Attachment #244172 for bug #273181

Lines 1-6 Link Here

(-)www/caddy/Makefile (+4 lines)
1	PORTNAME= caddy	1	PORTNAME= caddy
2	DISTVERSIONPREFIX= v	2	DISTVERSIONPREFIX= v
3	DISTVERSION= 2.7.3	3	DISTVERSION= 2.7.3
		4	PORTREVISION= 1
4	CATEGORIES= www	5	CATEGORIES= www
5	DIST_SUBDIR= caddy	6	DIST_SUBDIR= caddy
6		7
Lines 17-22 CPE_VENDOR= caddyserver Link Here
17	USE_RC_SUBR= caddy	18	USE_RC_SUBR= caddy
18	SUB_FILES= Caddyfile.sample caddy pkg-message	19	SUB_FILES= Caddyfile.sample caddy pkg-message
19		20
		21	USERS= www
		22	GROUPS= www
		23
20	CONFLICTS_INSTALL= caddy-custom	24	CONFLICTS_INSTALL= caddy-custom
21		25
22	PLIST_FILES= bin/${PORTNAME} \	26	PLIST_FILES= bin/${PORTNAME} \

Lines 6-11 Link Here

(-)www/caddy/files/caddy.in (-4 / +13 lines)
6		6
7	# To enable caddy, add 'caddy_enable="YES"' to /etc/rc.conf or	7	# To enable caddy, add 'caddy_enable="YES"' to /etc/rc.conf or
8	# /etc/rc.conf.local	8	# /etc/rc.conf.local
		9	#
		10	# To enable running as www:www, add 'mac_portacl_load="YES"' to
		11	# /boot/loader.conf and the following lines to /etc/sysctl.conf:
		12	#
		13	# # Delegate reserved port handling to mac_portacl
		14	# net.inet.ip.portrange.reservedhigh=0
		15	#
		16	# # Enable uid 80 to listen on ports 80 and 443
		17	# security.mac.portacl.rules="uid:80:tcp:80,uid:80:tcp:443"
9		18
10	# Optional settings:	19	# Optional settings:
11	# caddy_command (string): Full path to the caddy binary	20	# caddy_command (string): Full path to the caddy binary
Lines 21-28 Link Here
21	# This is for startup/shutdown/error messages.	30	# This is for startup/shutdown/error messages.
22	# To create an access log, see:	31	# To create an access log, see:
23	# https://caddyserver.com/docs/caddyfile/directives/log	32	# https://caddyserver.com/docs/caddyfile/directives/log
24	# caddy_user (user): User to run caddy (root)	33	# caddy_user (user): User to run caddy (www)
25	# caddy_group (group): Group to run caddy (wheel)	34	# caddy_group (group): Group to run caddy (www)
26	#	35	#
27	# This script will honor XDG_CONFIG_HOME/XDG_DATA_HOME. Caddy will create a	36	# This script will honor XDG_CONFIG_HOME/XDG_DATA_HOME. Caddy will create a
28	# .../caddy subdir in each of those. By default, they are subdirs of /var/db/caddy.	37	# .../caddy subdir in each of those. By default, they are subdirs of /var/db/caddy.
Lines 45-52 load_rc_config $name Link Here
45	: ${caddy_extra_flags:=""}	54	: ${caddy_extra_flags:=""}
46	: ${caddy_logdir:="/var/log/${name}"}	55	: ${caddy_logdir:="/var/log/${name}"}
47	: ${caddy_logfile:="${caddy_logdir}/${name}.log"}	56	: ${caddy_logfile:="${caddy_logdir}/${name}.log"}
48	: ${caddy_user:="root"}	57	: ${caddy_user:="www"}
49	: ${caddy_group:="wheel"}	58	: ${caddy_group:="www"}
50		59
51	# Config and base directories	60	# Config and base directories
52	: ${XDG_CONFIG_HOME:="${caddy_directory}/config"}	61	: ${XDG_CONFIG_HOME:="${caddy_directory}/config"}





- Edit %%ETCDIR%%/Caddyfile
  See https://caddyserver.com/docs/
- Add mac_portacl_load="YES" to /boot/loader.conf
- Run 'kldload mac_portacl'
- To /etc/sysctl.conf add:
  net.inet.ip.portrange.reservedhigh=0
  security.mac.portacl.rules="uid:80:tcp:80,uid:80:tcp:443"
- Run 'service sysctl reload'
- Run 'sysrc caddy_enable="YES"'

%%PREFIX%%/etc/rc.d/caddy has the following defaults:

- Server log: /var/log/caddy/caddy.log
  (runtime messages, NOT an access.log)
- Automatic SSL certificate storage: /var/db/caddy/data/caddy/
- Runs as www:www (requires mac_portacl(4) to allow caddy to bind to
  privileged ports 80 and 443)
  including 80 and 443)

INSTALL
}


You can change these defaults. See %%PREFIX%%/etc/rc.d/caddy

UPGRADE
}
{
  type: upgrade
  maximum_version: 2.7.3_1
  message: <<UPGRADE
Caddy now runs as www:www by default instead of root:wheel

To enable caddy to continue to bind to port 80 and 443, it is
recommended to use mac_portacl(4):

- Add mac_portacl_load="YES" to /boot/loader.conf

- Run 'kldload mac_portacl'

- To /etc/sysctl.conf add:

  net.inet.ip.portrange.reservedhigh=0
  security.mac.portacl.rules="uid:80:tcp:80,uid:80:tcp:443"

- Run 'service sysctl reload'

- Alter ownership on caddy runtime files:

  chown -r www:www /var/db/caddy /var/log/caddy /var/run/caddy

Other changes may be necessary depending on your exact caddy
configuration.

To continue running caddy as root, set caddy_user and caddy_group in
/etc/rc.conf

UPGRADE
}
]

Return to bug 273181

Lines 6-21 To enable caddy: Link Here

(-)www/caddy/files/pkg-message.in (-4 / +41 lines)
6		6
7	- Edit %%ETCDIR%%/Caddyfile	7	- Edit %%ETCDIR%%/Caddyfile
8	See https://caddyserver.com/docs/	8	See https://caddyserver.com/docs/
9	- Add caddy_enable="YES" to /etc/rc.conf	9	- Add mac_portacl_load="YES" to /boot/loader.conf
		10	- Run 'kldload mac_portacl'
		11	- To /etc/sysctl.conf add:
		12	net.inet.ip.portrange.reservedhigh=0
		13	security.mac.portacl.rules="uid:80:tcp:80,uid:80:tcp:443"
		14	- Run 'service sysctl reload'
		15	- Run 'sysrc caddy_enable="YES"'
10		16
11	%%PREFIX%%/etc/rc.d/caddy has the following defaults:	17	%%PREFIX%%/etc/rc.d/caddy has the following defaults:
12		18
13	- Server log: /var/log/caddy/caddy.log	19	- Server log: /var/log/caddy/caddy.log
14	(runtime messages, NOT an access.log)	20	(runtime messages, NOT an access.log)
15	- Automatic SSL certificate storage: /var/db/caddy/data/caddy/	21	- Automatic SSL certificate storage: /var/db/caddy/data/caddy/
16	- Runs as root:wheel (you can run as another user, like www,	22	- Runs as www:www (requires mac_portacl(4) to allow caddy to bind to
17	but caddy will be unable to bind to low-numbered ports,	23	privileged ports 80 and 443)
18	including 80 and 443)
19		24
20	INSTALL	25	INSTALL
21	}	26	}
Lines 36-41 The default locations for caddy runtime files have changed! Link Here
36		41
37	You can change these defaults. See %%PREFIX%%/etc/rc.d/caddy	42	You can change these defaults. See %%PREFIX%%/etc/rc.d/caddy
38		43
		44	UPGRADE
		45	}
		46	{
		47	type: upgrade
		48	maximum_version: 2.7.3_1
		49	message: <<UPGRADE
		50	Caddy now runs as www:www by default instead of root:wheel
		51
		52	To enable caddy to continue to bind to port 80 and 443, it is
		53	recommended to use mac_portacl(4):
		54
		55	- Add mac_portacl_load="YES" to /boot/loader.conf
		56
		57	- Run 'kldload mac_portacl'
		58
		59	- To /etc/sysctl.conf add:
		60
		61	net.inet.ip.portrange.reservedhigh=0
		62	security.mac.portacl.rules="uid:80:tcp:80,uid:80:tcp:443"
		63
		64	- Run 'service sysctl reload'
		65
		66	- Alter ownership on caddy runtime files:
		67
		68	chown -r www:www /var/db/caddy /var/log/caddy /var/run/caddy
		69
		70	Other changes may be necessary depending on your exact caddy
		71	configuration.
		72
		73	To continue running caddy as root, set caddy_user and caddy_group in
		74	/etc/rc.conf
		75
39	UPGRADE	76	UPGRADE
40	}	77	}
41	]	78	]