FreeBSD Init-Script for the Caddy Webserver

published on in category Caddy FreeBSD , Tags: caddy webserver freebsd

I have used Caddy for a while now on FreeBSD. But though it lacks a working init script, I decided to write one on my own. Here’s the result, description below:

Init script

UPDATE 2016/03/20: My FreeBSD init script has made it into the official Caddy repository: https://github.com/mholt/caddy/blob/master/dist/init/freebsd/caddy.

Please take notice, that Caddy currently only runs as root user because it does not support privilege de-escalation yet, so you might wanna jail your webserver.

#!/bin/sh
#
# PROVIDE: caddy
# REQUIRE: networking
# KEYWORD: shutdown

#
# Add the following lines to /etc/rc.conf to enable caddy:
# caddy_enable (bool):        Set to "NO" by default.
#                             Set it to "YES" to enable caddy
#
# caddy_cert_email (str):     Set to "" by default.
#                             Defines the SSL certificate issuer email. By providing an
#                             email address you automatically agree to letsencrypt.org's
#                             general terms and conditions
#
# caddy_bin_path (str):       Set to "/usr/local/bin/caddy" by default.
#                             Provides the path to the caddy server executable
#
# caddy_cpu (str):            Set to "99%" by default.
#                             Configures, how much CPU capacity caddy may gain
#
# caddy_config_path (str):    Set to "/usr/local/www/Caddyfile" by default.
#                             Defines the path for the configuration file caddy will load on boot
#
# caddy_run_user (str):       Set to "root" by default.
#                             Defines the user that caddy will run on
#

. /etc/rc.subr

name="caddy"
rcvar="${name}_enable"

load_rc_config $name
: ${caddy_enable:=no}
: ${caddy_cert_email=""}
: ${caddy_bin_path="/usr/local/bin/caddy"}
: ${caddy_cpu="99%"} # was a bug for me that caused a crash within jails
: ${caddy_config_path="/usr/local/www/Caddyfile"}
: ${caddy_run_user="root"}

if [ "$caddy_cert_email" = "" ]
then
    echo "rc variable \$caddy_cert_email is not set. Please provide a valid SSL certificate issuer email."
    exit 1
fi

pidfile="/var/run/caddy.pid"
logfile="/var/log/caddy.log"

command="${caddy_bin_path} -log ${logfile} -cpu ${caddy_cpu} -conf ${caddy_config_path} -agree -email ${caddy_cert_email}"

start_cmd="caddy_start"
status_cmd="caddy_status"
stop_cmd="caddy_stop"

caddy_start() {
    echo "Starting ${name}..."
    /usr/sbin/daemon -u ${caddy_run_user} -c -p ${pidfile} -f ${command}
}

caddy_status() {
    if [ -f ${pidfile} ]; then
      echo "${name} is running as $(cat $pidfile)."
    else
      echo "${name} is not running."
      return 1
    fi
}

caddy_stop() {
    if [ ! -f ${pidfile} ]; then
      echo "${name} is not running."
      return 1
    fi

    echo -n "Stopping ${name}..."
    kill -KILL $(cat $pidfile) 2> /dev/null && echo "stopped"
    rm -f ${pidfile}
}

run_rc_command "$1"

Configuration

It exposes multiple configuration variables, which may be set in /etc/rc.conf:

  • caddy_enable: As usual, must be set to YES in order for Caddy to start at boot time
  • caddy_cert_email: HTTPS certificate issuer email address (letsencrypt.org) - the init script automatically sets -agree so be sure you agree the terms of usage. This information is mandatory.
  • caddy_bin_path: The path to the caddy binary. Defaults to /usr/local/bin/caddy
  • caddy_cpu: Amount of CPU that Caddy might use. Default is 100% but I reset it to 99% because otherwise Caddy regularly killed my webserver jail
  • caddy_config_path: Path to the Caddyfile, defaults to /usr/local/www/Caddyfile

Logfile

The following files are created:

  • /var/log/caddy.log: Caddy log file
  • /var/run/caddy.pid: Caddy pid file

The init script uses / as the working directory, so certificates go to /.caddy.

Installation

Do the following things as root:

  • Download Caddy from http://caddyserver.com/ and copy the binary to /usr/local/bin/caddy
  • chmod +x it
  • Copy the init script from above to /usr/local/etc/rc.d/caddy and chmod +x it
  • run sysrc caddy_enable=YES
  • run sysrc cadddy_cert_email='youremailaddress'
  • Place a Caddyfile in /usr/local/www/ (docs: https://caddyserver.com/docs/caddyfile)
  • run service caddy start

I run this site without advertisement of any kind. All information is free and my only goal is to give back something to the amazing free software development community. If you find some value in this, please consider donating me a cup of coffee using PayPal. Thank you so much!