The configuration file has the following configuration. In my testing harness, I use the following configuration. It use caddy's module certs:
"tls": {
"certificates": {
"load_files": [
{
"certificate": "/caddy.localhost.crt",
"key": "/caddy.localhost.key",
"tags": [
"cert0"
]
}
]
}
},
Until recently (up to a week or so), it worked fine. Today, the configuration loading fails with permission denied
loading config:
loading new config:
loading http app module:
provision http:
getting tls app:
loading tls app module:
provision tls:
loading certificates:
open /home/greenpau/dev/go/pkg/mod/github.com/caddyserver/caddy/[email protected]/caddytest/caddy.localhost.crt: permission denied"
The file permissions look like this, i.e. no write allowed.
-r--r--r--. 1 greenpau greenpau 1.4K May 9 12:59 /home/greenpau/dev/go/pkg/mod/github.com/caddyserver/caddy/[email protected]/caddytest/caddy.localhost.crt
$ chmod a+w /home/greenpau/dev/go/pkg/mod/github.com/caddyserver/caddy/[email protected]/caddytest/caddy.localhost.crt
$ ls -alh /home/greenpau/dev/go/pkg/mod/github.com/caddyserver/caddy/[email protected]/caddytest/caddy.localhost.crt
-rw-rw-rw-. 1 greenpau greenpau 1.4K May 9 12:59 /home/greenpau/dev/go/pkg/mod/github.com/caddyserver/caddy/[email protected]/caddytest/caddy.localhost.crt
The assignment of write permissions did not help the issue.
greenpau
All 8 comments
It went away without me doing anything ...
greenpau
on 9 May 2020
Interesting, and good to know that you are using the internal certs for testing. I wasn't sure if module developers would use them.
sarge
on 9 May 2020
Interesting, and good to know that you are using the internal certs for testing. I wasn't sure if module developers would use them.
@sarge , the internal certs help a lot! 馃槃 e.g. github actions 馃憤
greenpau
on 9 May 2020
@sarge , I am still seeing this error:
=== RUN TestPlugin
2020/06/02 12:44:24 caddytest: config load time took 302.112597ms
TestPlugin: caddytest.go:98: failed to load config: {"error":"loading config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: loading certificates: open /home/greenbergp/dev/go/pkg/mod/github.com/caddyserver/caddy/[email protected]/caddytest/caddy.localhost.crt: permission denied"}
2020/06/02 12:44:24 caddytest: redirecting the dialer from 127.0.0.1:3443 to 127.0.0.1:3443
TestPlugin: caddytest.go:410: failed to call server Get "https://127.0.0.1:3443/version": dial tcp 127.0.0.1:3443: connect: connection refused
It looks like something tries editing the file. But it is read only.
greenpau
on 2 Jun 2020
@sarge ... somehow management server on 2019 is getting involved.
listen tcp 127.0.0.1:2019: bind: address already in use
I think there is a need to look for free port for the management.
greenpau
on 2 Jun 2020
Yeah that's tricky - because Caddy always tries to enable the admin API on port 2019, you'll run into problems if you have an instance of Caddy already running on the machine.
I think during tests, we should make sure that the admin API is turned off, or always uses a random unassigned port if the admin API is needed for the test. :thinking:
francislavoie
on 2 Jun 2020
I think during tests, we should make sure that the admin API is turned off, or always uses a random unassigned port if the admin API is needed for the test. 馃
@francislavoie , great suggestions!
FYI.
{
"admin": {
"listen": ":3019",
"disabled": true
},
"logging": {
"logs": {
"default": {
"level": "DEBUG"
}
}
},
@francislavoie , disabling admin interface helped tests to pass.
greenpau
on 2 Jun 2020
Related issues
mholt
路
3Comments
jgsqware
路
3Comments
dafanasiev
路
3Comments
lorddaedra
路
3Comments
klaasel
路
3Comments
Most helpful comment
Yeah that's tricky - because Caddy always tries to enable the admin API on port 2019, you'll run into problems if you have an instance of Caddy already running on the machine.
I think during tests, we should make sure that the admin API is turned off, or always uses a random unassigned port if the admin API is needed for the test. :thinking: