Skip to content

Instantly share code, notes, and snippets.

@dprandzioch

dprandzioch/caddy

Last active Dec 27, 2019
Embed
What would you like to do?
FreeBSD Caddy init script
#!/bin/sh
#
# PROVIDE: caddy
# REQUIRE: networking
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable caddy:
# caddy_enable (bool): Set to "NO" by default.
# Set it to "YES" to enable caddy
#
# caddy_cert_email (str): Set to "" by default.
# Defines the SSL certificate issuer email. By providing an
# email address you automatically agree to letsencrypt.org's
# general terms and conditions
#
# caddy_bin_path (str): Set to "/usr/local/bin/caddy" by default.
# Provides the path to the caddy server executable
#
# caddy_cpu (str): Set to "99%" by default.
# Configures, how much CPU capacity caddy may gain
#
# caddy_config_path (str): Set to "/usr/local/www/Caddyfile" by default.
# Defines the path for the configuration file caddy will load on boot
#
# caddy_run_user (str): Set to "root" by default.
# Defines the user that caddy will run on
#
. /etc/rc.subr
name="caddy"
rcvar="${name}_enable"
load_rc_config $name
: ${caddy_enable:=no}
: ${caddy_cert_email=""}
: ${caddy_bin_path="/usr/local/bin/caddy"}
: ${caddy_cpu="99%"} # was a bug for me that caused a crash within jails
: ${caddy_config_path="/usr/local/www/Caddyfile"}
: ${caddy_run_user="root"}
if [ "$caddy_cert_email" = "" ]
then
echo "rc variable \$caddy_cert_email is not set. Please provide a valid SSL certificate issuer email."
exit 1
fi
pidfile="/var/run/caddy.pid"
logfile="/var/log/caddy.log"
command="${caddy_bin_path} -log ${logfile} -cpu ${caddy_cpu} -conf ${caddy_config_path} -agree -email ${caddy_cert_email}"
start_cmd="caddy_start"
status_cmd="caddy_status"
stop_cmd="caddy_stop"
caddy_start() {
echo "Starting ${name}..."
/usr/sbin/daemon -u ${caddy_run_user} -c -p ${pidfile} -f ${command}
}
caddy_status() {
if [ -f ${pidfile} ]; then
echo "${name} is running as $(cat $pidfile)."
else
echo "${name} is not running."
return 1
fi
}
caddy_stop() {
if [ ! -f ${pidfile} ]; then
echo "${name} is not running."
return 1
fi
echo -n "Stopping ${name}..."
kill -KILL $(cat $pidfile) 2> /dev/null && echo "stopped"
rm -f ${pidfile}
}
run_rc_command "$1"
@dprandzioch

This comment has been minimized.

Copy link
Owner Author

@dprandzioch dprandzioch commented Mar 3, 2016

Caddy cert files are located in /.caddy. Currently runs as root user because Caddy does not support privilege de-escalation - please be aware of that fact and jail your webserver...

@TomHetmer

This comment has been minimized.

Copy link

@TomHetmer TomHetmer commented Dec 10, 2016

You can run caddy as www no problem

just use mac_portacl to allow binding to 80/443
https://gist.github.com/TomHetmer/b0a048d688af78e78f45609880ef4d67

@everettcomstock

This comment has been minimized.

Copy link

@everettcomstock everettcomstock commented Dec 27, 2019

David, could you provide an example of how this file is used? I'm new to FreeBSD and I'm not sure if this is a file that I should create somewhere on my server, or if it is a command that I should run in the shell. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment