caddy: Config reload fails when admin endpoint is a socket

I’ve been using this Caddyfile global configuration, which was working at e289ba6187ddd50afc86feb85246a14298673a69 but is no longer working in 2.6.0 (Caddy’s official package for Debian).

{
	admin unix//run/caddy/admin.sock
}

The goal is to support zero downtime config reloads without exposing Caddy’s config to any process on the system that might send some json to 127.0.0.1. Partly in case some other service gets compromised, and partly because we have human SSH user accounts on the system which don’t have sysadmin (sudo) access and should not be able to reconfigure the main web server.

/run/caddy has mode 0750 and caddy:caddy ownership.

Log:

systemd[1]: Reloading Caddy.
caddy[3372028]: {"level":"info","ts":1663700361.6707227,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
caddy[3371872]: {"level":"info","ts":1663700361.6808317,"logger":"admin.api","msg":"received request","method":"POST","host":"","uri":"/load","remote_ip":"@","remote_port":"","headers":{"Accept-Encoding":["gzip"],"Cache-Control":["must-revalidate"],"Content-Length":["20327"],"Content-Type":["application/json"],"User-Agent":["Go-http-client/1.1"]}}
caddy[3371872]: {"level":"error","ts":1663700361.6862683,"logger":"admin.api","msg":"request error","error":"loading config: loading new config: starting caddy administration endpoint: listen unix /run/caddy/admin.sock: bind: address already in use","status_code":400}
caddy[3372028]: Error: sending configuration to instance: caddy responded with error: HTTP 400: {"error":"loading config: loading new config: starting caddy administration endpoint: listen unix /run/caddy/admin.sock: bind: address already in use"}
systemd[1]: caddy.service: Control process exited, code=exited, status=1/FAILURE

Relatedly I also needed this addition to the packaged /lib/systemd/system/caddy.service to make Caddy start reliably with the socket admin endpoint (loaded via systemd drop-in config):

[Service]
# bones_was_here: 2.5.2 fails to start if the admin endpoint socket still exists!
ExecStartPre=rm -f /run/caddy/admin.sock

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 16 (8 by maintainers)

Most upvoted comments

Heh, I don’t use the desktop often except when I’m actively working with a file and need really quick, easy access to it.

The weird thing is it did show my admin.sock file but not my test.sock file. 🤷‍♂️

v2.6.1 going out in a few minutes, FYI

+1
mholt on Sep 21, 2022

If your requirements for a DE include showing unix sockets on the desktop, KDE plasma seems to have that working 😛.
I stopped putting files on the desktop long ago, I wanted them to stay in specific spots but they’d move around when switching computers or monitors.

+1
bones-was-here on Sep 21, 2022
Read more comments on GitHub
← caddy: Change in proxy config not reflected by in-process restart (http2 keep-alive connection not closed)
caddy: context canceled and 502 →