Caddy: status=226/NAMESPACE on Centos7
(Are you asking for help with using Caddy? Please use our forum instead: https://forum.caddyserver.com. If you are filing a bug report, please answer the following questions. If your issue is not a bug report, you do not need to use this template. Either way, please consider donating if we've helped you. Thanks!)
1. What version of Caddy are you running (caddy -version)?
Caddy 0.9.1 (+e8e5595 Mon Sep 05 04:12:57 UTC 2016)
2. What are you trying to do?
Start caddy with included systemd startup script
3. What is your entire Caddyfile?
:80
errors /var/log/error.log
gzip
root /var/www/html/
log /var/log/caddy.log
websocket /bashgame /var/www/bashgame.sh
4. How did you run Caddy (give the full command and describe the execution environment)?
sudo systemctl start caddy
5. What did you expect to see?
systemctl status caddy shows OK
6. What did you see instead (give full error messages and/or log)?
● caddy.service - Caddy HTTP/2 web server
Loaded: loaded (/etc/systemd/system/caddy.service; disabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Sun 2016-09-11 03:00:50 UTC; 22s ago
Docs: https://caddyserver.com/docs
Process: 3940 ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp (code=exited, status=226/NAMESPACE)
Main PID: 3940 (code=exited, status=226/NAMESPACE)
Sep 11 03:00:50 charlie systemd[1]: caddy.service: main process exited, code=exited, status=226/NAMESPACE
Sep 11 03:00:50 charlie systemd[1]: Unit caddy.service entered failed state.
Sep 11 03:00:50 charlie systemd[1]: caddy.service failed.
Sep 11 03:00:50 charlie systemd[1]: caddy.service holdoff time over, scheduling restart.
Sep 11 03:00:50 charlie systemd[1]: start request repeated too quickly for caddy.service
Sep 11 03:00:50 charlie systemd[1]: Failed to start Caddy HTTP/2 web server.
Sep 11 03:00:50 charlie systemd[1]: Unit caddy.service entered failed state.
Sep 11 03:00:50 charlie systemd[1]: caddy.service failed.
7. How can someone who is starting from scratch reproduce this behavior as minimally as possible?
Attempt to deploy caddy on a Centos 7 machine. Specifically one running on GCE.
- put the caddy binary in /usr/local/bin/caddy
- put the included caddy.service init script in /etc/systemd/system/caddy.service
- put the Caddyfile above into /etc/caddy/Caddyfile
- make sure /var/www/html exists
- run
systemctl daemon-reload - run
systemctl start caddy
I verified this on a freshly installed machine prior to posting here. I have also tried boiling down the systemd config to the following and it starts. It also starts if ran as root and pointed to its config manually using -conf
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
Restart=on-failure
; User and group the process will run as.
User=root
Group=root
; Letsencrypt-issued certificates will be written to this directory.
;Environment=HOME=/etc/ssl/caddy
; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID
; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
LimitNOFILE=1048576
; Unmodified caddy is not expected to use more than that.
LimitNPROC=64
; Use private /tmp and /var/tmp, which are discarded after caddy stops.
PrivateTmp=true
; Use a minimal /dev
;PrivateDevices=true
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
;ProtectHome=true
; Make /usr, /boot, /etc and possibly some more folders read-only.
;ProtectSystem=full
; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
; This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
;ReadWriteDirectories=/etc/ssl/caddy
; Drop all other capabilities. Important if you run caddy as privileged user (which you should not).
;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
; … but permit caddy to open ports reserved for system services.
; This could be redundant here, but is needed in case caddy runs as nobody:nogroup.
;AmbientCapabilities=CAP_NET_BIND_SERVICE
; … and prevent gaining any new privileges.
;NoNewPrivileges=true
; Caveat: Some plugins need additional capabilities. Add them to both above lines.
; - plugin "upload" needs: CAP_LEASE
[Install]
WantedBy=multi-user.target
integrii
All 10 comments
This appears to be an issue with the system configuration rather than Caddy itself, so I'm going to close the issue, but maybe refer to this forum thread which might help. :)
mholt
on 11 Sep 2016
This config file that is broken was shipped from the caddy download page. I
feel like this is a breakage in the software provided and should be fixed.
The forum thread didn't have a solution.
On Sat, Sep 10, 2016, 8:45 PM Matt Holt [email protected] wrote:
This appears to be an issue with the system configuration rather than
Caddy itself, so I'm going to close the issue, but maybe refer to this
forum thread
https://forum.caddyserver.com/t/starting-with-systemd-failed-at-step-namespace-spawning-usr-local-bin-caddy-no-such-file-or-directory/423?u=matt
which might help. :)—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/mholt/caddy/issues/1104#issuecomment-246160029, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AAGBh0Z5eNkqdIzdvxuAMlgQ6eHY6axbks5qo3lYgaJpZM4J548n
.
integrii
on 11 Sep 2016
Sorry, we don't support the init scripts, they are community-contributed and maintained and are not something official that we can afford to support. But you are welcome to ask about how to configure your system in the Caddy forums, there are many other sysadmins there willing to help! :+1:
mholt
on 11 Sep 2016
I also can't get caddy to start under systemd, same error: status=226/NAMESPACE
pepa65
on 15 Sep 2016
When I comment these lines, there is no more status=226/NAMESPACE error
; Use private /tmp and /var/tmp, which are discarded after caddy stops.
#PrivateTmp=true
; Use a minimal /dev
#PrivateDevices=true
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
#ProtectHome=true
kokizzu
on 8 Nov 2016
JFYI, this is still broken.
$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 9.8 (stretch)
Release: 9.8
xlab
on 1 Apr 2019
@xlab please open a new issue if this is a problem for you. This issue is nearly 3 years old and closed.
francislavoie
on 1 Apr 2019
@francislavoie I'm not going to create a duplicate issue for exact same problem. This issue has been closed with "I don't care" attitude, however 3 years passed and caddy still ships with broken systemd scripts. I usually don't care about them too and always used own, but this time I tried to use them and lost 30 minutes of my time, because I had to double-check all configs before trying to google it out.
xlab
on 1 Apr 2019
@xlab You are welcome to submit a patch if you like, because as the disclaimer explains, init scripts are community-contributed and maintained, and are not an official part of the project. Because the systemd file has changed about 5 times since this issue was opened, there's not much point in complaining about such an old, closed issue. It'd be more productive and helpful to submit a patch instead, or at least open a new issue (but a patch would be faster and more appreciated).
mholt
on 1 Apr 2019
@xlab I had the same error until I created the folder needed for storing the certs, which, as it turns out was in the readme
acls
on 18 Apr 2019
Related issues
lorddaedra
·
3Comments
kilpatty
·
3Comments
xfzka
·
3Comments
jgsqware
·
3Comments
ericmdantas
·
3Comments
Most helpful comment
When I comment these lines, there is no more
status=226/NAMESPACEerror