From d47c2f7dfa0c6502962fcd53a7ff8ef1ff946e25 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Fri, 16 Sep 2022 17:11:09 -0600 Subject: [PATCH] docs: Various clarifications * docs: Getting Started -> Intro, new Getting Started Several other smaller improvements and clarifications. * Replace original Getting Started for now * Fix title Started in #263 - will handle new Introduction article another time --- src/docs/markdown/automatic-https.md | 2 + src/docs/markdown/caddyfile/concepts.md | 32 ++++++------ src/docs/markdown/caddyfile/directives.md | 2 + src/docs/markdown/install.md | 20 +++++--- src/docs/markdown/running.md | 62 ++++++++++++----------- 5 files changed, 66 insertions(+), 52 deletions(-) diff --git a/src/docs/markdown/automatic-https.md b/src/docs/markdown/automatic-https.md index 971220d..0ce416c 100644 --- a/src/docs/markdown/automatic-https.md +++ b/src/docs/markdown/automatic-https.md @@ -122,6 +122,8 @@ In addition, hostnames qualify for publicly-trusted certificates if they: ## Local HTTPS +Caddy uses HTTPS automatically for all sites with a host (domain, IP, or hostname) specified, including internal and local hosts. Some hosts are either not public (e.g. `127.0.0.1`, `localhost`) or do not generally qualify for publicly-trusted certificates (e.g. IP addresses -- you can get certificates for them, but only from some CAs). These are still served over HTTPS unless disabled. + To serve non-public sites over HTTPS, Caddy generates its own certificate authority (CA) and uses it to sign certificates. The trust chain consists of a root and intermediate certificate. Leaf certificates are signed by the intermediate. They are stored in [Caddy's data directory](/docs/conventions#data-directory) at `pki/authorities/local`. Caddy's local CA is powered by [Smallstep libraries](https://smallstep.com/certificates/). diff --git a/src/docs/markdown/caddyfile/concepts.md b/src/docs/markdown/caddyfile/concepts.md index 1945ad1..84a5511 100644 --- a/src/docs/markdown/caddyfile/concepts.md +++ b/src/docs/markdown/caddyfile/concepts.md @@ -27,7 +27,7 @@ Key points: - An optional [**global options block**](#global-options) can be the very first thing in the file. - Otherwise, the first line of the Caddyfile is **always** the [address(es)](#addresses) of the site to serve. - All [directives](#directives) and [matchers](#matchers) **must** go in a site block. There is no global scope or inheritence across site blocks. -- If there is **only one site block**, its curly braces `{ }` are optional. +- If there is only one site block, its curly braces `{ }` are optional. A Caddyfile consists of at least one or more site blocks, which always starts with one or more [addresses](#addresses) for the site. Any directives appearing before the address will be confusing to the parser. @@ -41,7 +41,7 @@ Opening and closing a **block** is done with curly braces: } ``` -- The open curly brace `{` must be at the end of its line. +- The open curly brace `{` must be at the end of its line and preceded by a space. - The close curly brace `}` must be on its own line. When there is only one site block, the curly braces (and indentation) are optional. This is for convenience to quickly define a single site, for example, this: @@ -82,7 +82,7 @@ If a request matches multiple site blocks, the site block with the most specific ### Directives -[**Directives**](/docs/caddyfile/directives) are keywords which customize how the site is served. For example, a complete file server config might look like this: +[**Directives**](/docs/caddyfile/directives) are functional keywords which customize how the site is served. They **must** appear within site blocks. For example, a complete file server config might look like this: ```caddy localhost @@ -102,9 +102,7 @@ In these examples, [`file_server`](/docs/caddyfile/directives/file_server) and [ In the second example, `localhost:9000` is an **argument** because it appears on the same line after the directive. -Note that when the Caddyfile is adapted, directives are sorted according to a specific default [directive order](/docs/caddyfile/directives#directive-order). - -**Subdirectives** can appear in directive blocks: +Sometimes directives can open their own blocks. **Subdirectives** appear on the beginning of each line within directive blocks: ```caddy localhost @@ -116,6 +114,10 @@ reverse_proxy localhost:9000 localhost:9001 { Here, `lb_policy` is a subdirective to [`reverse_proxy`](/docs/caddyfile/directives/reverse_proxy) (it sets the load balancing policy to use between backends). +**Unless otherwise documented, directives cannot be used within other directive blocks.** For example, `basicauth` cannot be used within `file_server` because the file server does not know how to do authentication; but you can use directives within [`route`](/docs/caddyfile/directives/route), [`handle`](/docs/caddyfile/directives/handle), and [`handle_path`](/docs/caddyfile/directives/handle_path) blocks because they are specifically designed to group directives together. + +Note that when the HTTP Caddyfile is adapted, HTTP handler directives are sorted according to a specific default [directive order](/docs/caddyfile/directives#directive-order) unless in a [`route`](/docs/caddyfile/directives/route) block, so the order of appearance of the directives does not matter except in `route` blocks. + ### Tokens and quotes @@ -141,19 +143,19 @@ Quotes can be escaped if you need to use quotes in quoted tokens, too: directive "\"abc def\"" ``` -Inside quoted tokens, all other characters are treated literally, including spaces, tabs, and newlines. Multi-line tokens are possible: +To avoid escaping quotes, you can instead use backticks \` \` to enclose tokens; for example: + +```caddy-d +directive `{"foo": "bar"}` +``` + +Inside quoted tokens, all other characters are treated literally, including spaces, tabs, and newlines. Multi-line tokens are thus possible: ```caddy-d directive "first line second line" ``` -You can also use a backtick ` to quote tokens; these are convenient when tokens themselves contain double quotes, e.g. JSON text: - -```caddy-d -directive `{"foo": "bar"}` -``` - ## Addresses @@ -208,9 +210,9 @@ By default, sites bind on all network interfaces. If you wish to override this, ## Matchers -By default, a directive that injects an HTTP handler applies to all requests (unless otherwise documented). +HTTP handler directives apply to all requests by default (unless otherwise documented). -Request matchers can be used to classify requests by a given criteria. This concept originates in the [underlying JSON](/docs/json/apps/http/servers/routes/match/) structure, and it's important to know how to use them in the Caddyfile. With matchers, you can specify exactly which requests a certain directive applies to. +[Request matchers](/docs/caddyfile/matchers) can be used to classify requests by a given criteria. This concept originates in the [underlying JSON](/docs/json/apps/http/servers/routes/match/) structure, and it's important to know how to use them in the Caddyfile. With matchers, you can specify exactly which requests a certain directive applies to. For directives that support matchers, the first argument after the directive is the **matcher token**. Here are some examples: diff --git a/src/docs/markdown/caddyfile/directives.md b/src/docs/markdown/caddyfile/directives.md index 9e624fc..02f14fb 100644 --- a/src/docs/markdown/caddyfile/directives.md +++ b/src/docs/markdown/caddyfile/directives.md @@ -29,6 +29,8 @@ title: Caddyfile Directives # Caddyfile Directives +Directives are functional keywords that appear within site [blocks](/docs/caddyfile/concepts#blocks). Sometimes, they may open blocks of their own which can contain _subdirectives_, but directives **cannot** be used within other directives unless noted. For example, you can't use `basicauth` inside a `file_server` block, because `file_server` does not know how to do authentication. However, you _may_ use some directives within special directive blocks like `handle` and `route` because they are specifically designed to group HTTP handler directives. + The following directives come standard with Caddy, and can be used in the HTTP Caddyfile:
diff --git a/src/docs/markdown/install.md b/src/docs/markdown/install.md index 5335ccf..8753ef5 100644 --- a/src/docs/markdown/install.md +++ b/src/docs/markdown/install.md @@ -33,17 +33,23 @@ Our [official packages](https://github.com/caddyserver/dist) come only with the ## Static binaries -1. Obtain a Caddy binary: - - [**From releases on GitHub**](https://github.com/caddyserver/caddy/releases) (expand "Assets") - - [**From our download page**](/download) - - [**By building from source**](/docs/build) (either with `go` or `xcaddy`) -2. We recommend [installing Caddy as a system service](/docs/running#manual-installation) +**If installing onto a production system, we recommend using our official package for your distro if available below.** + +1. Obtain a Caddy binary: + - [from releases on GitHub](https://github.com/caddyserver/caddy/releases) (expand "Assets") + - [from our download page](/download) + - [by building from source](/docs/build) (either with `go` or `xcaddy`) +2. [Install Caddy as a system service.](/docs/running#manual-installation) This is strongly recommended, especially for production servers. + +Place the binary in one of your `$PATH` (or `%PATH%` on Windows) directories so you can run `caddy` without typing the full path of the executable file. (Run `echo $PATH` to see the list of directories that qualify.) + +You can upgrade static binaries by replacing them with newer versions and restarting Caddy. The [`caddy upgrade` command](/docs/command-line#caddy-upgrade) can make this easy. + -You can upgrade static binaries by replacing them with newer versions and restarting Caddy. ## Debian, Ubuntu, Raspbian -Installing this package automatically starts and runs Caddy as a [systemd service](/docs/running#linux-service) named `caddy`. It also comes with a `caddy-api` service which is _not_ enabled by default but should be used if you primarily configure Caddy via its API instead of config files. +Installing this package automatically starts and runs Caddy as a [systemd service](/docs/running#linux-service) named `caddy`. It also comes with an optional `caddy-api` service which is _not_ enabled by default, but should be used if you primarily configure Caddy via its API instead of config files. **Stable releases:** diff --git a/src/docs/markdown/running.md b/src/docs/markdown/running.md index e3e8037..b809752 100644 --- a/src/docs/markdown/running.md +++ b/src/docs/markdown/running.md @@ -9,8 +9,8 @@ While Caddy can be run directly with its [command line interface](/docs/command- - [Linux Service](#linux-service) - [Unit Files](#unit-files) - - [Using the Service](#using-the-service) - [Manual Installation](#manual-installation) + - [Using the Service](#using-the-service) - [Overrides](#overrides) - [Windows Service](#windows-service) - [Docker Compose](#docker-compose) @@ -36,35 +36,6 @@ If you need to switch between the services, you should disable and stop the prev sudo systemctl enable --now caddy-api -### Using the Service - -If using a Caddyfile, you can edit your configuration with `nano`, `vi`, or your preferred editor: -
sudo nano /etc/caddy/Caddyfile
- -You can place your static site files in either `/var/www/html` or `/srv`. Make sure the `caddy` user has permission to read the files. - -To verify that the service is running: -
systemctl status caddy
-The status command will also show the location of the currently running service file. - -When running with our official service file, Caddy's output will be redirected to `journalctl`. To read your full logs and to avoid lines being truncated: -
journalctl -u caddy --no-pager | less +G
- -If using a config file, you can gracefully reload Caddy after making any changes: -
sudo systemctl reload caddy
- -You can stop the service with: -
sudo systemctl stop caddy
- - - -The Caddy process will run as the `caddy` user, which has its `$HOME` set to `/var/lib/caddy`. This means that: -- The default [data storage location](/docs/conventions#data-directory) (for certificates and other state information) will be in `/var/lib/caddy/.local/share/caddy`. -- The default [config storage location](/docs/conventions#configuration-directory) (for the auto-saved JSON config, primarily useful for the `caddy-api` service) will be in `/var/lib/caddy/.config/caddy`. - - ### Manual Installation Some [installation methods](/docs/install) automatically set up Caddy to run as a service. If you chose a method that did not, you may follow these instructions to do so: @@ -112,6 +83,37 @@ Verify that it is running: Now you're ready to [use the service](#using-the-service)! + +### Using the Service + +If using a Caddyfile, you can edit your configuration with `nano`, `vi`, or your preferred editor: +
sudo nano /etc/caddy/Caddyfile
+ +You can place your static site files in either `/var/www/html` or `/srv`. Make sure the `caddy` user has permission to read the files. + +To verify that the service is running: +
systemctl status caddy
+The status command will also show the location of the currently running service file. + +When running with our official service file, Caddy's output will be redirected to `journalctl`. To read your full logs and to avoid lines being truncated: +
journalctl -u caddy --no-pager | less +G
+ +If using a config file, you can gracefully reload Caddy after making any changes: +
sudo systemctl reload caddy
+ +You can stop the service with: +
sudo systemctl stop caddy
+ + + +The Caddy process will run as the `caddy` user, which has its `$HOME` set to `/var/lib/caddy`. This means that: +- The default [data storage location](/docs/conventions#data-directory) (for certificates and other state information) will be in `/var/lib/caddy/.local/share/caddy`. +- The default [config storage location](/docs/conventions#configuration-directory) (for the auto-saved JSON config, primarily useful for the `caddy-api` service) will be in `/var/lib/caddy/.config/caddy`. + + + ### Overrides The best way to override aspects of the service files is with this command: