github-mirror/caddy
github-mirror/caddy
2
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-03-04 08:57:23 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
caddy/dist/init
History
Jacob Hoffman-Andrews 24b2e02ee5 init/systemd: Re-add ReadWriteDirectories. (#2798) 
In systemd 231
(4f10b80786/NEWS (L3558-L3565)),
ReadWriteDirectories was renamed ReadWritePaths.

In https://github.com/caddyserver/caddy/pull/2620/files, @aspeteRakete
renamed the directive in Caddy's example systemd unit.

However, this means that if anyone runs this sytemd unit on a version of
systemd older than 231, Caddy will go into a crash loop that hammers
Let's Encrypt's servers. That's because the ProtectSystem=full directive
prevents writes to all paths that aren't explicitly permitted, and older
systemd doesn't see any paths being permitted.

To maximize compatibility, I re-add the original ReadWriteDirectories
directive. Older systemd will read that; newer systemd will read the
newer directive. Both should ignore the directive they do not recognize.

Another approach to solve this problem would be to remove
ProtectSystem=true, originally introduced in da8ae9e5. That would reduce
the risk of similar breakages in the future. It would make for a slightly
less "exemplary" systemd unit, but I think it would still be adequate,
given that this unit runs caddy as "www-data", a user the presumably has
low privileges.
2019-10-09 19:04:28 -06:00
..
freebsd
Add doc re running as non-root user on FreeBSD (#2655)
2019-07-18 15:19:21 -06:00
linux-systemd
init/systemd: Re-add ReadWriteDirectories. (#2798)
2019-10-09 19:04:28 -06:00
linux-sysvinit
implemented sourcing of default file for sysvinit (#1984)
2018-01-15 18:22:53 -07:00
linux-upstart
init: Fix upstart script for Centos6 (and Amazon Linux) (#1914)
2017-10-12 17:02:46 -06:00
mac-launchd
update macOS launchd example (#1600)
2017-04-26 13:44:32 -06:00
README.md
Post init script guidelines
2016-12-30 11:56:37 -07:00

README.md

Init/Service Scripts

This folder contains init/service scripts for using Caddy on various Linux and BSD distributions. They are created and maintained by the community.

Getting Help

Different scripts have different maintainers; please consult the comments in the file and any README for assistance setting it up. Do not open an issue on the Caddy project about these scripts; instead, to ask a question or suggest a change, please contact the maintainer of the script directly.

Disclaimer

The files contained herein are not officially supported by the Caddy project author and/or contributors, and as such, the files are not endorsed by the same. The Caddy project author and its contributors are not responsible for the function or malfunction of these scripts/files, or any unintended consequences to your system or website in attempting to set up Caddy. Users are expected to know how to administer their system, and these files should be considered as only a guide or suggestion for using Caddy in certain environments.

Guidelines

The files distributed here should adhere to these principles where relevant (adjust accordingly for each system/platform):

  • Don't run as root.
  • Create a no-shell default user to run it.
  • Raise file descriptor limits.
  • Don't restart endlessly; if Caddy fails to start, there's a reason -- fix it, don't hammer it.
  • Allow Caddy to re-use the same, persistent folder for storage.
  • Stay as simple and minimal as possible.
  • Be idempotent.
  • Use comments to explain unexpected or unusual lines/patterns.
  • Be secure by default.

Thank you for using Caddy! May it serve you well.