服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 在systemd v232下运​​行,否则运行Caddy的错误
Intereting Posts
如何有条件地为通过nginx中的X-Accel-Redirect提供的字体添加Access-Control-Allow-Origin头 将path名更改为Zimbra中的pipe理页面 BlackBerry专业软件 – 使用Exchange Server 密码保护的WinRAR档案有多安全? configurationApache 2.2以避免黑莓设备中的504错误 在中央日志服务器上logging多个日志“根目录”? 是否有可能在保持系统本地时间的情况下使用UTC时间运行个人日常计时器? 限制已经启动的进程的networking吞吐量? (Linux的/ FreeBSD的) XCA签名问题 Sql服务器备份最佳实践。 太多的文件创build? 在由nginx代理的机器上设置cookie时出现问题 增加亚马逊根卷大小 以明文保存用户密码是否合法? 我怎样才能说服我的客户避免呢? 是否有可能连接域控制器(Windows Server 2012)与SBS 2011? 在多个Windows计算机上安装CA证书(IE / Firefox)

在systemd v232下运​​行,否则运行Caddy的错误

我正在努力使用https://github.com/mholt/caddy/tree/master/dist/init/linuxsystemd中规范推荐的systemd单元模板来启动Caddy。

当在类似环境下的前台开始时,这一切都起作用,下面是我已经validation的事情以及重置失败状态的结果,并开始并立即在以下日记之后:

validation:

  • 开始使用# su -s /bin/bash -c '/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp' www-data有或没有tls off
  • 相关的,DNS条目(编辑,以保护不称职)是正确的,例如, acrobat.example.orgparsing为默认WAN适配器的唯一的IP地址,这台机器只有一个(连接)的networking适配器。

好奇的花絮:

  • 如果我tls off它的话,可能是因为它速度不够快,不会被systemd杀死
  • 有人报告(旧版本)的Caddy尝试创build一个目录,可以在systemd的限制目录权限下失败,也许这只发生在TLS模式?

该杂志,caddyfile如下: 

 root@acrobat ~ # systemctl start caddy && journalctl -flu caddy -- Logs begin at Fri 2017-09-01 10:57:28 CEST. -- Sep 01 10:57:42 acrobat systemd[1]: caddy.service: Service hold-off time over, scheduling restart. Sep 01 10:57:42 acrobat systemd[1]: Stopped Caddy HTTP/2 web server. Sep 01 10:57:42 acrobat systemd[1]: caddy.service: Start request repeated too quickly. Sep 01 10:57:42 acrobat systemd[1]: Failed to start Caddy HTTP/2 web server. Sep 01 10:57:42 acrobat systemd[1]: caddy.service: Unit entered failed state. Sep 01 10:57:42 acrobat systemd[1]: caddy.service: Failed with result 'exit-code'. Sep 01 11:27:42 acrobat systemd[1]: caddy.service: Start request repeated too quickly. Sep 01 11:27:42 acrobat systemd[1]: Failed to start Caddy HTTP/2 web server. Sep 01 11:27:42 acrobat systemd[1]: caddy.service: Failed with result 'exit-code'. Sep 01 11:27:48 acrobat systemd[1]: Started Caddy HTTP/2 web server. Sep 01 11:27:48 acrobat caddy[5528]: Activating privacy features...2017/09/01 11:27:48 [INFO][acrobat.example.org] acme: Obtaining bundled SAN certificate Sep 01 11:27:49 acrobat caddy[5528]: 2017/09/01 11:27:49 [INFO][acrobat.example.org] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/pDXdgOCTVhVwbbNE40l54GZLoOW0DyWjpPXbp1RpjRs Sep 01 11:27:49 acrobat caddy[5528]: 2017/09/01 11:27:49 [INFO][acrobat.example.org] acme: Trying to solve TLS-SNI-01 Sep 01 11:27:49 acrobat systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE Sep 01 11:27:49 acrobat systemd[1]: caddy.service: Unit entered failed state. Sep 01 11:27:49 acrobat systemd[1]: caddy.service: Failed with result 'exit-code'. Sep 01 11:27:49 acrobat systemd[1]: caddy.service: Service hold-off time over, scheduling restart. Sep 01 11:27:49 acrobat systemd[1]: Stopped Caddy HTTP/2 web server. Sep 01 11:27:49 acrobat systemd[1]: Started Caddy HTTP/2 web server. Sep 01 11:27:50 acrobat caddy[5553]: Activating privacy features...2017/09/01 11:27:50 [INFO][acrobat.example.org] acme: Obtaining bundled SAN certificate Sep 01 11:27:50 acrobat caddy[5553]: 2017/09/01 11:27:50 [INFO][acrobat.example.org] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/OFj06UbzbqifarhRTYBgiBUNG-WJAJQ9944OBPBMHj8 Sep 01 11:27:50 acrobat caddy[5553]: 2017/09/01 11:27:50 [INFO][acrobat.example.org] acme: Trying to solve TLS-SNI-01 Sep 01 11:27:51 acrobat systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE Sep 01 11:27:51 acrobat systemd[1]: caddy.service: Unit entered failed state. Sep 01 11:27:51 acrobat systemd[1]: caddy.service: Failed with result 'exit-code'. Sep 01 11:27:51 acrobat systemd[1]: caddy.service: Service hold-off time over, scheduling restart. Sep 01 11:27:51 acrobat systemd[1]: Stopped Caddy HTTP/2 web server. Sep 01 11:27:51 acrobat systemd[1]: Started Caddy HTTP/2 web server. Sep 01 11:27:51 acrobat caddy[5570]: Activating privacy features...2017/09/01 11:27:51 [INFO][acrobat.example.org] acme: Obtaining bundled SAN certificate Sep 01 11:27:52 acrobat caddy[5570]: 2017/09/01 11:27:52 [INFO][acrobat.example.org] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/GN4X6Z_zFHiZ62ElYLS9GIdC222VLhDR7EiLvLi6kzE Sep 01 11:27:52 acrobat caddy[5570]: 2017/09/01 11:27:52 [INFO][acrobat.example.org] acme: Could not find solver for: dns-01 Sep 01 11:27:52 acrobat caddy[5570]: 2017/09/01 11:27:52 [INFO][acrobat.example.org] acme: Trying to solve HTTP-01 Sep 01 11:27:52 acrobat systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE Sep 01 11:27:52 acrobat systemd[1]: caddy.service: Unit entered failed state. Sep 01 11:27:52 acrobat systemd[1]: caddy.service: Failed with result 'exit-code'. Sep 01 11:27:52 acrobat systemd[1]: caddy.service: Service hold-off time over, scheduling restart. Sep 01 11:27:52 acrobat systemd[1]: Stopped Caddy HTTP/2 web server. Sep 01 11:27:52 acrobat systemd[1]: Started Caddy HTTP/2 web server. Sep 01 11:27:53 acrobat caddy[5586]: Activating privacy features...2017/09/01 11:27:53 [INFO][acrobat.example.org] acme: Obtaining bundled SAN certificate Sep 01 11:27:53 acrobat caddy[5586]: 2017/09/01 11:27:53 [INFO][acrobat.example.org] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/buW6jajSLNi207xwnLw--p8dKDbbfOCYlkCGIWHrt_0 Sep 01 11:27:53 acrobat caddy[5586]: 2017/09/01 11:27:53 [INFO][acrobat.example.org] acme: Trying to solve HTTP-01 Sep 01 11:27:53 acrobat systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE Sep 01 11:27:53 acrobat systemd[1]: caddy.service: Unit entered failed state. Sep 01 11:27:53 acrobat systemd[1]: caddy.service: Failed with result 'exit-code'. Sep 01 11:27:53 acrobat systemd[1]: caddy.service: Service hold-off time over, scheduling restart. Sep 01 11:27:53 acrobat systemd[1]: Stopped Caddy HTTP/2 web server. Sep 01 11:27:53 acrobat systemd[1]: Started Caddy HTTP/2 web server. Sep 01 11:27:54 acrobat caddy[5604]: Activating privacy features...2017/09/01 11:27:54 [INFO][acrobat.example.org] acme: Obtaining bundled SAN certificate Sep 01 11:27:54 acrobat caddy[5604]: 2017/09/01 11:27:54 [INFO][acrobat.example.org] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/PfjESFfYTMncpOoMOSOy9LTL6THCZOgAo9mZRLZ1AWw Sep 01 11:27:54 acrobat caddy[5604]: 2017/09/01 11:27:54 [INFO][acrobat.example.org] acme: Trying to solve TLS-SNI-01 Sep 01 11:27:55 acrobat systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE Sep 01 11:27:55 acrobat systemd[1]: caddy.service: Unit entered failed state. Sep 01 11:27:55 acrobat systemd[1]: caddy.service: Failed with result 'exit-code'. Sep 01 11:27:55 acrobat systemd[1]: caddy.service: Service hold-off time over, scheduling restart. Sep 01 11:27:55 acrobat systemd[1]: Stopped Caddy HTTP/2 web server. Sep 01 11:27:55 acrobat systemd[1]: caddy.service: Start request repeated too quickly. Sep 01 11:27:55 acrobat systemd[1]: Failed to start Caddy HTTP/2 web server. Sep 01 11:27:55 acrobat systemd[1]: caddy.service: Unit entered failed state. Sep 01 11:27:55 acrobat systemd[1]: caddy.service: Failed with result 'exit-code'.

Caddyfile

 root@acrobat ~ # cat /etc/caddy/Caddyfile acrobat.example.org { tls [email protected] log stdout proxy /api localhost:8080 { without /api health_check / transparent header_upstream X-Forwarded-Request-Uri {path} } proxy /ws localhost:8383 { without /ws websocket } }

为了比较起见,这里是成功的输出,在前台运行: 

 root@acrobat ~ # CADDYPATH=/etc/ssl/caddy su -m -s /bin/bash -c '/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp' www-data Activating privacy features...2017/09/01 11:37:42 [INFO][acrobat.example.org] acme: Obtaining bundled SAN certificate 2017/09/01 11:37:42 [INFO][acrobat.example.org] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/8A1iBrjm8SS_NcIGDQophKiLNhpafnJQM5k4N-Q8feM 2017/09/01 11:37:42 [INFO][acrobat.example.org] acme: Trying to solve HTTP-01 2017/09/01 11:37:43 [INFO][acrobat.example.org] Served key authentication 2017/09/01 11:37:44 [INFO][acrobat.example.org] The server validated our request 2017/09/01 11:37:44 [INFO][acrobat.example.org] acme: Validations succeeded; requesting certificates 2017/09/01 11:37:44 [INFO] acme: Requesting issuer cert from https://acme-v01.api.letsencrypt.org/acme/issuer-cert 2017/09/01 11:37:44 [INFO][acrobat.example.org] Server responded with a certificate. 2017/09/01 11:37:44 [INFO][acrobat.example.org] Certificate written to disk: /etc/ssl/caddy/acme/acme-v01.api.letsencrypt.org/sites/acrobat.example.org/acrobat.example.org.crt done. https://acrobat.example.org 2017/09/01 11:37:44 https://acrobat.example.org http://acrobat.example.org 2017/09/01 11:37:44 http://acrobat.example.org WARNING: File descriptor limit 1024 is too low for production servers. At least 8192 is recommended. Fix with "ulimit -n 8192".