Contents

Install Caddy V2 on Ubuntu

Preface

Caddy is currently pushing the v2 series. The v2 series is very different from the previous v1 series. The previously written Install Caddy Server in Ubuntu is no longer applicable.

So rewrite an article to record the installation and configuration of caddy v2.0.

If you are upgrading from caddy v1.0 to v2.0, you can directly read the official upgrade guide.

Installation

1
2
3
4
echo "deb [trusted=yes] https://apt.fury.io/caddy/ /" \
    | sudo tee -a /etc/apt/sources.list.d/caddy-fury.list
sudo apt update
sudo apt install caddy

After the above command is installed, caddy will be installed to /usr/bin/caddy, while the previous v1.0 series is installed to /usr/local/bin/caddy by default, which will also cause many pits. The default configuration file is still /etc/caddy/Caddyfile, but the syntax has changed, so there are still many pitfalls.

In addition, the storage path of the https/ssl certificate has also changed from the previous /etc/ssl/caddy to /var/lib/caddy.

Configuration

caddy.service

Early caddy v1.0 scripts run caddy as the www-data user by default; however, caddy v2.0 runs caddy as the caddy user by default, which will lead to many pitfalls. For example, it will prompt when working withPHPpermission denied etc.

Therefore, it is better to run caddy with www-data. Need to modify the configuration file caddy.service:

1
sudo nano /lib/systemd/system/caddy.service

Among them

1
2
3
[Service]
User=caddy
Group=caddy

To

1
2
3
[Service]
User=www-data
Group=www-data

After modification, the content of caddy.service is:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=www-data
Group=www-data
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

After modification, it needs to be reloaded and file/folder permissions need to be modified.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
sudo groupadd -g 33 www-data
sudo useradd \
  -g www-data --no-user-group \
  --home-dir /var/www --no-create-home \
  --shell /usr/sbin/nologin \
  --system --uid 33 www-data
sudo mkdir /var/log/caddy
sudo touch /var/log/caddy/access.log
sudo touch /var/log/caddy/common_log
sudo chown -R www-data:www-data /var/lib/caddy/
sudo chown -R www-data:www-data /etc/caddy/
sudo chown -R www-data:www-data /var/log/caddy/
sudo systemctl daemon-reload
sudo systemctl restart caddy
sudo systemctl enable caddy

Caddyfile

The configuration files of the caddy v2 series have been greatly changed from v1. For common changes, please refer to the official upgrade guide.

Currently, I am using:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
example.com {

    ## log
    log {
output file /var/log/caddy/access.log
format single_field /var/log/caddy/common_log
    }

    # encode
    encode zstd gzip

    # web root.
    root * /var/www/example.com

    # Enable the static file server.
    file_server

    # websocket proxy to backend 45232
    @example_websocket_proxy {
        path /example_ws_path
        header Connection Upgrade
        header Upgrade websocket
    }
    reverse_proxy @example_websocket_proxy localhost:45232

    # serve a PHP site through php-fpm:
    # php_fastcgi localhost:9000
    php_fastcgi unix//run/php/php-fpm.sock
}
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile