mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-23 22:27:38 -05:00
127 lines
3.5 KiB
Markdown
127 lines
3.5 KiB
Markdown
# systemd Service Unit for Caddy
|
|
|
|
Please do not hesitate to ask on
|
|
[caddyserver/support](https://gitter.im/caddyserver/support)
|
|
if you have any questions. Feel free to prepend to your question
|
|
the username of whoever touched the file most recently, for example
|
|
`@wmark re systemd: …`.
|
|
|
|
The provided file should work with systemd version 219 or later. It might work with earlier versions.
|
|
The easiest way to check your systemd version is to run `systemctl --version`.
|
|
|
|
## Instructions
|
|
|
|
We will assume the following:
|
|
|
|
* that you want to run caddy as user `www-data` and group `www-data`, with UID and GID 33
|
|
* you are working from a non-root user account that can use 'sudo' to execute commands as root
|
|
|
|
Adjust as necessary or according to your preferences.
|
|
|
|
First, put the caddy binary in the system wide binary directory and give it
|
|
appropriate ownership and permissions:
|
|
|
|
```bash
|
|
sudo cp /path/to/caddy /usr/local/bin
|
|
sudo chown root:root /usr/local/bin/caddy
|
|
sudo chmod 755 /usr/local/bin/caddy
|
|
```
|
|
|
|
Give the caddy binary the ability to bind to privileged ports (e.g. 80, 443) as a non-root user:
|
|
|
|
```bash
|
|
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
|
|
```
|
|
|
|
Set up the user, group, and directories that will be needed:
|
|
|
|
```bash
|
|
sudo groupadd -g 33 www-data
|
|
sudo useradd \
|
|
-g www-data --no-user-group \
|
|
--home-dir /var/www --no-create-home \
|
|
--shell /usr/sbin/nologin \
|
|
--system --uid 33 www-data
|
|
|
|
sudo mkdir /etc/caddy
|
|
sudo chown -R root:www-data /etc/caddy
|
|
sudo mkdir /etc/ssl/caddy
|
|
sudo chown -R www-data:root /etc/ssl/caddy
|
|
sudo chmod 0770 /etc/ssl/caddy
|
|
```
|
|
|
|
Place your caddy configuration file ("Caddyfile") in the proper directory
|
|
and give it appropriate ownership and permissions:
|
|
|
|
```bash
|
|
sudo cp /path/to/Caddyfile /etc/caddy/
|
|
sudo chown www-data:www-data /etc/caddy/Caddyfile
|
|
sudo chmod 444 /etc/caddy/Caddyfile
|
|
```
|
|
|
|
Create the home directory for the server and give it appropriate ownership
|
|
and permissions:
|
|
|
|
```bash
|
|
sudo mkdir /var/www
|
|
sudo chown www-data:www-data /var/www
|
|
sudo chmod 555 /var/www
|
|
```
|
|
|
|
Let's assume you have the contents of your website in a directory called 'example.com'.
|
|
Put your website into place for it to be served by caddy:
|
|
|
|
```bash
|
|
sudo cp -R example.com /var/www/
|
|
sudo chown -R www-data:www-data /var/www/example.com
|
|
sudo chmod -R 555 /var/www/example.com
|
|
```
|
|
|
|
You'll need to explicitly configure caddy to serve the site from this location by adding
|
|
the following to your Caddyfile if you haven't already:
|
|
|
|
```
|
|
example.com {
|
|
root /var/www/example.com
|
|
...
|
|
}
|
|
```
|
|
|
|
Install the systemd service unit configuration file, reload the systemd daemon,
|
|
and start caddy:
|
|
|
|
```bash
|
|
sudo cp caddy.service /etc/systemd/system/
|
|
sudo chown root:root /etc/systemd/system/caddy.service
|
|
sudo chmod 644 /etc/systemd/system/caddy.service
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl start caddy.service
|
|
```
|
|
|
|
Have the caddy service start automatically on boot if you like:
|
|
|
|
```bash
|
|
sudo systemctl enable caddy.service
|
|
```
|
|
|
|
If caddy doesn't seem to start properly you can view the log data to help figure out what the problem is:
|
|
|
|
```bash
|
|
journalctl --boot -u caddy.service
|
|
```
|
|
|
|
Use `log stdout` and `errors stderr` in your Caddyfile to fully utilize systemd journaling.
|
|
|
|
If your GNU/Linux distribution does not use *journald* with *systemd* then check any logfiles in `/var/log`.
|
|
|
|
If you want to follow the latest logs from caddy you can do so like this:
|
|
|
|
```bash
|
|
journalctl -f -u caddy.service
|
|
```
|
|
|
|
You can make other certificates and private key files accessible to the `www-data` user with the following command:
|
|
|
|
```bash
|
|
setfacl -m user:www-data:r-- /etc/ssl/private/my.key
|
|
```
|