Previously: start/reload would apply the latest config in the foreground process, then fork(), then start Caddy.
Now: start/reload apply the latest config, starts Caddy in the foreground process, then fork()s.
By starting Caddy in the foreground process, any activities requiring sudo/root will happen while the program is still interactive.
This fixes the problem (adding the root cert to the system store requires sudo/root privileges, but because Caddy was running in a background process, it couldn't request that permission.)
The foreground process exits cleanly and the background process starts Caddy again, this time without any need for sudo/root privileges because any of the work it needed to do was already done in the foreground process.
Friendlier CLI
This change encouraged me to make the following improvements to the CLI commands:
stop just kills the daemon, if it's running. If the daemon wasn't running, stop will now exit cleanly. Previously, it would throw an error, but that's user-hostile because the goal of running stop is to ensure no running daemon — if that goal is accomplished by stopping a running daemon, or confirming no daemon was running, doesn't really matter.
start will start a new daemon. If one was already running, it will be killed and replaced by a new one. The user's goal is to ensure a daemon is running, with the latest config, and this is achieved regardless of whether or not there was an existing daemon.
reload becomes an alias for start, because they have the exact same behavior — ensure that a daemon is running with the latest configuiration.
Get rid of caddymodules
A while ago, localias was built using gomod2nix, and there was an incompatibility between that helper and the opentelemetry modules included in Caddy. To work around this, I created a caddymodules package that imported all of the Caddy modules except opentelemetry, which was fine because this project doesn't use the opentelemetry modules in any way.
Because localias no longer uses gomod2nix, this PR gets rid of the caddymodules hack entirely. This then allowed me to upgrade the version of Caddy that is being installed, and it will make it easier to stay up to date as Caddy receives further improvements.
SSL renewal server
With an upgraded Caddy came a problem — for SSL issuance, Caddy now requires you to implement an "automation policy" server that confirms that it can issue a new certificate for a given domain. This is primarily aimed at issuing certificates for real life domains accessible to the public, not for internal development aliases, but the restriction still stands. To do this, I used Caddy itself to respond to these requests.
In the future, I could implement this by writing a custom policy module instead of using the HTTP ask, but this works for now.
Dependencies cleanup
General updates of all imported golang packages.
Update the flake.nix and flake.lock files, switch to buildGoModule instead of buildGo120Module to make it easier to use this flake with an override nixpkgs upstream.
Bugfix
Fix #30 by changing how daemonization works.
start
/reload
would apply the latest config in the foreground process, then fork(), then start Caddy.start
/reload
apply the latest config, starts Caddy in the foreground process, then fork()s.Friendlier CLI
This change encouraged me to make the following improvements to the CLI commands:
stop
just kills the daemon, if it's running. If the daemon wasn't running,stop
will now exit cleanly. Previously, it would throw an error, but that's user-hostile because the goal of runningstop
is to ensure no running daemon — if that goal is accomplished by stopping a running daemon, or confirming no daemon was running, doesn't really matter.start
will start a new daemon. If one was already running, it will be killed and replaced by a new one. The user's goal is to ensure a daemon is running, with the latest config, and this is achieved regardless of whether or not there was an existing daemon.reload
becomes an alias forstart
, because they have the exact same behavior — ensure that a daemon is running with the latest configuiration.Get rid of
caddymodules
A while ago, localias was built using
gomod2nix
, and there was an incompatibility between that helper and the opentelemetry modules included in Caddy. To work around this, I created acaddymodules
package that imported all of the Caddy modules except opentelemetry, which was fine because this project doesn't use the opentelemetry modules in any way.Because localias no longer uses
gomod2nix
, this PR gets rid of thecaddymodules
hack entirely. This then allowed me to upgrade the version of Caddy that is being installed, and it will make it easier to stay up to date as Caddy receives further improvements.SSL renewal server
With an upgraded Caddy came a problem — for SSL issuance, Caddy now requires you to implement an "automation policy" server that confirms that it can issue a new certificate for a given domain. This is primarily aimed at issuing certificates for real life domains accessible to the public, not for internal development aliases, but the restriction still stands. To do this, I used Caddy itself to respond to these requests.
For more information, read:
In the future, I could implement this by writing a custom policy module instead of using the HTTP ask, but this works for now.
Dependencies cleanup
flake.nix
andflake.lock
files, switch tobuildGoModule
instead ofbuildGo120Module
to make it easier to use this flake with an overridenixpkgs
upstream.