Last active
December 27, 2019 21:41
-
-
Save dstapp/f3a0bc4ebde3efd5c2a4 to your computer and use it in GitHub Desktop.
FreeBSD Caddy init script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# | |
# PROVIDE: caddy | |
# REQUIRE: networking | |
# KEYWORD: shutdown | |
# | |
# Add the following lines to /etc/rc.conf to enable caddy: | |
# caddy_enable (bool): Set to "NO" by default. | |
# Set it to "YES" to enable caddy | |
# | |
# caddy_cert_email (str): Set to "" by default. | |
# Defines the SSL certificate issuer email. By providing an | |
# email address you automatically agree to letsencrypt.org's | |
# general terms and conditions | |
# | |
# caddy_bin_path (str): Set to "/usr/local/bin/caddy" by default. | |
# Provides the path to the caddy server executable | |
# | |
# caddy_cpu (str): Set to "99%" by default. | |
# Configures, how much CPU capacity caddy may gain | |
# | |
# caddy_config_path (str): Set to "/usr/local/www/Caddyfile" by default. | |
# Defines the path for the configuration file caddy will load on boot | |
# | |
# caddy_run_user (str): Set to "root" by default. | |
# Defines the user that caddy will run on | |
# | |
. /etc/rc.subr | |
name="caddy" | |
rcvar="${name}_enable" | |
load_rc_config $name | |
: ${caddy_enable:=no} | |
: ${caddy_cert_email=""} | |
: ${caddy_bin_path="/usr/local/bin/caddy"} | |
: ${caddy_cpu="99%"} # was a bug for me that caused a crash within jails | |
: ${caddy_config_path="/usr/local/www/Caddyfile"} | |
: ${caddy_run_user="root"} | |
if [ "$caddy_cert_email" = "" ] | |
then | |
echo "rc variable \$caddy_cert_email is not set. Please provide a valid SSL certificate issuer email." | |
exit 1 | |
fi | |
pidfile="/var/run/caddy.pid" | |
logfile="/var/log/caddy.log" | |
command="${caddy_bin_path} -log ${logfile} -cpu ${caddy_cpu} -conf ${caddy_config_path} -agree -email ${caddy_cert_email}" | |
start_cmd="caddy_start" | |
status_cmd="caddy_status" | |
stop_cmd="caddy_stop" | |
caddy_start() { | |
echo "Starting ${name}..." | |
/usr/sbin/daemon -u ${caddy_run_user} -c -p ${pidfile} -f ${command} | |
} | |
caddy_status() { | |
if [ -f ${pidfile} ]; then | |
echo "${name} is running as $(cat $pidfile)." | |
else | |
echo "${name} is not running." | |
return 1 | |
fi | |
} | |
caddy_stop() { | |
if [ ! -f ${pidfile} ]; then | |
echo "${name} is not running." | |
return 1 | |
fi | |
echo -n "Stopping ${name}..." | |
kill -KILL $(cat $pidfile) 2> /dev/null && echo "stopped" | |
rm -f ${pidfile} | |
} | |
run_rc_command "$1" |
You can run caddy as www no problem
just use mac_portacl to allow binding to 80/443
https://gist.github.com/TomHetmer/b0a048d688af78e78f45609880ef4d67
David, could you provide an example of how this file is used? I'm new to FreeBSD and I'm not sure if this is a file that I should create somewhere on my server, or if it is a command that I should run in the shell. Thanks!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Caddy cert files are located in /.caddy. Currently runs as root user because Caddy does not support privilege de-escalation - please be aware of that fact and jail your webserver...