FreeBSD Caddy init script

caddy

#!/bin/sh
#
# PROVIDE: caddy
# REQUIRE: networking
# KEYWORD: shutdown

#
# Add the following lines to /etc/rc.conf to enable caddy:
# caddy_enable (bool):        Set to "NO" by default.
#                             Set it to "YES" to enable caddy
#
# caddy_cert_email (str):     Set to "" by default.
#                             Defines the SSL certificate issuer email. By providing an
#                             email address you automatically agree to letsencrypt.org's
#                             general terms and conditions
#
# caddy_bin_path (str):       Set to "/usr/local/bin/caddy" by default.
#                             Provides the path to the caddy server executable
#
# caddy_cpu (str):            Set to "99%" by default.
#                             Configures, how much CPU capacity caddy may gain
#
# caddy_config_path (str):    Set to "/usr/local/www/Caddyfile" by default.
#                             Defines the path for the configuration file caddy will load on boot
#
# caddy_run_user (str):       Set to "root" by default.
#                             Defines the user that caddy will run on
#

. /etc/rc.subr

name="caddy"
rcvar="${name}_enable"

load_rc_config $name
: ${caddy_enable:=no}
: ${caddy_cert_email=""}
: ${caddy_bin_path="/usr/local/bin/caddy"}
: ${caddy_cpu="99%"} # was a bug for me that caused a crash within jails
: ${caddy_config_path="/usr/local/www/Caddyfile"}
: ${caddy_run_user="root"}

if [ "$caddy_cert_email" = "" ]
then
    echo "rc variable \$caddy_cert_email is not set. Please provide a valid SSL certificate issuer email."
    exit 1
fi

pidfile="/var/run/caddy.pid"
logfile="/var/log/caddy.log"

command="${caddy_bin_path} -log ${logfile} -cpu ${caddy_cpu} -conf ${caddy_config_path} -agree -email ${caddy_cert_email}"

start_cmd="caddy_start"
status_cmd="caddy_status"
stop_cmd="caddy_stop"

caddy_start() {
    echo "Starting ${name}..."
    /usr/sbin/daemon -u ${caddy_run_user} -c -p ${pidfile} -f ${command}
}

caddy_status() {
    if [ -f ${pidfile} ]; then
      echo "${name} is running as $(cat $pidfile)."
    else
      echo "${name} is not running."
      return 1
    fi
}

caddy_stop() {
    if [ ! -f ${pidfile} ]; then
      echo "${name} is not running."
      return 1
    fi

    echo -n "Stopping ${name}..."
    kill -KILL $(cat $pidfile) 2> /dev/null && echo "stopped"
    rm -f ${pidfile}
}

run_rc_command "$1"

Caddy cert files are located in /.caddy. Currently runs as root user because Caddy does not support privilege de-escalation - please be aware of that fact and jail your webserver...

You can run caddy as www no problem

just use mac_portacl to allow binding to 80/443
https://gist.github.com/TomHetmer/b0a048d688af78e78f45609880ef4d67

David, could you provide an example of how this file is used? I'm new to FreeBSD and I'm not sure if this is a file that I should create somewhere on my server, or if it is a command that I should run in the shell. Thanks!