diff --git a/next/PKGBUILD b/next/PKGBUILD new file mode 100644 index 0000000..28a07b6 --- /dev/null +++ b/next/PKGBUILD @@ -0,0 +1,61 @@ +# Maintainer : Christian Rebischke + +pkgname=caddy +pkgver=2.0.0 +pkgrel=1 +pkgdesc="Powerful, enterprise-ready, open source web server with automatic HTTPS written in Go" +arch=('x86_64') +url="https://github.com/caddyserver/caddy" +license=('Apache') +depends=('glibc') +makedepends=('go-pie' 'git') +backup=('etc/caddy/caddy.conf') +source=("git+https://github.com/caddyserver/caddy#tag=v${pkgver}?signed" + 'index.html' + 'caddy.service' + 'caddy-api.service' + 'caddy.tmpfiles' + 'caddy.sysusers' + 'caddy.conf') +sha512sums=('SKIP' + '2abccd41f770daebf61285dc017249f20c707877ea3c870f4a2375bbbd2bf481a8652d1fd3c7afd7d6b5c54838e9d8474a33e2c9790ef67dcf9d79c4e52953b4' + '41e88f85972c5680c919b556f3f163e7908f5a6226b9c38bde0d7cfb32c62e2975fadaaa07534109c29dcdeceb5b696169dccaf8a1c132d578a327c6cf97b76d' + '9e990237a75618a727b68b849be6d88e000a97d0059512abfc030fc89dce2ddd94d9d1b41a374cb71c0feffa8e39c8d405385273d2c0961fb901640609d46a85' + '997e6e72bd02355f1139e2875eb190ed9e6fa8c1e72cea7824df764d1264e0925aeccb354cd939c1bf0c0803820a6f3d6c571fb89ce18491b9f4b196c3f5de06' + 'c893d88fec89e37da6596030c8dce7103e7e575371e8542a24d2a0741e877358d85219f2d8ade9d6aa0f515efe1156a4badd9fef5f65f553a5b0c72330c4728f' + '399c177475e299bf5736dba1a9d045477072594390b73c7dd2e13e12785abe029d48e480aee98216f7a8735addd353ce4a07b56ed14364f641b138e4fca0ebcd') +validpgpkeys=( + '29D0817A67156E4F25DC24782A349DD577D586A5' # Matthew Holt +) + +pkgver() { + cd ${pkgname} + git describe --tags --match 'v*' | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g' +} + +prepare() { + sed 's|/var/www/html|/srv/http|g' -i "${srcdir}/index.html" + sed 's|/etc/caddy/Caddyfile|/etc/caddy/caddy.conf|g' -i "${srcdir}/index.html" +} + +build() { + cd "${pkgname}/cmd/caddy/" + go build -trimpath -ldflags "-extldflags ${LDFLAGS}" -o caddy +} + +check() { + cd "${pkgname}" + go test ./... +} + +package() { + cd "${pkgname}" + install -Dm755 "cmd/caddy/${pkgname}" "${pkgdir}/usr/bin/${pkgname}" + install -Dm 644 "${srcdir}/caddy.service" -t "${pkgdir}/usr/lib/systemd/system" + install -Dm 644 "${srcdir}/caddy-api.service" -t "${pkgdir}/usr/lib/systemd/system" + install -Dm 644 "${srcdir}/caddy.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/caddy.conf" + install -Dm 644 "${srcdir}/caddy.sysusers" "${pkgdir}/usr/lib/sysusers.d/caddy.conf" + install -Dm 644 "${srcdir}/caddy.conf" "${pkgdir}/etc/caddy/caddy.conf" + install -Dm 644 "${srcdir}/index.html" "${pkgdir}/usr/share/caddy/index.html" + install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" +} diff --git a/next/caddy-api.service b/next/caddy-api.service new file mode 100644 index 0000000..36f6e82 --- /dev/null +++ b/next/caddy-api.service @@ -0,0 +1,50 @@ +# caddy-api.service +# +# For using Caddy with its API. +# +# This unit is "durable" in that it will automatically resume +# the last active configuration if the service is restarted. +# +# See https://caddyserver.com/docs/install for instructions. + +[Unit] +Description=Caddy API Server +Documentation=https://caddyserver.com/docs/ +After=network-online.target +Wants=network-online.target systemd-networkd-wait-online.service +StartLimitIntervalSec=14400 +StartLimitBurst=10 + +[Service] +User=caddy +Group=caddy +ExecStart=/usr/bin/caddy run --environ --resume + +# Do not allow the process to be restarted in a tight loop. If the +# process fails to start, something critical needs to be fixed. +Restart=on-abnormal + +# Use graceful shutdown with a reasonable timeout +KillMode=mixed +KillSignal=SIGQUIT +TimeoutStopSec=5s + +LimitNOFILE=1048576 +LimitNPROC=512 + + +PrivateTmp=true +ProtectSystem=strict +ProtectKernelModules=true +NoNewPrivileges=true +LockPersonality=true +ProtectKernelTunables=true +ProtectHome=true +ReadWritePaths=/var/lib/caddy /var/log/caddy +PrivateDevices=true +ProtectControlGroups=true +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target diff --git a/next/caddy.conf b/next/caddy.conf new file mode 100644 index 0000000..1aec2b8 --- /dev/null +++ b/next/caddy.conf @@ -0,0 +1,28 @@ +# The Caddyfile is an easy way to configure your Caddy web server. +# +# Unless the file starts with a global options block, the first +# uncommented line is always the address of your site. +# +# To use your own domain name (with automatic HTTPS), first make +# sure your domain's A/AAAA DNS records are properly pointed to +# this machine's public IP, then replace the line below with your +# domain name. +:80 + +# Set this path to your site's directory. +root * /usr/share/caddy + +# Enable the static file server. +file_server + +# Import additional caddy config files in /etc/caddy/conf.d/ +import /etc/caddy/conf.d/* + +# Another common task is to set up a reverse proxy: +# reverse_proxy localhost:8080 + +# Or serve a PHP site through php-fpm: +# php_fastcgi localhost:9000 + +# Refer to the Caddy docs for more information: +# https://github.com/caddyserver/caddy/wiki/v2:-Documentation diff --git a/next/caddy.service b/next/caddy.service new file mode 100644 index 0000000..0c8fb8d --- /dev/null +++ b/next/caddy.service @@ -0,0 +1,57 @@ +# caddy.service +# +# For using Caddy with a config file. +# +# Make sure the ExecStart and ExecReload commands are correct +# for your installation. +# +# See https://caddyserver.com/docs/install for instructions. +# +# WARNING: This service does not use the --resume flag, so if you +# use the API to make changes, they will be overwritten by the +# Caddyfile next time the service is restarted. If you intend to +# use Caddy's API to configure it, add the --resume flag to the +# `caddy run` command or use the caddy-api.service file instead. + +[Unit] +Description=Caddy webserver +Documentation=https://caddyserver.com/docs/ +After=network-online.target +Wants=network-online.target systemd-networkd-wait-online.service +StartLimitIntervalSec=14400 +StartLimitBurst=10 + +[Service] +User=caddy +Group=caddy +ExecStart=/usr/bin/caddy run --adapter caddyfile --environ --config /etc/caddy/caddy.conf +ExecReload=/usr/bin/caddy reload --adapter caddyfile --config /etc/caddy/caddy.conf + +# Do not allow the process to be restarted in a tight loop. If the +# process fails to start, something critical needs to be fixed. +Restart=on-abnormal + +# Use graceful shutdown with a reasonable timeout +KillMode=mixed +KillSignal=SIGQUIT +TimeoutStopSec=5s + +LimitNOFILE=1048576 +LimitNPROC=512 + + +PrivateTmp=true +ProtectSystem=strict +ProtectKernelModules=true +NoNewPrivileges=true +LockPersonality=true +ProtectKernelTunables=true +ProtectHome=true +ReadWritePaths=/var/lib/caddy /var/log/caddy +PrivateDevices=true +ProtectControlGroups=true +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target diff --git a/next/caddy.sysusers b/next/caddy.sysusers new file mode 100644 index 0000000..6fb5633 --- /dev/null +++ b/next/caddy.sysusers @@ -0,0 +1 @@ +u caddy - "caddy daemon" /var/lib/caddy diff --git a/next/caddy.tmpfiles b/next/caddy.tmpfiles new file mode 100644 index 0000000..072696c --- /dev/null +++ b/next/caddy.tmpfiles @@ -0,0 +1,2 @@ +d /var/lib/caddy 0750 caddy caddy +d /var/log/caddy 0750 caddy caddy diff --git a/next/index.html b/next/index.html new file mode 100644 index 0000000..7c0206e --- /dev/null +++ b/next/index.html @@ -0,0 +1,269 @@ + + + + Caddy works! + + + + + + +
+
+
+
+ + +

+ Congratulations! + おめでとう! + Felicidades! + 恭喜! + बधाई हो! + Поздравляю!
 + 🎊 +

+ +

+ Your web server is working. Now make it work for you. 💪 +

+

+ Caddy is ready to serve your site over HTTPS: +

+
    +
  1. Point your domain's A/AAAA DNS records at this machine.
    2. +
  2. Upload your site's files to /var/www/html. +
  3. + Edit your Caddyfile at /etc/caddy/Caddyfile: +
      +
    1. Replace :80 with your domain name
      2. +
    2. Change the site root to /var/www/html
      3. +
    +
    4. +
  4. Reload the configuration: systemctl reload caddy
    5. +
  5. Visit your site!
    6. +
+

If that worked 🥳

+

+ Awesome! You won't have to look at this slanted page anymore. +

+

+ Remember, Caddy can do a lot more than serve static files. It's also a powerful reverse proxy and application platform. You can use the Caddyfile to enable any other features you need. Or you could use Caddy's API to configure it programmatically. +

+

+ Everything you need to know is either in the 📖 Caddy documentation or the manual for your OS/platform. Have fun! +

+ +

If that didn't work 😶

+

+ It's okay, you can fix it! First check the following things: +

+
    +
  • Service status: systemctl status caddy
    • +
  • Logs: journalctl --no-pager -u caddy
    • +
  • Are your site's files readable by the caddy user and group? ls -la /var/www/html
    • +
  • Is the caddy home directory writeable? ls -la /var/lib/caddy
    • +
  • Ensure your domain's A and/or AAAA records point to your machine's public IP address: dig example.com
    • +
  • Are your ports 80 and 443 externally reachable, and is Caddy able to bind to them? Check your firewalls, port forwarding, and other network configuration.
    • +
+

+ WAIT! Before trying again, switch to Let's Encrypt's staging environment to avoid being accidentally rate limited. Once you get everything else working, it's safe to switch back. +

+

+ Depending on your DNS provider, it may take a while for the DNS records to propagate. Even when everything is configured properly, automated challenges to obtain TLS certificates usually take several seconds, but may take up to several minutes or hours. +

+ If you still need help, we have a great community! First try a search, and if your question is original, go ahead and ask it! Remember to pay it forward and help others too. 😁 +

+

+ Visit Caddy on: + GitHub + or + Twitter + or + Our Forum +

+
+
+ + + + +