View | Details | Raw Unified | Return to bug 273181 | Differences between
and this patch

Collapse All | Expand All

(-)b/www/caddy/Makefile (-1 / +4 lines)
Lines 1-7 Link Here
1
PORTNAME=	caddy
1
PORTNAME=	caddy
2
DISTVERSIONPREFIX=	v
2
DISTVERSIONPREFIX=	v
3
DISTVERSION=	2.7.4
3
DISTVERSION=	2.7.4
4
PORTREVISION=	1
4
PORTREVISION=	2
5
CATEGORIES=	www
5
CATEGORIES=	www
6
DIST_SUBDIR=	caddy
6
DIST_SUBDIR=	caddy
7
7
Lines 31-36 GO_MODULE= github.com/caddyserver/caddy/v2 Link Here
31
# If modules must be specified manually:
31
# If modules must be specified manually:
32
#.include "${.CURDIR}/modules.mk"
32
#.include "${.CURDIR}/modules.mk"
33
33
34
USERS=		www
35
GROUPS=		www
36
34
post-install:
37
post-install:
35
	${MKDIR} ${STAGEDIR}${ETCDIR}
38
	${MKDIR} ${STAGEDIR}${ETCDIR}
36
	${INSTALL_DATA} ${WRKDIR}/Caddyfile.sample ${STAGEDIR}${ETCDIR}
39
	${INSTALL_DATA} ${WRKDIR}/Caddyfile.sample ${STAGEDIR}${ETCDIR}
(-)b/www/caddy/files/caddy.in (-6 / +35 lines)
Lines 4-17 Link Here
4
# REQUIRE: LOGIN DAEMON NETWORKING
4
# REQUIRE: LOGIN DAEMON NETWORKING
5
# KEYWORD: shutdown
5
# KEYWORD: shutdown
6
6
7
# To enable caddy, add 'caddy_enable="YES"' to /etc/rc.conf or
7
# To enable caddy:
8
# /etc/rc.conf.local
8
# 
9
# - Edit %%ETCDIR%%/Caddyfile
10
#   See https://caddyserver.com/docs/
11
# - Run 'service enable caddy'
12
# 
13
# Note while Caddy currently defaults to running as root:wheel, it is strongly
14
# recommended to run the server as an unprivileged user, such as www:www --
15
# 
16
# - Use security/portacl-rc to enable privileged port binding:
17
# 
18
#   # pkg install security/portacl-rc
19
#   # sysrc portacl_users+=www
20
#   # sysrc portacl_user_www_tcp="http https"
21
#   # sysrc portacl_user_www_udp="https"
22
#   # service portacl enable
23
#   # service portacl start
24
# 
25
# - Configure caddy to run as www:www
26
# 
27
#   # sysrc caddy_user=www caddy_group=www
28
# 
29
# - Note if Caddy has been started as root previously, files in
30
#   /var/log/caddy, /var/db/caddy, and /var/run/caddy may require their ownership
31
#   changing manually.
9
32
10
# Optional settings:
33
# Optional settings:
11
# caddy_command (string):     Full path to the caddy binary
34
# caddy_command (string):     Full path to the caddy binary
12
# caddy_config (string):      Full path to caddy config file
35
# caddy_config (string):      Full path to caddy config file
13
#                             (%%ETCDIR%%/Caddyfile)
36
#                             (%%ETCDIR%%/Caddyfile)
14
# caddy_adapter (string):     Config adapter type (caddyfile)
37
# caddy_adapter (string):     Config adapter type (caddyfile)
38
# caddy_admin (string):       Default administration endpoint
39
#                             (unix//var/run/caddy/caddy.sock)
15
# caddy_directory (string):   Root for caddy storage (ACME certs, etc.)
40
# caddy_directory (string):   Root for caddy storage (ACME certs, etc.)
16
#                             (/var/db/caddy)
41
#                             (/var/db/caddy)
17
# caddy_extra_flags (string): Extra flags passed to caddy start
42
# caddy_extra_flags (string): Extra flags passed to caddy start
Lines 37-47 desc="Powerful, enterprise-ready, open source web server with automatic HTTPS wr Link Here
37
load_rc_config $name
62
load_rc_config $name
38
63
39
# Defaults
64
# Defaults
40
: ${caddy_enable:=NO}
65
: ${caddy_enable:="NO"}
41
: ${caddy_adapter:=caddyfile}
66
: ${caddy_adapter:="caddyfile"}
42
: ${caddy_config:="%%ETCDIR%%/Caddyfile"}
67
: ${caddy_config:="%%ETCDIR%%/Caddyfile"}
68
: ${caddy_admin:="unix//var/run/${name}/${name}.sock"}
43
: ${caddy_command:="%%PREFIX%%/bin/${name}"}
69
: ${caddy_command:="%%PREFIX%%/bin/${name}"}
44
: ${caddy_directory:=/var/db/caddy}
70
: ${caddy_directory:="/var/db/caddy"}
45
: ${caddy_extra_flags:=""}
71
: ${caddy_extra_flags:=""}
46
: ${caddy_logdir:="/var/log/${name}"}
72
: ${caddy_logdir:="/var/log/${name}"}
47
: ${caddy_logfile:="${caddy_logdir}/${name}.log"}
73
: ${caddy_logfile:="${caddy_logdir}/${name}.log"}
Lines 53-58 load_rc_config $name Link Here
53
: ${XDG_DATA_HOME:="${caddy_directory}/data"}
79
: ${XDG_DATA_HOME:="${caddy_directory}/data"}
54
export XDG_CONFIG_HOME XDG_DATA_HOME
80
export XDG_CONFIG_HOME XDG_DATA_HOME
55
81
82
# Default admin interface
83
export CADDY_ADMIN="${caddy_admin}"
84
56
command="${caddy_command}"
85
command="${caddy_command}"
57
pidfile="/var/run/${name}/${name}.pid"
86
pidfile="/var/run/${name}/${name}.pid"
58
87
Lines 115-121 caddy_prestop() Link Here
115
144
116
    echo -n "Stopping caddy... "
145
    echo -n "Stopping caddy... "
117
146
118
    result="$(caddy_execute stop 2>&1)"
147
    result="$(caddy_execute stop ${caddy_flags} 2>&1)"
119
    if [ ${?} -eq 0 ]; then
148
    if [ ${?} -eq 0 ]; then
120
        echo "done"
149
        echo "done"
121
        exit 0
150
        exit 0
(-)b/www/caddy/files/pkg-message.in (-6 / +75 lines)
Lines 6-27 To enable caddy: Link Here
6
6
7
- Edit %%ETCDIR%%/Caddyfile
7
- Edit %%ETCDIR%%/Caddyfile
8
  See https://caddyserver.com/docs/
8
  See https://caddyserver.com/docs/
9
- Add caddy_enable="YES" to /etc/rc.conf
9
- Run 'service enable caddy'
10
11
Note while Caddy currently defaults to running as root:wheel, it is strongly
12
recommended to run the server as an unprivileged user, such as www:www --
13
14
- Use security/portacl-rc to enable privileged port binding:
15
16
  # pkg install security/portacl-rc
17
  # sysrc portacl_users+=www
18
  # sysrc portacl_user_www_tcp="http https"
19
  # sysrc portacl_user_www_udp="https"
20
  # service portacl enable
21
  # service portacl start
22
23
- Configure caddy to run as www:www
24
25
  # sysrc caddy_user=www caddy_group=www
26
27
- Note if Caddy has been started as root previously, files in
28
  /var/log/caddy, /var/db/caddy, and /var/run/caddy may require their ownership
29
  changing manually.
10
30
11
%%PREFIX%%/etc/rc.d/caddy has the following defaults:
31
%%PREFIX%%/etc/rc.d/caddy has the following defaults:
12
32
13
- Server log: /var/log/caddy/caddy.log
33
- Server log: /var/log/caddy/caddy.log
14
  (runtime messages, NOT an access.log)
34
  (runtime messages, NOT an access.log)
15
- Automatic SSL certificate storage: /var/db/caddy/data/caddy/
35
- Automatic SSL certificate storage: /var/db/caddy/data/caddy/
16
- Runs as root:wheel (you can run as another user, like www,
36
- Administration endpoint: //unix/var/run/caddy/caddy.sock
17
  but caddy will be unable to bind to low-numbered ports,
37
- Runs as root:wheel (this will change to www:www in the future)
18
  including 80 and 443)
19
38
20
INSTALL
39
INSTALL
21
}
40
}
22
{
41
{
23
  type: upgrade
42
  type: upgrade
24
  maximum_version: 2.3.0
43
  maximum_version: "2.3.0"
25
  message: <<UPGRADE
44
  message: <<UPGRADE
26
The default locations for caddy runtime files have changed!
45
The default locations for caddy runtime files have changed!
27
46
Lines 36-41 The default locations for caddy runtime files have changed! Link Here
36
55
37
You can change these defaults. See %%PREFIX%%/etc/rc.d/caddy
56
You can change these defaults. See %%PREFIX%%/etc/rc.d/caddy
38
57
58
UPGRADE
59
}
60
{
61
  type: upgrade
62
  maximum_version: "2.7.4_2"
63
  message: <<UPGRADE
64
The default Caddy administration endpoint location has been changed from
65
localhost:2019 to a protected Unix domain socket located in
66
/var/run/caddy/caddy.sock
67
68
This can be overridden with the `caddy_admin` rc variable, or by specifiying
69
an alternative in the Caddyfile `admin` section, documented here:
70
71
  https://caddyserver.com/docs/caddyfile/options#admin
72
73
The previous default, particularly paired with the server running as root,
74
may have serious security implications for shared machines with untrusted
75
users.
76
77
UPGRADE
78
}
79
{
80
  type: upgrade
81
  message: <<UPGRADE
82
It is STRONGLY RECOMMENDED to run Caddy as an unprivileged user, such as
83
www:www, rather than the current default of root:wheel.
84
85
If you have relied upon earlier defaults:
86
87
- Use security/portacl-rc to enable privileged port binding:
88
89
  # pkg install security/portacl-rc
90
  # sysrc portacl_users+=www
91
  # sysrc portacl_user_www_tcp="http https"
92
  # sysrc portacl_user_www_udp="https"
93
  # service portacl enable
94
  # service portacl start
95
96
- Stop the server, and update ownership on Caddy runtime files:
97
98
  # service caddy stop
99
  # chown -r www:www /var/db/caddy /var/log/caddy /var/run/caddy
100
101
Other changes may be necessary depending on your exact Caddy
102
configuration.
103
104
- Change the default runtime user, and restart the server:
105
106
  # sysrc caddy_user=www caddy_group=www
107
  # service caddy start
108
39
UPGRADE
109
UPGRADE
40
}
110
}
41
]
111
]
42
- 

Return to bug 273181