In a previous blogpost I explained how to run Caddy (a brilliant and simple web server) as a service using Upstart. Systemd, however, replaced Upstart on most of the operating systems, so it makes more sense to have a guide for systemd.
We don’t run Caddy as root to keep things as secure as possible. To allow a non-root user to listen on port 80 or 443, we must allow the executable to do so:
$ sudo setcap cap_net_bind_service=+ep ./caddy
systemd unit file
Now we create a systemd configuration file
/etc/systemd/system/caddy.service, which looks like this on my server:
[Unit] Description=Caddy webserver Documentation=https://caddyserver.com/ After=network.target [Service] User=mathias #Group=some_group WorkingDirectory=/home/mathias LimitNOFILE=4096 PIDFile=/var/run/caddy/caddy.pid ExecStart=/home/mathias/caddy -agree -email firstname.lastname@example.org -pidfile=/var/run/caddy/caddy.pid Restart=on-failure StartLimitInterval=600 [Install] WantedBy=multi-user.target
A brief explanation of the directives:
After=network.targetwill automatically start Caddy after all networking stuff is loaded at boot.
WorkingDirectoryspeak for themselves… Make sure that your Caddyfile is in the working directory. You can always manually specify the location of the Caddyfile:
$ caddy -conf="/path/to/Caddyfile".
LimitNOFILE=4096sets max file descriptor (to a good production value), like you would do with
ulimit -n 4096in your terminal.
ExecStartis the actual script that will be executed. In this case it runs the Caddy binary which is in my home directory, agrees the Let’s Encrypt user agreement, and sets a default email for your Let’s Encrypt account. If you don’t add those two flags, Caddy will prompt for user input, which will naturally not work when you start it as a daemon.
Restart=on-failurewill automatically respawn the Caddy process if Caddy crashes (i.e. stopping with non-zero exit code).
StartLimitInterval=600makes sure that if Caddy crashes too many times (being 5 by systemd’s default value) it will wait 10 min before trying again.
WantedByspecifies a target we want this service to be included with.
Make sure too take a peak at the systemd documentation, since it’s very powerful and supports a lot of features!
Running the service
After you have created the service file, you must enable it:
sudo systemctl enable caddy. Don’t forget to reload the service file if you make changes to it:
Now you can start Caddy using
sudo service caddy start. And of course
You can view the status of your service using
sudo service caddy status.