Skip to content

Instantly share code, notes, and snippets.

@Jamesits

Jamesits/caddy.sh

Last active Sep 27, 2020
Embed
What would you like to do?
Install Caddy Server on Ubuntu with Systemd.
# Should work on all Debian based distros with systemd; tested on Ubuntu 16.04+.
# This will by default install all plugins; you can customize this behavior on line 6. Selecting too many plugins can cause issues when downloading.
# Run as root (or sudo before every line) please. Note this is not designed to be run automatically; I recommend executing this line by line.
apt install curl
curl https://getcaddy.com | bash -s personal dns,docker,dyndns,hook.service,http.authz,http.awses,http.awslambda,http.cache,http.cgi,http.cors,http.datadog,http.expires,http.filemanager,http.filter,http.forwardproxy,http.geoip,http.git,http.gopkg,http.grpc,http.hugo,http.ipfilter,http.jekyll,http.jwt,http.locale,http.login,http.mailout,http.minify,http.nobots,http.prometheus,http.proxyprotocol,http.ratelimit,http.realip,http.reauth,http.restic,http.upload,http.webdav,net,tls.dns.auroradns,tls.dns.azure,tls.dns.cloudflare,tls.dns.cloudxns,tls.dns.digitalocean,tls.dns.dnsimple,tls.dns.dnsmadeeasy,tls.dns.dnspod,tls.dns.dyn,tls.dns.exoscale,tls.dns.gandi,tls.dns.gandiv5,tls.dns.godaddy,tls.dns.googlecloud,tls.dns.lightsail,tls.dns.linode,tls.dns.namecheap,tls.dns.ns1,tls.dns.otc,tls.dns.ovh,tls.dns.powerdns,tls.dns.rackspace,tls.dns.rfc2136,tls.dns.route53,tls.dns.vultr
chown root:root /usr/local/bin/caddy
chmod 755 /usr/local/bin/caddy
setcap 'cap_net_bind_service=+eip' /usr/local/bin/caddy
mkdir -p /etc/caddy
chown -R root:www-data /etc/caddy
mkdir -p /etc/ssl/caddy
chown -R www-data:root /etc/ssl/caddy
chmod 770 /etc/ssl/caddy
touch /etc/caddy/Caddyfile
mkdir -p /var/www
chown www-data:www-data /var/www
chmod 755 /var/www
curl -L https://github.com/mholt/caddy/raw/master/dist/init/linux-systemd/caddy.service | sed "s/;CapabilityBoundingSet/CapabilityBoundingSet/" | sed "s/;AmbientCapabilities/AmbientCapabilities/" | sed "s/;NoNewPrivileges/NoNewPrivileges/" | tee /etc/systemd/system/caddy.service
chown root:root /etc/systemd/system/caddy.service
chmod 744 /etc/systemd/system/caddy.service
systemctl daemon-reload
systemctl enable caddy.service
# If you need caddy to be up now:
# systemctl start caddy.service
# if you need QUIC protocol:
# 1. edit /etc/systemd/system/caddy.service, write " -quic" (without quotes) to the end of the line ExecStart
# 2. systemctl daemon-reload
# 3. systemctl restart caddy
@vinniyo

This comment has been minimized.

Copy link

@vinniyo vinniyo commented Mar 9, 2017

for line 15 I get malformed but I've setup the systemd service by getting the redirect and using vi to paste the contents of: https://raw.githubusercontent.com/mholt/caddy/master/dist/init/linux-systemd/caddy.service in it.

@jancel

This comment has been minimized.

Copy link

@jancel jancel commented Mar 11, 2017

ditto to the curl command. also, installed beginning as root user

@aw1n

This comment has been minimized.

Copy link

@aw1n aw1n commented Mar 24, 2017

Try curl https://github.com/mholt/caddy/raw/master/dist/init/linux-systemd/caddy.service -o /etc/systemd/system/caddy.service
?

@slobo

This comment has been minimized.

Copy link

@slobo slobo commented Mar 31, 2017

I think curl needs to be told to follow redirects too:

curl -L https://github.com/mholt/caddy/raw/master/dist/init/linux-systemd/caddy.service -o /etc/systemd/system/caddy.service
@kristian-lange

This comment has been minimized.

Copy link

@kristian-lange kristian-lange commented Dec 10, 2018

Great script. Thank you!

One could also fix the version of the caddy.service by using the Git ID of the commit: Instead of curl -L https://github.com/mholt/caddy/raw/master/dist/init/linux-systemd/caddy.service
use curl -L https://raw.githubusercontent.com/mholt/caddy/fd3fafa50caf0dcbe695d28b48198a1e2bf810bd/dist/init/linux-systemd/caddy.service. This way one can be sure to always get the same script and not any malicious one (although this seems to be the official caddy repository).

@ThomDietrich

This comment has been minimized.

Copy link

@ThomDietrich ThomDietrich commented Jan 1, 2019

For central logging:

mkdir /var/log/caddy
chown -R www-data:root /var/log/caddy
chmod 770 /var/log/caddy

In your Caddyfile:

sub.domain.tld {
    log /var/log/caddy/sub.log
    ...
}
@chotaire

This comment has been minimized.

Copy link

@chotaire chotaire commented Apr 20, 2019

To get rid of syslog warnings, I had to make a change:

chmod 644 /etc/systemd/system/caddy.service

@BomBardyGamer

This comment has been minimized.

Copy link

@BomBardyGamer BomBardyGamer commented May 10, 2020

curl | bash is a horrible idea since it means you can't auto-update using your package manager, not sure if it's in a repository on Ubuntu
for Fedora and Redhat/CentOS, use epel.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.