Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Following the docs leads to service failure #420

Open
ahoiroman opened this issue Oct 1, 2024 · 3 comments
Open

Following the docs leads to service failure #420

ahoiroman opened this issue Oct 1, 2024 · 3 comments

Comments

@ahoiroman
Copy link

ahoiroman commented Oct 1, 2024

The docs at https://caddyserver.com/docs/caddyfile/options#admin describe how to use a unix socket in order to make the api listen to the unix socket.

{
	admin unix//run/caddy-admin.sock
}

Following this leads to a service failure on restart:

Oct 01 06:07:00 server1 caddy[56725]: Error: loading initial config: loading new config: starting caddy administration endpoint: permission denied

This happens, if caddy is installed via package manager and running as user caddy.

But even if I create that socket using:

touch /run/caddy-admin.sock
chown caddy: /run/caddy-admin.sock
chmod 0600 /run/caddy-admin.sock

Leads to the very same error:

Oct 01 06:10:14 server1 caddy[56747]: Error: loading initial config: loading new config: starting caddy administration endpoint: permission denied

@mohammed90 mohammed90 transferred this issue from caddyserver/caddy Oct 1, 2024
@mohammed90
Copy link
Member

As mentioned on the forum, this is due to how systemd works. Users are generally expected to know better how their system is setup and which directories should the service be allowed to access. It's not related to the file's absence/presence or the file permissions. The only thing we can do in terms of documentation is to mention that users should be mindful of their system setup and perhaps need to adjust their init system, but we cannot assume all users use systemd-led Linux distro. Other *nix systems might not have the same restrictions enforced by systemd.

@ahoiroman
Copy link
Author

My issue was in fact pointing in that direction: Adding more context to the docs.

I think I am working that out and, if it's something you'd welcome, I'll create a PR for the docs.

@mohammed90
Copy link
Member

PRs are always welcome and appreciated! Documentation written from user's perspective may be clearer than ones written by the developers and maintainers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants