Skip to content

Instantly share code, notes, and snippets.

@dprandzioch
Last active Dec 27, 2019
Embed
What would you like to do?
FreeBSD Caddy init script
#!/bin/sh
#
# PROVIDE: caddy
# REQUIRE: networking
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable caddy:
# caddy_enable (bool): Set to "NO" by default.
# Set it to "YES" to enable caddy
#
# caddy_cert_email (str): Set to "" by default.
# Defines the SSL certificate issuer email. By providing an
# email address you automatically agree to letsencrypt.org's
# general terms and conditions
#
# caddy_bin_path (str): Set to "/usr/local/bin/caddy" by default.
# Provides the path to the caddy server executable
#
# caddy_cpu (str): Set to "99%" by default.
# Configures, how much CPU capacity caddy may gain
#
# caddy_config_path (str): Set to "/usr/local/www/Caddyfile" by default.
# Defines the path for the configuration file caddy will load on boot
#
# caddy_run_user (str): Set to "root" by default.
# Defines the user that caddy will run on
#
. /etc/rc.subr
name="caddy"
rcvar="${name}_enable"
load_rc_config $name
: ${caddy_enable:=no}
: ${caddy_cert_email=""}
: ${caddy_bin_path="/usr/local/bin/caddy"}
: ${caddy_cpu="99%"} # was a bug for me that caused a crash within jails
: ${caddy_config_path="/usr/local/www/Caddyfile"}
: ${caddy_run_user="root"}
if [ "$caddy_cert_email" = "" ]
then
echo "rc variable \$caddy_cert_email is not set. Please provide a valid SSL certificate issuer email."
exit 1
fi
pidfile="/var/run/caddy.pid"
logfile="/var/log/caddy.log"
command="${caddy_bin_path} -log ${logfile} -cpu ${caddy_cpu} -conf ${caddy_config_path} -agree -email ${caddy_cert_email}"
start_cmd="caddy_start"
status_cmd="caddy_status"
stop_cmd="caddy_stop"
caddy_start() {
echo "Starting ${name}..."
/usr/sbin/daemon -u ${caddy_run_user} -c -p ${pidfile} -f ${command}
}
caddy_status() {
if [ -f ${pidfile} ]; then
echo "${name} is running as $(cat $pidfile)."
else
echo "${name} is not running."
return 1
fi
}
caddy_stop() {
if [ ! -f ${pidfile} ]; then
echo "${name} is not running."
return 1
fi
echo -n "Stopping ${name}..."
kill -KILL $(cat $pidfile) 2> /dev/null && echo "stopped"
rm -f ${pidfile}
}
run_rc_command "$1"
@dprandzioch
Copy link
Author

dprandzioch commented Mar 3, 2016

Caddy cert files are located in /.caddy. Currently runs as root user because Caddy does not support privilege de-escalation - please be aware of that fact and jail your webserver...

@totocz
Copy link

totocz commented Dec 10, 2016

You can run caddy as www no problem

just use mac_portacl to allow binding to 80/443
https://gist.github.com/TomHetmer/b0a048d688af78e78f45609880ef4d67

@everettcomstock
Copy link

everettcomstock commented Dec 27, 2019

David, could you provide an example of how this file is used? I'm new to FreeBSD and I'm not sure if this is a file that I should create somewhere on my server, or if it is a command that I should run in the shell. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment