3 files changed, 247 insertions, 0 deletions
diff --git a/www/caddy-custom/Makefile b/www/caddy-custom/Makefile
new file mode 100644
index 000000000000..6c883c52a262
--- /dev/null
+++ b/www/caddy-custom/Makefile
@@ -0,0 +1,49 @@
+# READ pkg-descr FOR INSTRUCTIONS!
+# This port will NOT build in poudriere without (simple) manual
+# intervention.
+
+PORTNAME=	caddy-custom
+PORTVERSION=	${CADDY_VERSION}.${XCADDY_VERSION}
+PORTREVISION=	17
+CATEGORIES=	www
+DISTFILES=	# none
+
+MAINTAINER=	adamw@FreeBSD.org
+COMMENT=	Caddy (www/caddy) with customized plugins
+WWW=		https://caddyserver.com
+
+LICENSE=	APACHE20
+
+BUILD_DEPENDS=	xcaddy:www/xcaddy
+
+USES=		go:no_targets
+
+NO_PACKAGE=	Requires network access (see pkg-descr)
+
+CONFLICTS_INSTALL=	caddy
+
+USE_RC_SUBR=	caddy
+SUB_FILES=	caddy
+
+PLIST_FILES=	bin/caddy
+
+CADDY_VERSION!=	${MAKE} -C ${.CURDIR}/../caddy  -V '$${DISTVERSION}.$${PORTREVISION}'
+XCADDY_VERSION!=${MAKE} -C ${.CURDIR}/../xcaddy -V '$${DISTVERSION}.$${PORTREVISION}'
+
+.for plugin in ${CADDY_CUSTOM_PLUGINS}
+PLUGINS+=	--with ${plugin}
+.endfor
+
+XCADDY_GO_BUILD_FLAGS?=	${GO_BUILDFLAGS}
+
+XCADDY_ENV+=	XCADDY_WHICH_GO="${GO_CMD}" \
+		XCADDY_GO_BUILD_FLAGS="${XCADDY_GO_BUILD_FLAGS}"
+
+do-build:
+	${MKDIR} ${WRKSRC}
+	cd ${WRKSRC} && ${XCADDY_ENV} ${LOCALBASE}/bin/xcaddy build ${PLUGINS}
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/caddy ${STAGEDIR}${PREFIX}/bin
+
+.include <bsd.port.mk>
diff --git a/www/caddy-custom/files/caddy.in b/www/caddy-custom/files/caddy.in
new file mode 100644
index 000000000000..fc7cc986e1d7
--- /dev/null
+++ b/www/caddy-custom/files/caddy.in
@@ -0,0 +1,166 @@
+#!/bin/sh
+
+# PROVIDE: caddy
+# REQUIRE: LOGIN DAEMON NETWORKING
+# KEYWORD: shutdown
+
+# To enable caddy:
+#
+# - Edit %%PREVIX%%/etc/caddy/Caddyfile
+#   See https://caddyserver.com/docs/
+# - Run 'service enable caddy'
+#
+# Note while Caddy currently defaults to running as root:wheel, it is strongly
+# recommended to run the server as an unprivileged user, such as www:www.
+#
+# - Use security/portacl-rc to enable privileged port binding:
+#
+#   # pkg install security/portacl-rc
+#   # sysrc portacl_users+=www
+#   # sysrc portacl_user_www_tcp="http https"
+#   # sysrc portacl_user_www_udp="https"
+#   # service portacl enable
+#   # service portacl start
+#
+# - Configure caddy to run as www:www
+#
+#   # sysrc caddy_user=www caddy_group=www
+#
+# - Note if Caddy has been started as root previously, files in
+#   /var/log/caddy, /var/db/caddy, and /var/run/caddy may require their ownership
+#   changing manually.
+
+# Optional settings:
+# caddy_command (string):     Full path to the caddy binary
+# caddy_config (string):      Full path to caddy config file
+#                             (%%PREFIX%%/etc/caddy/Caddyfile)
+# caddy_adapter (string):     Config adapter type (caddyfile)
+# caddy_admin (string):       Default administration endpoint
+#                             (unix//var/run/caddy/caddy.sock)
+# caddy_directory (string):   Root for caddy storage (ACME certs, etc.)
+#                             (/var/db/caddy)
+# caddy_extra_flags (string): Extra flags passed to caddy start
+# caddy_logdir (string):      Where caddy logs are stored
+#                             (/var/log/caddy)
+# caddy_logfile (string):     Location of process log (${caddy_logdir}/caddy.log)
+#                             This is for startup/shutdown/error messages.
+#                             To create an access log, see:
+#                             https://caddyserver.com/docs/caddyfile/directives/log
+# caddy_user (user):          User to run caddy (root)
+# caddy_group (group):        Group to run caddy (wheel)
+#
+# This script will honor XDG_CONFIG_HOME/XDG_DATA_HOME. Caddy will create a
+# .../caddy subdir in each of those. By default, they are subdirs of /var/db/caddy.
+# See https://caddyserver.com/docs/conventions#data-directory
+
+. /etc/rc.subr
+
+name=caddy
+rcvar=caddy_enable
+desc="Powerful, enterprise-ready, open source web server with automatic HTTPS written in Go"
+
+load_rc_config $name
+
+# Defaults
+: ${caddy_enable:=NO}
+: ${caddy_adapter:=caddyfile}
+: ${caddy_config:="%%PREFIX%%/etc/${name}/Caddyfile"}
+: ${caddy_admin:="unix//var/run/${name}/${name}.sock"}
+: ${caddy_command:="%%PREFIX%%/bin/${name}"}
+: ${caddy_directory:="/var/db/${name}"}
+: ${caddy_extra_flags:=""}
+: ${caddy_logdir:="/var/log/${name}"}
+: ${caddy_logfile:="${caddy_logdir}/${name}.log"}
+: ${caddy_user:="root"}
+: ${caddy_group:="wheel"}
+
+# Config and base directories
+: ${XDG_CONFIG_HOME:="${caddy_directory}/config"}
+: ${XDG_DATA_HOME:="${caddy_directory}/data"}
+export XDG_CONFIG_HOME XDG_DATA_HOME
+
+# Default admin interface
+export CADDY_ADMIN="${caddy_admin}"
+
+command="${caddy_command}"
+pidfile="/var/run/${name}/${name}.pid"
+
+required_files="${caddy_config} ${caddy_command}"
+
+start_precmd="caddy_precmd"
+start_cmd="caddy_start"
+stop_precmd="caddy_prestop"
+
+# JSON is the native format, so there is no "adapter" for it
+if [ "${caddy_adapter}" = "json" ]; then
+    caddy_flags="--config ${caddy_config}"
+else
+    caddy_flags="--config ${caddy_config} --adapter ${caddy_adapter}"
+fi
+
+# Extra Commands
+extra_commands="configtest reload reloadssl"
+configtest_cmd="caddy_execute validate ${caddy_flags}"
+reload_cmd="caddy_execute reload ${caddy_flags}"
+reloadssl_cmd="caddy_execute reload --force ${caddy_flags}"
+
+caddy_execute()
+{
+    /usr/bin/su -m "${caddy_user}" -c "${caddy_command} $*"
+}
+
+caddy_precmd()
+{
+    # Create required directories and set permissions
+    /usr/bin/install -d -m 755 -o "${caddy_user}" -g "${caddy_group}" ${caddy_directory}
+    /usr/bin/install -d -m 700 -o "${caddy_user}" -g "${caddy_group}" ${caddy_directory}/config
+    /usr/bin/install -d -m 700 -o "${caddy_user}" -g "${caddy_group}" ${caddy_directory}/data
+    /usr/bin/install -d -m 755 -o "${caddy_user}" -g "${caddy_group}" ${caddy_logdir}
+    /usr/bin/install -d -m 700 -o "${caddy_user}" -g "${caddy_group}" /var/run/caddy
+    if [ -e ${caddy_logfile} ]; then
+        /bin/chmod 644 ${caddy_logfile}
+        /usr/sbin/chown "${caddy_user}:${caddy_group}" ${caddy_logfile}
+    else
+        /usr/bin/install -m 644 -o "${caddy_user}" -g "${caddy_group}" /dev/null ${caddy_logfile}
+    fi
+}
+
+caddy_start()
+{
+    echo -n "Starting caddy... "
+    /usr/bin/su -m ${caddy_user} -c "${caddy_command} start ${caddy_flags} \
+        ${caddy_extra_flags} --pidfile ${pidfile}" >> ${caddy_logfile} 2>&1
+    if [ $? -eq 0 ] && ps -ax -o pid | grep -q "$(cat ${pidfile})"; then
+        echo "done"
+        echo "Log: ${caddy_logfile}"
+    else
+        echo "Error: Caddy failed to start"
+        echo "Check the caddy log: ${caddy_logfile}"
+    fi
+}
+
+caddy_prestop()
+{
+    local result
+
+    echo -n "Stopping caddy... "
+
+    result="$(caddy_execute stop ${caddy_flags} 2>&1)"
+    if [ ${?} -eq 0 ]; then
+        echo "done"
+        exit 0
+    else
+        if echo "${result}" | grep -q -e "connection refused" \
+            -e "connect: no such file or directory"; then
+
+            echo "admin interface unavailable; using pidfile"
+            return 0
+        else
+            echo "Error: Unable to stop caddy"
+            echo "Check the caddy log: ${caddy_logfile}"
+            return 1
+        fi
+    fi
+}
+
+run_rc_command "$1"
diff --git a/www/caddy-custom/pkg-descr b/www/caddy-custom/pkg-descr
new file mode 100644
index 000000000000..21e76169df57
--- /dev/null
+++ b/www/caddy-custom/pkg-descr
@@ -0,0 +1,32 @@
+This port will build a customized version of the caddy webserver
+using plugins of your choice. You will need to rebuild this port
+manually if one of your plugins gets updated.
+
+Caddy is a high-performance webserver with a simple config format,
+out-of-the-box HTTP/3 support, and automatic transparent ACME
+certificate provisioning.
+
+NOTE: THIS PORT BYPASSES EVERY SINGLE ONE OF FREEBSD'S CHECKSUM-
+BASED DISTFILE TAMPERING DETECTION MECHANISMS. USE THIS AT YOUR
+OWN PERIL (though the peril is exactly the same as using the
+xcaddy port).
+
+To make this work:
+
+1) In /usr/local/etc/poudriere.conf, add the following:
+
+     ALLOW_NETWORKING_PACKAGES="caddy-custom"
+
+   You can skip this step if you're not building in poudriere.
+
+2) Put your plugin list into make.conf (or
+   /usr/local/etc/poudriere.conf/make.conf):
+
+     .if ${.CURDIR:M*/www/caddy-custom*}
+       CADDY_CUSTOM_PLUGINS= github.com/caddy-dns/rfc2136 github.com/greenpau/caddy-security
+     .endif
+
+   If you have any other xcaddy build flags you want to set, put
+   them in XCADDY_ENV.
+
+3) Profit