUP, SIGINT, SIGTERM or SIGPIPE
    3536f49e8f/src/basic/exit-status.c (L205)

The service *will be restarted* in the following cases:

- a unclean signal, e.g. SIGKILL
- on start and watchdog timeout (we don't use those systemd service
constructs explicitly)
2017-08-13 16:38:19 +02:00