Caddy als Filetransfer service

Caddy Filetransfer service

De uitdaging

Voor project Foo moest een export van server A naar server B.

En dat we uit veiligheidsoverweging niet toestaan om een password login te doen.

Dus dat secure copy niet kan.

$ scp projectFoo.export nodeB.lan42:
The authenticity of host 'nodeB.lan42 (' can't be established.
ECDSA key fingerprint is SHA256:I5qi1mCBPWJwYX1QSvzSMD+koVStuamiTgosJNKoJec.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'nodeB.lan42,' (ECDSA) to the list of known hosts.
Welcome to nodeB!
stappers@nodeB.lan42: Permission denied (publickey).
lost connection

Onderweg naar oplossing

Dan maar via de aanwezige webserver.
Ik had nginx verwacht, maar kom daar Caddy tegen.
Na overwegingen daar mee verder gegaan.

$ sudo ss -ltp | grep nginx
$ sudo ss -ltp | less
# op webserver port luistert process met naam "caddy"

Manual page niet beschikbaar, wel een help tekst:

$ caddy --help
[ERROR] first argument must be a subcommand; see 'caddy help'
$ caddy help
Caddy is an extensible server platform.

caddy <command> [<args...>]

adapt Adapts a configuration to Caddy's native JSON
build-info Prints information about this build
environ Prints the environment
file-server Spins up a production-ready file server
fmt Formats a Caddyfile
hash-password Hashes a password and writes base64
help Shows help for a Caddy subcommand
list-modules Lists the installed Caddy modules
reload Changes the config of the running Caddy instance
reverse-proxy A quick and production-ready reverse proxy
run Starts the Caddy process and blocks indefinitely
start Starts the Caddy process in the background and then returns
stop Gracefully stops a started Caddy process
trust Installs a CA certificate into local trust stores
untrust Untrusts a locally-trusted CA certificate
validate Tests whether a configuration file is valid
version Prints the version

Use 'caddy help <command>' for more information about a command.

Full documentation is available at:

En dan is file server wel veelbelovend.

$ caddy help file-server
A simple but production-ready file server. Useful for quick deployments,
demos, and development.

The listener's socket address can be customized with the --listen flag.

If a domain name is specified with --domain, the default listener address
will be changed to the HTTPS port and the server will use HTTPS. If using
a public domain, ensure A/AAAA records are properly configured before
using this option.

If --browse is enabled, requests for folders without an index file will
respond with a file listing.

caddy file-server [--domain <>] [--root <path>] [--listen <addr>] [--browse] [--access-log]

Enable the access log
Enable directory browsing
-domain string
Domain name at which to serve the files
-listen string
The address to which to bind the listener
-root string
The path to the root of the site
Enable template rendering

Full documentation is available at:

De webserver opgestart om de huidige directory te laten serveren.

$ caddy file-server --listen --root $PWD --browse
2020/10/14 17:01:17.196 WARN admin admin endpoint disabled
2020/10/14 17:01:17.196 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc00037eee0"}
2020/10/14 17:01:17.197 INFO tls cleaned up storage units
2020/10/14 17:01:17.197 INFO autosaved config {"file": "/home/stappers/.config/caddy/autosave.json"}
2020/10/14 19:01:17 Caddy 2 serving static files on

Op de andere server de export opgehaald.
En een checksum berekening gedaan.

$ wget https://nodeA.lan42:1857/projectFoo.export
--2020-10-14 19:01:21-- https://nodeA.lan42:1857/projectFoo.export
Resolving nodeA.lan42 (nodeA.lan42)...
Connecting to nodeA.lan42 (nodeA.lan42)||:1857... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2608012773 (2.4G) [application/gzip]
Saving to: ‘projectFoo.export’

projectFoo.export 100%[================================>] 2.43G 112MB/s in 22s

2020-10-14 19:01:44 (112 MB/s) - ‘projectFoo.export’ saved [2608012773/2608012773]

$ md5sum projectFoo.export
ae49f17f951206f51dc36f6f42b3d0ef projectFoo.export

Terug naar server A. caddy gestopt met behulp van Control-C.
En ook checksum berekend over het origineel.

^C2020/10/14 17:02:45.074 INFO shutting down {"signal": "SIGINT"}
2020/10/14 17:02:45.574 INFO tls.cache.maintenance stopped background certificate maintenance {"cache": "0xc00037eee0"}
2020/10/14 17:02:45.574 INFO shutdown done {"signal": "SIGINT"}
$ md5sum projectFoo.export
ae49f17f951206f51dc36f6f42b3d0ef projectFoo.export

Ja, dat is dezelfde checksum, project Foo kon verder op server B.

Zonder caddy had de document_root van de webserver eerst opgezocht moeten worden
en de export in die document_root gezet moeten worden voordat de wget kon gebeuren.

Bijkomende voordelen:

  • projectFoo.export heeft nooit in document_root gelegen, hoeft daar dus ook niet opgeruimd te worden.
  • projectFoo.export is niet door een gewone webserver aan de wereld getoond.

Auteur: Geert Stappers (DevOps Engineer, Hendrikx ITC)