Caddy notice Sending Telemetry We Were Too Early
An earlier version of this tutorial was written by Mateusz Papiernik.
The author selected the Wikimedia Foundation to receive a $200 donation as office of the Write for DOnations program.
Introduction
Caddy is a web server designed around simplicity and security that comes with a number of features that are useful for hosting websites. For example, it can automatically obtain and manage TLS certificates from Permit'due south Encrypt to enable HTTPS, and includes support for HTTP/2. HTTPS is a arrangement for securing traffic betwixt your users and your server, and is chop-chop becoming a bones expectation of whatever website running in production — without it, Chrome and Firefox volition warn that your website is "Not Secure" if users try to submit login data.
Previously, the recommended method for installing Caddy was to download prebuilt binaries from the Caddy project website. All the same, recent changes in how Caddy's licensing works means that you're no longer allowed to use these prebuilt binaries for commercial purposes unless you pay a license fee, even if yous're but using Caddy internally within a business. Luckily, the Caddy source lawmaking is still fully open up-source and you can build Caddy yourself to avoid running into licensing issues.
In this tutorial, y'all'll build Caddy from source and use information technology to host a website secured with HTTPS. Then you lot'll configure Caddy using a Caddyfile, install Caddy plugins, and learn how to upgrade your installation when a new version is released.
Prerequisites
Before you lot start this guide, yous'll need to have the post-obit:
- An Ubuntu 16.04 server configured according to our Initial Server Setup guide. You should be able to connect to the server over SSH, log in equally a non-root user with sudo privileges, and take a working firewall ready using UFW.
- A domain name set to utilise DigitalOcean's DNS direction. You tin buy a domain name from any domain registrar and follow our guide on Pointing a Domain to DigitalOcean Nameservers to manage your DNS through DigitalOcean.
- An "A" record pointing from your domain to your server and, optionally, an "AAAA" record if you wish to enable IPv6. Our guide on Setting Upwards a Host Name with DigitalOcean explains how to do this.
- The Go linguistic communication toolchain installed on your server. Follow our guide on How to Install Go 1.6 to prepare Become. You should as well have some understanding of how to compile Go code and how the
gocontrol line tool functions. Follow our guide on Building Go Executables to larn about this.
Stride 1 — Building Caddy
In this step, you'll fetch Caddy'southward source lawmaking and make sure that you lot're able to compile it. Caddy is written in Go, and then employ the get get command line tool to fetch Caddy's source from GitHub and salvage information technology to $GOPATH/src/github.com/mholt/caddy:
become become github.com/mholt/caddy/caddy become get uses Git to clone the code from GitHub. Git is a version control organisation, significant information technology records a project'due south land as you brand changes and allows you lot to return to whatsoever previous country in the project's history. By default, the go get control downloads the latest version of the source code, only information technology would be a adept thought to utilize the latest stable release of Caddy rather than the virtually recent addition to the repository, which will probable be midway between releases. Unreleased versions can accept bugs or one-half-implemented, broken features. The latest stable version, on the other hand, is more probable to compile and run correctly.
To view all the previous versions, first navigate to the directory where you saved Caddy's source:
cd $GOPATH/src/github.com/mholt/caddy Next, view all the previous releases of Caddy using the git tag command:
git tag Yous'll see output similar to the post-obit:
Output
v0.10.0 v0.ten.1 v0.10.10 v0.10.eleven v0.x.12 v0.ten.2 v0.10.3 v0.10.4 v0.ten.5 . . . Whenever a stable version of Caddy is released, the authors volition signify this in Git past adding a tag. Y'all can use Git to revert the code to how it was at the time of the last stable release. Find the highest version number in the output; at the fourth dimension of writing, this is v0.ten.12.
Since you will be modifying the source after on in club to install some plugins, create a new branch to store your changes. In Git, branches are ways of working on dissimilar versions of lawmaking simultaneously. They allow y'all to switch between a version of the code with your personal changes and the "official" version of the code. To create a new co-operative, use the git checkout command, which switches branches. The -b option will instruct Git to create a new co-operative with name adding_plugins from version v0.ten.12 . Supplant adding_plugins with whatever you lot wish to name the branch and v0.10.12 with the latest stable version you identified previously:
git checkout -b "adding_plugins" "v0.10.12" This will revert your version of the Caddy source lawmaking back to the concluding stable version and you volition be in a new co-operative where you can continue your changes to the code. When you update Caddy in the futurity, you'll merge changes into this new co-operative.
At this point, you're all fix to build Caddy by using the get install tool to compile the source code into a binary. While the command syntax may seem similar information technology will install Caddy from a website (github.com), this actually refers to the local path on the server where we've simply been working with the Git repository ($GOPATH/src/github.com/mholt/caddy):
go install github.com/mholt/caddy/caddy After compiling the source lawmaking, run the caddy control to start the server. Note that in order for this to work correctly, your Become path should be set to $GOPATH/bin, as described in the prerequisites:
caddy This control will produce the post-obit output:
Output
Activating privacy features... done. http://:2015 Alert: File descriptor limit 1024 is besides low for product servers. At to the lowest degree 8192 is recommended. Set up with "ulimit -due north 8192". The warning tin can exist ignored for the time being, equally we'll resolve it when we fix upwards the diverse configuration files required by Caddy. Press CTRL+C to exit this command.
To demonstrate that Caddy is beingness built from your source, add together a line to the Caddy source code to print some text when Caddy is run. Use nano or your preferred editor to open $GOPATH/src/github.com/mholt/caddy/caddy/caddymain/run.become.:
nano $GOPATH/src/github.com/mholt/caddy/caddy/caddymain/run.go This file processes any options passed to the Caddy command, and is one of the first things executed when you run Caddy.
Locate the Run() function, and add together the highlighted text as the starting time line inside the curly brackets. This will print out the text "Hello from Caddy!" before the server runs:
$GOPATH/src/github.com/mholt/caddy/caddy/caddymain/run.go
. . . // Run is Caddy's main() function. func Run() { fmt.Println("Hello from Caddy!") flag.Parse() caddy.AppName = appName . . . } Press CTRL + Ten, Y, then ENTER to save and close the file. If you run the go install and caddy commands once again, y'all will see the message you added to the Run() part at the top of the output:
go install github.com/mholt/caddy/caddy caddy Output
Hello from Caddy! Activating privacy features... done. http://:2015 WARNING: File descriptor limit 1024 is too low for production servers. At least 8192 is recommended. Fix with "ulimit -n 8192". With that, you accept successfully built Caddy from source. Yous can remove the added line from $GOPATH/src/github.com/mholt/caddy/caddy/caddymain/run.become if y'all wish, but if you do so you'll demand to recompile the code. In the next step, y'all'll install Caddy as a service so that it starts automatically at boot, and so suit its ownership and permissions settings to ensure the server's security.
Step 2 — Installing Caddy
Now that you've verified yous're able to build Caddy, it's time to configure a systemd service then that Caddy tin be launched automatically on organisation startup. Systemd is a comprehensive solution for managing processes on Linux. Caddy comes installed with a caddy.service file which systemd can employ to manage the Caddy service. This service file makes some assumptions about the environment in which Caddy will run, then there are a few things that you lot volition likely want to modify before installing it.
To begin, copy the Caddy binary to /usr/local/bin, the standard location for binaries that are not managed by Ubuntu'south bundle manager and aren't cardinal to system performance:
sudo cp $GOPATH/bin/caddy /usr/local/bin/ Side by side, change buying of the Caddy binary over to the root user. Annotation that while root will own Caddy, it'due south advised that you don't run Caddy with the root business relationship as this could exist a major security issue if there is a vulnerability in Caddy. Nonetheless, having root ain the binary volition prevent other accounts from modifying it with the permissions nosotros will prepare. This is desirable because if some other process with lower permissions than Caddy is compromised, it will not be able to change Caddy to gain more control of the organization:
sudo chown root:root /usr/local/bin/caddy Next, prepare the binary's file permissions to 755 — this gives root total read/write/execute permissions for the file, while other users will but be able to read and execute information technology:
sudo chmod 755 /usr/local/bin/caddy Since the Caddy procedure will not be running every bit root, Linux will prevent it from bounden to ports :80 or :443 (the standard ports for HTTP and HTTPS, respectively), as these are a privileged operations. In order to be viewable on the web, Caddy needs to be bound to 1 of these ports. Otherwise, users will need to add together a specific port number to the server's URL in their browser to view the content it volition serve.
Using the setcap command tin let the Caddy procedure to demark to low ports without running as root. setcap is useful for enabling a process to perform a specific privileged operation without giving it full superuser permissions. cap_net_bind_service=+ep specifies that you wish to give the process the CAP_NET_BIND_SERVICE permissions, which enables bounden to privileged ports:
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy After setting permissions for the Caddy binary, create a directory where you'll store Caddy's configuration files. These should be held in a subdirectory of /etc/, which is the Filesystem Hierarchy Standard's recommended location for configuration files:
sudo mkdir /etc/caddy Set up the possessor of this directory to root, and its grouping to www-information. www-data is a standard user account for running web servers, and is the business relationship that volition run Caddy. Setting buying in this fashion will ensure that you take read and write access to the binary (via the root account) and the Caddy process tin can read and write to information technology every bit well (since it will run as world wide web-data), but other users will not take access to it. When used with chown, the -R flag changes the ownership of all subdirectories and files within the /etc/caddy directory, rather than just the directory itself:
sudo chown -R root:www-data /etc/caddy In a later stride, this tutorial will get over how to enable automated TLS with Allow's Encrypt. In grooming for that, make a directory to store any TLS certificates that Caddy will obtain and give it the same buying rules equally the /etc/caddy directory:
sudo mkdir /etc/ssl/caddy sudo chown -R root:www-data /etc/ssl/caddy Caddy must be able to write certificates to this directory and read from it in society to encrypt requests. For this reason, modify the permissions for the /etc/ssl/caddy directory and then that it'due south only attainable by root and world wide web-information:
sudo chmod 0770 /etc/ssl/caddy Next, create a directory to store the files that Caddy will host. /var/www/ is the de facto standard location to shop files served over HTTP:
sudo mkdir /var/www Then set the directory'south possessor and group to world wide web-data, the default user for web server operations on Ubuntu:
- sudo chown www-data:www-information /var/www
Caddy is configured via a file chosen Caddyfile; it may be helpful to call back of this every bit similar to httpd.conf in Apache or the Nginx sites-bachelor configuration directory. The systemd service for Caddy will wait this file to exist stored in /etc/caddy, so create Caddyfile at that place using touch:
sudo bear upon /etc/caddy/Caddyfile To install the Caddy service, copy the systemd unit of measurement file from the Caddy source code to /etc/systemd/system, the location for systemd services. Doing so will requite systemd the ability to discover and control the Caddy service:
sudo cp $GOPATH/src/github.com/mholt/caddy/dist/init/linux-systemd/caddy.service /etc/systemd/organisation/ Modify the service file'southward permissions so it can merely be modified by its owner, root:
sudo chmod 644 /etc/systemd/organisation/caddy.service Next, employ the systemctl command line tool to reload systemd. This volition crusade systemd to detect the Caddy service, although we volition not run information technology yet:
sudo systemctl daemon-reload Check whether systemd has detected the Caddy service by running systemctl status:
sudo systemctl status caddy Output
● caddy.service - Caddy HTTP/2 web server Loaded: loaded (/etc/systemd/organization/caddy.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: https://caddyserver.com/docs If you meet this same output, and then Caddy was correctly detected by systemd.
The final step in this installation process, earlier y'all write the configuration for Caddy, is to arrange your firewall. You should already be running a firewall using UFW, as prescribed in the initial server setup guide. A firewall is an important tool to protect the security of your server, equally it allows you to configure which ports are publicly available for any external political party to connect to and those which are protected from access. If at that place are other processes which expose a port on your server, the firewall prevents these from existence accessed, reducing the opportunities for an attacker to compromise vulnerable software.
Utilise the ufw control line tool to disable the firewall for ports :80 and :443, which will allow Caddy to communicate over HTTP and HTTPS, respectively:
sudo ufw allow 80 sudo ufw allow 443 Use ufw status to bank check whether your changes worked:
sudo ufw condition Output
Status: active To Activeness From -- ------ ---- OpenSSH Let Anywhere fourscore ALLOW Anywhere 443 Permit Anywhere OpenSSH (v6) ALLOW Anywhere (v6) 80 (v6) Permit Anywhere (v6) 443 (v6) Let Anywhere (v6) Your installation of Caddy is complete, just at this point information technology isn't fix up to do annihilation. Next, we'll look at how to take this make clean installation of Caddy and configure it to serve a website.
Step 3 — Configuring Caddy
In club for your Caddy installation to exist used every bit a functional spider web server, there are a few settings that need to be changed. As nosotros go through making these changes, we'll consider the syntax of the Caddyfile configuration, explore a couple of configuration scenarios, and serve a placeholder page over HTTP.
To begin configuring Caddy, create a bones HTML file for it to serve. HTML is the language that describes the content of web pages, and this file will function as a placeholder to demonstrate hosting a website with Caddy. If yous make up one's mind to use Caddy to host your own website, you'll replace this file with any content you want to host. Place this file in the /var/world wide web/ directory you set up earlier. The proper noun alphabetize.html is significant, as this refers to the "default" page for most web servers and users navigating to your domain will be served this file first:
sudo bear on /var/www/index.html Open the new file with your preferred editor:
sudo nano /var/world wide web/alphabetize.html Add the following content to the file:
/var/www/index.html
<! DOCTYPE html > <html > <head > <title > How-do-you-do from Caddy! </title > </head > <body > <h1 style = " font-family : sans-serif " > This page is beingness served via Caddy </h1 > </body > </html > This will brandish a heading with the text "This page is being served via Caddy".
Save and close the file, then open the Caddyfile configuration file you created before:
sudo nano /etc/caddy/Caddyfile Edit the file to include the post-obit content:
/etc/caddy/Caddyfile
:80 { root /var/www } On the beginning line, :80 sets the hostname of the server — in Caddy this is called a characterization. The hostname is the domain name where Caddy volition respond to requests. In this case, set up it to :80, meaning port :lxxx of the server. This prevents the server from running over HTTPS for now, since Caddy volition try to enable this automatically, but we desire to exercise this via a plugin.
By default, Caddy attempts to fetch an SSL certificate from Let's Encrypt by making a resource available over HTTP, similar hosting a file. All the same, if you want to run an internal service using Caddy, you might not want to expose the server to the public cyberspace. Using a plugin allows you lot to use the Let'south Encrypt DNS challenge. This involves Caddy creating a DNS "TXT" record to evidence control of the server and allows yous to fetch certificates without necessarily having to accept outside HTTP requests. This leaves you more options for how to run Caddy in the future.
Subsequently :eighty is a configuration block, enclosed inside curly brackets, in which configurations for the site will go. On the adjacent line, we run across the root directive. Directives are the bodily configuration options for Caddy, and adding them changes Caddy's behavior when serving the website. Directives can take arguments, which are options for how the directive should take effect. In this case, the root directive has one argument: /var/world wide web. This directive sets the directory where the files Caddy should serve are located. However, directives aren't required to have arguments. For case, you could add the gzip directive without whatsoever arguments to compress web pages before they're sent to the client, making them load faster.
/etc/caddy/Caddyfile
:80 { root /var/world wide web gzip } Directives can exist configured with subdirectives that provide additional functionality. These are placed in their own configuration blocks, again using curly braces. For example, although the gzip directive works on its own, we could employ the ext subdirective to only compress sure file types, or the level subdirective to control what level of pinch volition occur (1 being the lowest and ix existence the highest).
/etc/caddy/Caddyfile
:80 { root /var/www gzip { ext .html .htm .php level 6 } } Caddy has a huge number of unlike directives for many use cases. For example, the fastcgi directive could be useful for enabling PHP. The markdown directive could exist used to automatically catechumen Markdown files to HTML before serving them, which could exist useful for creating a uncomplicated weblog.
Save and close the Caddyfile, and test that everything is working correctly. Employ systemctl to start the Caddy service:
sudo systemctl start caddy Next, run systemctl status to find data about the status of the Caddy service:
sudo systemctl condition caddy Yous'll see the following:
Output
● caddy.service - Caddy HTTP/2 web server Loaded: loaded (/etc/systemd/organisation/caddy.service; disabled; vendor preset: enabled) Active: agile (running) since Sabbatum 2018-01-27 11:37:06 UTC; 7min ago Docs: https://caddyserver.com/docs Main PID: 2973 (caddy) Tasks: 6 Memory: 3.2M CPU: 24ms CGroup: /system.piece/caddy.service └─2973 /usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp Jan 27 eleven:37:06 caddy-tutorial-testing-0 systemd[1]: Started Caddy HTTP/2 web server. Jan 27 11:37:06 caddy-tutorial-testing-0 caddy[2973]: Activating privacy features... done. Jan 27 xi:37:06 caddy-tutorial-testing-0 caddy[2973]: http:// Jan 27 11:37:06 caddy-tutorial-testing-0 caddy[2973]: 2018/01/27 11:37:06 http:// If you lot browse to your domain you should now see Caddy is running, and your sample spider web folio should display. Subsequently confirming this, use systemctl to stop the Caddy service, since there are still some changes to be fabricated:
sudo systemctl finish caddy While Caddy includes a lot of directives by default, information technology can't cater to every possible use case and you may want to add more functionality to the server. At present that we know Caddy is serving content as expected, we will become over how to extend Caddy's functionality through the apply of plugins.
Step four — Using Plugins
Plugins are a way of changing Caddy's behavior. They are generally small snippets of lawmaking that nosotros tin can insert into Caddy to add more directives for specific apply cases. The easiest way to understand plugins is to jump directly in and try one out, and so nosotros'll install the minify plugin. This plugin removes excess whitespace and redundant lawmaking from some files, reducing the size of each one, and once more, helping to speed up loading times.
Start by returning to where Go saved Caddy'south source lawmaking, since y'all'll need to modify this to install the plugin:
cd $GOPATH/src/github.com/mholt/caddy Open Caddy's run.go file again. As we said before, this is one of the first parts of Caddy to be run, and it's the location where plugins are installed.
nano caddy/caddymain/run.get In this file you will see an import declaration that looks like this:
$GOPATH/src/github.com/mholt/caddy/caddy/caddymain/run.go
. . . import ( "errors" "flag" "fmt" "io/ioutil" "log" "os" "runtime" "strconv" "strings" "gopkg.in/natefinch/lumberjack.v2" "github.com/xenolf/lego/acmev2" "github.com/mholt/caddy" // plug in the HTTP server type _ "github.com/mholt/caddy/caddyhttp" "github.com/mholt/caddy/caddytls" // This is where other plugins get plugged in (imported) ) . . . To install a plugin, add together _ "github.com/path/to/plugin" to this import directive. Some plugins may require some slight configuration tweaks, so be certain to read the documentation for any ones you install. You lot can find a list of pop plugins in the left pane of the Caddy documentation, nether Plugins.
The minify plugin'due south GitHub repository is hacdias/caddy-minify, so add together the following at the bottom of the import declaration:
$GOPATH/github.com/mholt/caddy/caddy/caddymain/run.become
. . . import ( . . . "github.com/mholt/caddy/caddytls" // This is where other plugins get plugged in (imported) _ "github.com/hacdias/caddy-minify" ) You need to commit your code when you make changes to it so that when you merge in any new updates those changes aren't lost. If you haven't committed code on this server before, you'll demand to ready a name and e-mail so that Git can identify you in the logs. The git config command lets you set these options, and the --global flag applies them for any repositories yous may work on in the time to come. Unless you push code to a public repository such as GitHub, these details won't exist made public.
git config --global user.email "sammy@instance.com" git config --global user.proper noun "Sammy" At present that you've set your username and e-mail, add any files you've inverse to Git'south stage (a cache used to shop the state of the code before you commit) past running the following:
git add -A . Now run git commit to salvage your changes to the electric current branch. The -chiliad option allows y'all to ready a commit message so yous tin can make a annotation of what you lot changed. This message tin can be found by looking through Git's logs:
git commit -m "Added minify plugin" Yous now have the path to the plugin in your code, but you however demand to download the plugin locally so that Go tin actually access it. This command will automatically fetch all of Caddy'southward dependencies when run from the $GOPATH/src/github.com/mholt/caddy directory:
get go ./... Any time you add together a new plugin, yous take to rebuild Caddy. This is considering Get is a compiled programming language, meaning the source lawmaking is transformed into car code earlier execution. Your change to the import declaration has altered the source lawmaking, but won't affect the binary until it's compiled.
Utilise the go install control to compile Caddy:
get install github.com/mholt/caddy/caddy If Caddy was built successfully, this command will exit with no output. Copy the generated binary to /usr/local/bin and set permissions for the binary like yous did previously — yous must take these steps every time you lot rebuild Caddy to ensure its functionality and security.
sudo cp $GOPATH/bin/caddy /usr/local/bin/ sudo chown root:root /usr/local/bin/caddy sudo chmod 755 /usr/local/bin/caddy sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy To demonstrate that the plugin was successfully installed, open up your Caddyfile.
sudo nano /etc/caddy/Caddyfile Enable the plugin by adding the following line to the configuration block:
/etc/caddy/Caddyfile
:80 { root /var/www gzip minify } Now get-go your server using systemctl:
sudo systemctl commencement caddy Caddy is now running and volition minify whatever files that information technology serves, including the index.html file you created earlier. You can detect the 'minification' at work using roll, a command line tool for making web requests. Running curl with no options or flags volition fetch the content of a spider web page and brandish it in the concluding. Run the following command to request the index.html file from Caddy, replacing example.com with your domain.
curl http://case.com You lot'll meet the following output. Notice that all unnecessary infinite has been removed, showing that the minify plugin has worked.
Output
<!doctype html><championship>Hullo from Caddy!</championship><h1 manner=font-family:sans-serif>This page is being served via Caddy</h1> This same installation method volition work for other Caddy plugins. You'll become some more practice with adding plugins by installing the tls.dns.digitalocean plugin to automatically enable secured HTTPS traffic.
Pace 5 — Enabling Automatic TLS with Let'south Encrypt
Caddy enables HTTPS past default using Let'south Encrypt, which is useful equally information technology'southward easy to go the details of HTTPS wrong. Caddy's arroyo to HTTPS is secure and doesn't force you to delve deep into the configuration to encrypt your traffic. Withal, Caddy defaults to the HTTP-01 method for verifying with Permit's Encrypt that you really own your domain. This method involves posting a special file (containing a response to a challenge sent by Let's Encrypt) to a specific location on the website. While this method works, information technology requires that your website be publicly accessible. This can be an issue with certain firewall configurations or if you're running Caddy every bit an internal service for your business.
As an culling, y'all can install the tls.dns.digitalocean Caddy plugin, which will apply the DNS-01 verification method instead. This plugin authenticates with Let's Encrypt by calculation a new "TXT" DNS record for your domain which won't affect how your website functions. It uses DigitalOcean's API for decision-making DNS which gives y'all the flexibility to fetch a document fifty-fifty if your server isn't publicly attainable. For more information on the different types of DNS records, read our Introduction to DigitalOcean DNS.
The method for installing the tls.dns.digitalocean Caddy plugin is almost identical to how you installed the minify plugin. To begin, open $GOPATH/src/github.com/mholt/caddy/caddy/caddymain/run.go:
nano $GOPATH/src/github.com/mholt/caddy/caddy/caddymain/run.go Add the plugin's location:
$GOPATH/github.com/mholt/caddy/caddy/caddymain/run.go
. . . import ( . . . "github.com/mholt/caddy/caddytls" // This is where other plugins get plugged in (imported) _ "github.com/hacdias/caddy-minify" _ "github.com/caddyserver/dnsproviders/digitalocean" ) To update Caddy, navigate into Caddy'due south source repository and commit the changes to Git:
cd $GOPATH/src/github.com/mholt/caddy git add -A . git commit -g "Add DigitalOcean DNS provider" Next, install all dependencies and build Caddy, every bit you have done previously:
get get ./... get install github.com/mholt/caddy/caddy Ensure Caddy is stopped via systemctl, then finish installing the plugin by copying the newly built Caddy binary and over again setting its ownership and permissions:
- sudo systemctl stop caddy
- sudo cp $GOPATH/bin/caddy /usr/local/bin/
- sudo chown root:root /usr/local/bin/caddy
- sudo chmod 755 /usr/local/bin/caddy
- sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
Adjacent, configure Caddy to work with DigitalOcean's API to gear up DNS records. Navigate to the API tab in your DigitalOcean account and select Generate New Token:
Give your token a descriptive proper noun ( caddy-dns , for example) and ensure that Write (optional) is selected. And then, press Generate Token:
Click on the generated token to re-create it, and record it somewhere you won't lose it. Caddy needs to access this token equally an environs variable to configure DigitalOcean's DNS. systemd's service files allow you to define environment variables to be included in the process'south environment. Edit the the Caddy service file in the /etc/systemd/organisation/ directory, rather than the version in the Caddy Git repository. Add your API key to the version of the file outside of the Git repository to avoid accidentally committing the private token to the public Caddy repository:
sudo nano /etc/systemd/system/caddy.service Find the line starting time with Surroundings= in the [Service] section. This line defines the surroundings variables that should be passed to the Caddy process. Add a infinite at the end of this line, and then add together a DO_AUTH_TOKEN variable, followed by the token you just generated:
/etc/systemd/system/caddy.service
[Service] Restart=on-abnormal ; User and group the procedure will run as. User=world wide web-data Group=www-data ; Letsencrypt-issued certificates will be written to this directory. Environment=CADDYPATH=/etc/ssl/caddy DO_AUTH_TOKEN=your_token_here Save and close this file, and then reload the systemd daemon as you did earlier to ensure the configuration is updated:
sudo systemctl daemon-reload Run systemctl condition to cheque that your configuration changes were okay:
sudo systemctl status caddy This will produce an output similar to the post-obit. Pay shut attention to the line commencement Loaded:. The loaded condition indicates that your changes to the service configuration were successful. If an error occurs when configuring a systemd service, this line will instead brandish an fault status forth with an explanation why systemd couldn't interpret the service file. The next line, beginning Active: states whether or not the service is running. Considering you stopped Caddy earlier in this step, this displays inactive. When Caddy is run, this will show enabled or running.
Output
● caddy.service - Caddy HTTP/2 spider web server Loaded: loaded (/etc/systemd/system/caddy.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: https://caddyserver.com/docs You lot'll need to brand a couple of slight changes to your Caddyfile, so open it up for editing:
sudo nano /etc/caddy/Caddyfile Add the highlighted lines to the Caddyfile, making sure to replace example.com with your domain. Using a domain rather than only a port for the hostname will cause Caddy to serve requests over HTTPS. The tls directive configures Caddy's beliefs when using TLS, and the dns subdirective specifies that Caddy should utilize the DNS-01 system, rather than HTTP-01:
/etc/caddy/Caddyfile
example.com { root /var/world wide web gzip minify tls { dns digitalocean } } Your website is ready to be deployed. Offset, start the server with systemctl and then enable information technology. This will configure Caddy to start on boot:
sudo systemctl first caddy sudo systemctl enable caddy If you browse to your domain, you should be automatically redirected to HTTPS.
Your installation of Caddy is consummate and secured. Next, nosotros'll look at how to update Caddy when a new version is released. When you install software using a bundle manager, updating it is generally equally simple as running a single command and ofttimes the operating system can ofttimes install security updates automatically. Nevertheless, since you've congenital Caddy from source, the process is a bit more involved; you'll need to rebuild Caddy from an updated version of the source code, then set it upward again.
Step vi — Updating Your Caddy Installation
Keeping software updated is an of import security practice, since outdated software often has vulnerabilities. Running the latest version of Caddy will protect you from having your server'due south security compromised via any vulnerabilities that might exist in an older version. In this step, nosotros'll look at how to update your installation of Caddy when a new version comes out. This footstep should only be followed if a new release of Caddy is pushed to the Caddy GitHub repository.
We'll use Git to update the state of our source lawmaking. Offset, change to the caddy source directory:
cd $GOPATH/src/github.com/mholt/caddy Ensure that you lot're on the branch that you created in Step 1 by using git checkout:
git checkout adding_plugins Adjacent, use git fetch to pull the changes from the remote repository. When Git clones the Caddy repository, it will maintain a link to the upstream repository — the central location where changes originate. Git refers to the upstream repository by the name origin, and then you need to fetch from origin:
git fetch origin The changes to the repository are now present on your system, stored under a different branch. Use git tag to see the virtually recent release, since yous should still employ released versions of Caddy, rather than code between releases:
git tag Equally before, browse through the list until you notice the most recent version. Git includes a tool for merging two different lawmaking branches — git merge. Type the following to merge the changes from the latest version into your working co-operative. Be sure to replace adding_plugins with your branch'due south name, and version number with the latest ane you merely identified:
git merge adding_plugins v0.x.13 An editor volition announced which you tin save and shut to complete the merge. Still, there is a possibility that merge conflicts could occur where Git is unable to work out how the two unlike versions of the code should fit together. Git will notify you if this occurs, and yous will demand to manually edit the alien files and then commit to resolve the conflict.
Assuming there are no merge conflicts, reinstall Caddy via the same process you've followed throughout this tutorial. First, use go install to rebuild the binary:
go install github.com/mholt/caddy/caddy Next, terminate the Caddy service and copy the new binary:
sudo systemctl stop caddy sudo cp $GOPATH/bin/caddy /usr/local/bin/ Ready the binary's permissions:
sudo chown root:root /usr/local/bin/caddy sudo chmod 755 /usr/local/bin/caddy sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy Finally, utilise systemctl to showtime the Caddy service upwardly again:
- sudo systemctl beginning caddy
Caddy will continue to start upward at boot in the future, equally it hasn't been disabled. With that, Caddy has been successfully updated to the latest version and should continue to piece of work without pause, at least until the adjacent release.
Conclusion
By following this tutorial, you have successfully deployed a website using Caddy. A good next stride would be to find a fashion of beingness notified when new versions of Caddy are released. For example, y'all could employ the Atom feed for Caddy releases, or a dedicated service such as Sibbell. Creating a script to automate the process of updating the server would also be a good idea — y'all could fifty-fifty combine the two and create a build tool that automatically rebuilds Caddy when in that location's a new release. Otherwise, you can explore Caddy'southward documentation and discover how best to customize information technology to arrange your needs.
Source: https://www.digitalocean.com/community/tutorials/how-to-host-a-website-with-caddy-on-ubuntu-16-04
0 Response to "Caddy notice Sending Telemetry We Were Too Early"
Post a Comment