Building caddy package and run service as non root

I'm working on caddy package. I was able to build package already, crafted a very basic init script with almost default settings (taken from upstream, excep port 80 -> 8888). With basic procd init script caddy is running as a root user:

Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: caddy.HomeDir=/
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: caddy.AppDataDir=/.local/share/caddy
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: caddy.AppConfigDir=/.config/caddy
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: caddy.ConfigAutosavePath=/.config/caddy/autosave.json
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: caddy.Version=v2.8.4
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: runtime.GOOS=linux
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: runtime.GOARCH=amd64
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: runtime.Compiler=gc
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: runtime.NumCPU=1
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: runtime.GOMAXPROCS=1
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: runtime.Version=go1.21.12
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: os.Getwd=/
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]:
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: HOME=/
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: TERM=linux
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: BOOT_IMAGE=/boot/vmlinuz
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: PATH=/usr/sbin:/usr/bin:/sbin:/bin
Mon Sep  2 20:26:23 2024 daemon.info caddy[8161]: LD_PRELOAD=/lib/libsetlbf.so
Mon Sep  2 20:26:23 2024 daemon.err caddy[8161]: {"level":"warn","ts":1725308783.3444695,"msg":"--config and --resume flags were used together; ignoring --config and resuming from last configuration","autosave_file":"/.config/caddy/autosave.json"}
Mon Sep  2 20:26:23 2024 daemon.err caddy[8161]: {"level":"info","ts":1725308783.3462126,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Mon Sep  2 20:26:23 2024 daemon.err caddy[8161]: {"level":"info","ts":1725308783.3472033,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Mon Sep  2 20:26:23 2024 daemon.err caddy[8161]: {"level":"info","ts":1725308783.3474534,"msg":"autosaved config (load with --resume flag)","file":"/.config/caddy/autosave.json"}
Mon Sep  2 20:26:23 2024 daemon.err caddy[8161]: {"level":"info","ts":1725308783.3475525,"msg":"serving initial configuration"}
Mon Sep  2 20:26:23 2024 daemon.err caddy[8161]: {"level":"info","ts":1725308783.349112,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0000e2480"}
Mon Sep  2 20:26:23 2024 daemon.notice procd: /etc/init.d/caddy: { "name": "caddy" }
Mon Sep  2 20:26:23 2024 daemon.err caddy[8161]: {"level":"info","ts":1725308783.35085,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/.local/share/caddy","instance":"f3eeee0d-01b6-4de0-aba7-3d2bd68b0a54","try_again":1725395183.3508482,"try_again_in":86399.999999641}
Mon Sep  2 20:26:23 2024 daemon.err caddy[8161]: {"level":"info","ts":1725308783.3509002,"logger":"tls","msg":"finished cleaning storage units"}

Should I create a dedicated user to run caddy service? If so, any advice how to achieve this?

Caddy by default uses $HOME/.config/caddy and $HOME/.local/share/caddy to store autosave and certificates respectively. What safe dir should I use for that purpose?

2 Likes