Update:
请阅读在 GNU screen 中优雅地运行 Caddy.
Update:
好了这篇破文章不用看了, systemd/SysVinit/Supervisor 我全都试了一遍,全他妈都不行,握草他妈的守护进程这个问题真的是无力再战了,在这上面不知道浪费了多少时间.目前用 screen 守护 Caddy, 一切正常, mlgb.
环境: Fedora 25, Caddy 0.9.4.
使用来自 https://github.com/mholt/caddy/tree/master/dist/init/linux-systemd 的 caddy.service
文件,发现无法启动服务.报错信息如下:
journalctl -xe
返回:
Jan 23 12:45:39 150-95-143-145.conoha.io systemd[1]: Network Service is not active. Jan 23 12:45:39 150-95-143-145.conoha.io systemd[1]: Dependency failed for Wait for Network to be Configured. -- Subject: Unit systemd-networkd-wait-online.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit systemd-networkd-wait-online.service has failed. -- -- The result is dependency. Jan 23 12:45:39 150-95-143-145.conoha.io systemd[1]: systemd-networkd-wait-online.service: Job systemd-networkd-wait-online.service/start failed wit Jan 23 12:45:39 150-95-143-145.conoha.io systemd[1]: caddy.service: Start request repeated too quickly. Jan 23 12:45:39 150-95-143-145.conoha.io systemd[1]: Failed to start Caddy HTTP/2 web server. -- Subject: Unit caddy.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit caddy.service has failed. -- -- The result is failed. Jan 23 12:45:39 150-95-143-145.conoha.io systemd[1]: caddy.service: Failed with result 'start-limit-hit'.
但我又发现,如果直接在终端里执行 /usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
, Caddy 则可以正常运行,没有报错.
问题可能在于 systemd-networkd-wait-online.service
这个服务阻碍了 Caddy 的启动.我使用的操作系统是 Fedora, 默认的网络管理器似乎是 NetworkManager
,而非 systemd-networkd-wait-online.service
所需求的 systemd-networkd
.尝试以下两行命令:
systemctl enable systemd-networkd systemctl disable NetworkManager
随后 Caddy 即可正常启动.然而重启服务器后发现 SSH 连不上,惊出一身冷汗.幸好我的 VPS 提供的 VNC 连接尚可正常工作,不得已 systemctl enable NetworkManager
.
随后 Caddy 社区的 @Whitestrake 大神告诉我,这两个网络管理器最好 disable
掉一个.他更推荐的办法是,保持这两个管理器的 enable
状态为默认,并修改 caddy.service
文件,使之"依赖于"(抱歉我不知道该用什么词) networkmanager-wait-online.service
服务.
我修改后的 caddy.service
文件如下所示:
[Unit] Description=Caddy HTTP/2 web server Documentation=https://caddyserver.com/docs After=network-online.target Wants=network-online.target networkmanager-wait-online.service [Service] Restart=on-failure StartLimitInterval=86400 StartLimitBurst=5 ; User and group the process will run as. User=www-data Group=www-data ; Letsencrypt-issued certificates will be written to this directory. Environment=CADDYPATH=/etc/ssl/caddy ; Always set "-root" to something safe in case it gets forgotten in the Caddyfile. ExecStart=/usr/local/bin/caddy -quic -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp ExecReload=/bin/kill -USR1 $MAINPID ; Limit the number of file descriptors; see `man systemd.exec` for more limit settings. LimitNOFILE=1048576 ; Unmodified caddy is not expected to use more than that. LimitNPROC=64 ; Use private /tmp and /var/tmp, which are discarded after caddy stops. PrivateTmp=true ; Use a minimal /dev PrivateDevices=true ; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys. ProtectHome=true ; Make /usr, /boot, /etc and possibly some more folders read-only. ProtectSystem=full ; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there. ; This merely retains r/w access rights, it does not add any new. Must still be writable on the host! ReadWriteDirectories=/etc/ssl/caddy ; The following additional security directives only work with systemd v229 or later. ; They further retrict privileges that can be gained by caddy. Uncomment if you like. ; Note that you may have to add capabilities required by any plugins in use. ;CapabilityBoundingSet=CAP_NET_BIND_SERVICE ;AmbientCapabilities=CAP_NET_BIND_SERVICE ;NoNewPrivileges=true [Install] WantedBy=multi-user.target
这样, Caddy 就可以在默认使用 NetworkManager
的系统上正常启动了.(此外我还启用了 QUIC)
这个坑困扰了我好几天的时间,多亏了强大的 Caddy 社区力量才得以解决.原贴在 Cannot start Caddy as a systemd service. 感觉确实如同一些人所说, systemd 给 Linux 系统带来了一些不必要的复杂性.
以上.
Nice weblog right here! Also your web site lots up fast! What host are you the usage of? Can I am getting your affiliate hyperlink to your host? I desire my site loaded up as fast as yours lol.
authorMt
Hi authorMt! It's really happy to see your comment. I am using ConoHa VPS (https://www.conoha.jp/referral/?token=c4aQstjlL2tS2nfG4_XG5vRjfXWTmUXasQWi.UagYWo2aRiFjyE-YQ8) , the server is in Japan.
Other tips: after set up the website, enable QUIC protocol and TCP-BBR, which can make you website more fast (and make sure you browser support QUIC).
Best wishes.
多谢分享,这个脚本害人不浅
多谢分享。
我没看最上面的Update,往下看了才发现根本没用,于是也是screen跑。
Caddy在k8s环境下跑得不错的啊,怎么守护进程这么弱智。