Caddy plugin stopping

Started by collinsit, February 11, 2025, 03:57:43 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
February 12, 2025, 03:49:20 PM #15 Last Edit: February 12, 2025, 03:55:22 PM by Monviech (Cedrik)
That provider was released today per random change. So if you update to 25.1.1 you'll get a new caddy plugin version that supports it.

https://github.com/opnsense/plugins/pull/4507

Though you have to add it manually from the shell like this though, so that the caddy binary compiles the provider in.

https://caddyserver.com/docs/command-line#caddy-add-package

Code Select
caddy add-package github.com/caddy-dns/cloudns
Hardware:
DEC740
February 12, 2025, 05:24:15 PM #16
That's great you added it. I just did the update and it is showing in the list now and I ran the command to add the module too. Not sure i'll move off ACME right now as it is working well and it will be nice to have the option to use the certificate outside of Caddy if I decide to do that as well. I am currently using it for the web interface of the firewall which is nice.

So far no crashes with the server since I made the change so that is promising. In the event that this turns out to be the issue, is there a possible fix to it? My ideal plan is I would like to be able to use the Caddy server to route to the servers internally and externally so I don't have to maintain certificates in two places. Right now I am using my internal NGINX server to handle the internal communications and the Caddy to handle the external ones but it is just more infrastructure to maintain so being able to get rid of the NGINX server would be nice but I obviously can't do that if I can't get the UDP ports to route properly.
February 12, 2025, 05:36:31 PM #17
Just check the github issue I have linked earlier. If there is progress a fix will emerge. Best subscribe to the github issue or comment in it so you get notifications from it.

https://github.com/mholt/caddy-l4/issues/295

When the issue has been found and patched upstream, the patch will be downstreamed over time and end up in a new release here.
Hardware:
DEC740
February 14, 2025, 12:52:34 PM #18
I have a similar issue and have updated to the latest OPnsense 25.1.1 and Caddy plugin 1.8.2 but still get the memory issue after running for a day:

2025-02-14T07:52:15   Notice   kernel   <3>pid 87856 (caddy), jid 0, uid 0, was killed: failed to reclaim memory   
2025-02-13T13:18:23   Notice   kernel   <118>Log: /var/log/caddy/caddy.log   
2025-02-13T13:18:23   Notice   kernel   <118>Starting caddy... done   
2025-02-11T13:10:43   Notice   kernel   <3>pid 47033 (caddy), jid 0, uid 0, was killed: failed to reclaim memory   
2025-01-30T15:34:06   Notice   kernel   <3>pid 87676 (caddy), jid 0, uid 0, was killed: failed to reclaim memory

No panic messages in caddy logs
February 14, 2025, 12:54:08 PM #19
Have you checked "/var/log/caddy/caddy.log" specifically? It's not exposed in the GUI.
Hardware:
DEC740
February 14, 2025, 01:16:05 PM #20
Thank you for posting the link to the issue Cedrik, you're right, it sounds exactly like what I am running into and since removing that section of the config, the system has been stable.

In your experience, how long does it generally take for bugs to get fixed. I am liking the simplicity of Caddy but wondering if I should try to figure out the issues I was having with NGINX on OpnSense and try to get it to work as it is very reliable and stable once properly setup. It also has a pretty neat WAF filtering options which would be nice to implement if I can get the rest of it working.

Thanks for all your help.
February 14, 2025, 02:07:28 PM #21
Thanks for confirming.

Sorry I cannot answer that specifically, it depends on the scope of the underlying issue.

As with everything, use what works best for you. :)
Hardware:
DEC740
February 14, 2025, 04:11:44 PM #22
I appreciate that thanks Cedrik. I know how hard it can be to maintain stuff, especially when a lot of it is out of your control. I just wasn't sure how long bugs normally take to fix. The main reason I left PFSense to come to OpnSense is they released updates every year or even less and for a firewall product, that seemed way to long between updates so I like that OpnSense does it more frequently.

I will probably investigate the PFSense issues I am having a bit more but the simplicity of Caddy is really nice and (other than this bug) it just works which is great.
February 17, 2025, 11:43:35 AM #23
Quote from: Monviech (Cedrik) on February 14, 2025, 12:54:08 PMHave you checked "/var/log/caddy/caddy.log" specifically? It's not exposed in the GUI.

Yes I checked all the logs from that folder.

I do not have Layer4 setup and only two Reverse Proxies. With Caddy disabled the memory usage sits at 3.1/8GB RAM, With Caddy running it is initially 3.2/8GB then after a day 4/8GB so not running low on RAM.

I do appreciate that with issues you cannot reproduce or have any meaningful errors in the logs it is a bit difficult to progress a solution.

My system does seem to have had remnants of ZenArmor from previous  setups that have not quite removed cleanly so it could be something there but everything else seems ok and I am reluctant to wipe my firewall to try Caddy on a clean machine so will leave without it for now.

Thanks
February 17, 2025, 01:09:04 PM #24
Using something else is a valid solution too. Sometimes things just dont work out :)
Hardware:
DEC740
February 25, 2025, 12:56:38 PM #25
Hi Cedrik

I am still using Caddy but have found that the memory issues I have are also affecting Unbound DNS.

My inactive memory still creeps up and up even without Caddy installed so it's not the plugin's issue.

Thanks for your help.
February 25, 2025, 01:20:53 PM #26
Are you sure its not the ARC cache of zfs that eats up your RAM slowly over time? Cause that's expected and wanted.
Hardware:
DEC740
February 25, 2025, 04:16:30 PM #27
No, I am not using zfs just ufs.
Print
Go Up Pages 1 2
User actions