Package Details: caddy-full-bin 0.11.1-1

Git Clone URL: https://aur.archlinux.org/caddy-full-bin.git (read-only)
Package Base: caddy-full-bin
Description: A configurable, general-purpose HTTP/2 web server for any platform (All features enabled)
Upstream URL: https://caddyserver.com
Keywords: http2 proxy webserver
Licenses: Apache
Conflicts: caddy, caddy-all-features, caddy-git
Provides: caddy
Submitter: klingt.net
Maintainer: klingt.net
Last Packager: klingt.net
Votes: 24
Popularity: 0.000590
First Submitted: 2016-07-27 09:09
Last Updated: 2018-11-19 10:33

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 9 ... Next › Last »

kseistrup commented on 2016-09-30 08:11

Also, post_upgrade() should check if there are users other than www-data added to group www-data before groupdel'ing it. The script shouldn't assume that just because www-data was the primary user of that group other users haven't been added by the sysadm.

kseistrup commented on 2016-09-30 07:56

The userdir is deleted because post_upgrade() has "userdel -r -f www-data", where "-r" is short for "--remove" ("Files in the user's home directory will be removed along with the home directory itself and the user's mail spool.") and /etc/caddy/ssl was set as the homedir of user www-data.

kseistrup commented on 2016-09-30 07:52

The certificates were NOT preserved. The user www-data was deleted in the upgrade process and its userdir, ~www-data (i.e., /etc/ssl/caddy), and all its contents was deleted too.

klingt.net commented on 2016-09-30 07:18

@kseistrup I can understand your criticism but maybe you're overreacting a bit, though.
The transition for the certificate storage from ~/.caddy to /etc/ssl/caddy was an upstream change, as well as `www-data` as the default user.
Using `http` on Arch as caddy user is the correct choice and, hopefully, will not change anymore.
All certificates should be preserved when you're updating from caddy 0.9.x to the current package release.
Also, the move from /usr/local/bin to /usr/bin is only an issue if you run a modified systemd service which you had to maintain anyway in this case.

PS: Why should certificates from /etc/ssl/caddy be deleted when the `www-data` is removed?

kseistrup commented on 2016-09-30 06:52

This is really, really messy.

Caddy starts out as user http with SSL certificates stored in ~http/.caddy. Caddy then runs as www-data with certificates stored in /etc/ssl/caddy (and the binary moved from /usr/bin to /usr/local/bin). Now Caddy runs as http again, but because user www-data is deleted in the process, all SSL certificates are also deleted. :(

I haven't restarted Caddy yet, but I fear Caddy won't be able to reclaim all certificates because of rate-limiting.

What a mess!

mqs commented on 2016-09-29 22:05

@klingt.net Thanks for your quick reply (and action)!
Concerning the 'patch'-dependency:
patch is included in base-devel and therefore assumed to be available by default for all AUR-Packages (https://wiki.archlinux.org/index.php/Arch_User_Repository#Prerequisites), theoretically there's no need for it to be included as a dependency at all...

But (in my opinion) as it is installed on most systems anyway it's not a big issue in which dependencies it is or if it isn't included in the PKGBUILD...

klingt.net commented on 2016-09-29 16:50

@fanningert
I will fix this in a new release.
This change is missing because the AUR package is pushed from the url-shortener-fix branch and I forgot to cherry-pick it.
Thank you for your contribution!

klingt.net commented on 2016-09-29 16:44

So, there are some changes comming with caddy-full-bin 0.9.3-5.
Thanks to @fanningert we now set `http` as default user, therefore please check the permissions of your webroot and caddy config path, both must be accessible by http!
This release also fixes the executable path, because caddy is now located under /usr/bin.
In case of emergency: `systemctl daemon-reload`, check your overrides `systemctl edit caddy` and then check your path permissions.

Have fun with caddy!

fanningert commented on 2016-09-29 16:44

@klingt.net
Sorry to say it, but the `patch` is not in the `makedepends`.

klingt.net commented on 2016-09-29 15:53

@mqs: I totally missed that because another copy was left in /usr/local/bin and therefore the service started on my machine :(
I will fix this right away, sorry for the inconvenience.