kebler.net
/
caddy-retired
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

reworked caddy script - removed cmdline support for netbind 

systemd service install now uses sed to insert the repo directory into the call service script before deploying.
renamed install script to fetch as to avoid confusion as it fetches the basic binary.
giskard
David Kebler 2020-11-27 14:42:53 -08:00
parent c9ff56881e
commit e24be310ae
9 changed files with 24 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -7,4 +7,4 @@ env/
conf/ conf/
user/ user/
build/ build/
user/ /archive/

26
scripts/caddy
View File

@ -1,28 +1,16 @@
#!/bin/bash #!/bin/bash
SDIR=$(dirname "$(readlink -f "$0")") || exit SDIR=$(dirname "$(readlink -f "$0")") || exit
DIR=$(dirname "$SDIR") || exit DIR=$(dirname "$SDIR") || exit
echo Caddy Reposity Root: $DIR
source $SDIR/library source $SDIR/library
CONF=$DIR/conf/${1:-caddy}.conf CONF=$DIR/conf/${1:-caddy}.conf
get-caddy-name # this sets $CADDY_BIN CMD=${2:-run}
get-caddy-bin # this sets $CADDY_BIN
BIN=$DIR/bin/$CADDY_BIN BIN=$DIR/bin/$CADDY_BIN
echo running caddy $BIN
[ ! -f "$BIN" ] && echo binary file $BIN does not exist && exit 1 [ ! -f "$BIN" ] && echo binary file $BIN does not exist && exit 1
[ ! -x "$BIN" ] && echo binary file $BIN is not executable && exit 1 [ ! -x "$BIN" ] && echo binary file $BIN is not executable && exit 1
[ ! -f "$CONF" ] && echo no configuration file $CONF && exit 1 [ ! -f "$CONF" ] && echo no configuration file $CONF && exit 1
if [ $INVOCATION_ID ]; then # source any need environment files in $DIR/env
echo running under systemd service for f in $DIR/env/*.env; do source $f; done
else echo Running caddy binary $BIN with configuration $CONF and command $CMD as user $USER
CAP="cap_net_bind_service+eip" $BIN $CMD --config $CONF --adapter caddyfile
ISSET=$(getcap $BIN | grep $CAP )
echo before $ISSET
if [ ! "$ISSET" ]; then
echo binary not set for binding port 80 by non-root users, attempting to set
sudo setcap $CAP $BIN
ISSET=$(getcap $BIN | grep $CAP)
echo after $ISSET
[ ! "$ISSET" ] && echo unable to set port binding && exit 1
fi
fi
echo $BIN run --config $CONF --adapter caddyfile
set-env $DIR/env
su -c "for f in $DIR/env/*.env; do source $f; done && $BIN run --config $CONF --adapter caddyfile" - caddy

8
scripts/delete/arch
View File

@ -1,8 +0,0 @@
#!/bin/bash
ARCH=${1:-amd64}
DIR=$(dirname "$(dirname "$(readlink -f "$0")")") || exit
echo Making Link to $ARCH binary in $DIR/bin/$ARCH/caddy
rm $DIR/caddy
ln -s $DIR/bin/$ARCH/caddy $DIR/caddy
sudo chown caddy:sysadmin $DIR/bin/$ARCH/caddy
sudo chown -h caddy:sysadmin $DIR/caddy

0
scripts/install → scripts/fetch
View File

2
scripts/library
View File

@ -40,7 +40,7 @@ ARCH=${ARCHES[$(uname -m)]}
fi fi
} }
function get-caddy-name () { function get-caddy-bin () {
get-OS get-OS
get-architecture get-architecture
echo caddy binary name is $OS-$ARCH echo caddy binary name is $OS-$ARCH

3
scripts/mkuser
View File

@ -16,7 +16,8 @@ sudo useradd --system \
--shell /bin/bash \ --shell /bin/bash \
--comment "Caddy web server user" \ --comment "Caddy web server user" \
caddy caddy
echo 'caddy:caddy' | sudo chpasswd echo 'caddy:caddy' | sudo chpasswd # user:password
echo "set caddy user password to \'caddy\'"
sudo chown -R caddy:caddy $DIR/user sudo chown -R caddy:caddy $DIR/user
echo adding current user $USER to caddy group for rw access echo adding current user $USER to caddy group for rw access
sudo usermod -a -G caddy $USER sudo usermod -a -G caddy $USER

1
scripts/own
View File

@ -6,6 +6,5 @@ sudo chown -R caddy:caddy $DIR
sudo chmod -R ug=rw,o=r,a+X $DIR sudo chmod -R ug=rw,o=r,a+X $DIR
sudo chmod ug+x -R $DIR/scripts sudo chmod ug+x -R $DIR/scripts
sudo chmod ug+x -R $DIR/env sudo chmod ug+x -R $DIR/env
sudo chmod ug+x -R $DIR/caddy
sudo chmod ug+x -R $DIR/bin sudo chmod ug+x -R $DIR/bin
sudo chmod ug+x -R $DIR/build/bin sudo chmod ug+x -R $DIR/build/bin

23
systemd/caddy@.service
View File

@ -1,16 +1,6 @@
# caddy.service # caddy@.service
# # For using Caddy2 and a caddyfile.
# For using Caddy with a config file. # Using caddy repository at @d see @d/README.md
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
# use sed to get caddy directory at install
[Unit] [Unit]
Description=Caddy Description=Caddy
@ -21,10 +11,9 @@ After=network.target
# base directory must be hard coded # base directory must be hard coded
User=caddy User=caddy
Group=caddy Group=caddy
WorkingDirectory=/opt/caddy WorkingDirectory=@d
ExecStart= ExecStart=@d/scripts/caddy %i
ExecReload=@d/scripts/caddy %i reload
ExecReload=/opt/caddy/scripts/caddy reload --config /opt/caddy/conf/%.conf --adapter=caddyfile
TimeoutStopSec=5s TimeoutStopSec=5s
LimitNOFILE=1048576 LimitNOFILE=1048576
LimitNPROC=512 LimitNPROC=512

10
systemd/install
View File

@ -1,5 +1,9 @@
#!/bin/bash #!/bin/bash
# copies template to systemd # copies template to systemd
DIR="$(dirname "$(readlink -f "$0")")" SDIR=$(dirname "$(readlink -f "$0")") || exit
sudo rm /etc/systemd/system/caddy@.service DIR=$(dirname "$SDIR") || exit
sudo cp $DIR/caddy@.service /etc/systemd/system/ SDDIR="/etc/systemd/system"
echo Caddy Reposity Root: $DIR
echo "Installing Template Service file at $SDIR/caddy@.service"
echo ---- Service file as written to $SDDIR ----
cat $SDIR/caddy@.service | sed 's:@d:'$DIR':'g | sudo tee $SDDIR/caddy@.service