🌱🏠😈 Common background service doing the heavy lifting for various user-facing greenhouse client applications https://greenhouse.server.garden/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

3.2 KiB


Pitney the Pineapple dressed up in thier Daemon halloween costume

This is the background service which runs/manages threshold + caddy and responds to requests from the UI.

It depends on threshold and SequentialRead's forked version of Caddy 2.

For now you must also provide caddy-config.json inside GREENHOUSE_DAEMON_PATH. Example config:

  "admin": {
    "disabled": false,
    "listen": "",
    "authorized_clients_ca_file": "greenhouse_daemon_localhost_ca.crt",
    "tls_key_file": "greenhouse-daemon.key",
    "tls_cert_file": "greenhouse-daemon.crt",
    "config": {
      "persist": false

forest's dev environment notes

Build and deploy to both the daemon that the desktop app uses (/opt/greenhouse-daemon) and the daemon that the greenhouse server uses (../greenhouse/greenhouse-daemon).

go build -o greenhouse-daemon .
sudo cp greenhouse-daemon /opt/greenhouse-daemon/greenhouse-daemon
mv greenhouse-daemon ../greenhouse/greenhouse-daemon/greenhouse-daemon 

environment variables


Default Value:

  • Linux: /opt/greenhouse-daemon
  • Windows: %ProgramData%\greenhouse-background-service
  • MacOS: /Library/Application Support/greenhouse-daemon

Path to folder where it will store all its files. This folder should be exclusively owned by the user that runs the greenhouse-daemon process for security reasons.


Default Value: https://greenhouse-alpha.server.garden

URL the daemon will use to contact the greenhouse cloud service, for example, to log into the users account.


Default Value: false

If set to true then the daemon will listen HTTP on unix sockets instead of listening HTTPS on local TCP ports.

ports used

greenhouse-daemon api: https://localhost:9572  -- certificate signed by daemon CA, the GUI does not validate the cert (it can't)

threshold admin api:   https://localhost:9573 -- certificate signed by daemon CA, uses mutual TLS with daemon
caddy admin api:       https://localhost:9574 -- certificate signed by daemon CA, uses mutual TLS with daemon
caddy http port:       https://localhost:9575 -- used by caddy for http -> https redirects 
caddy https port:      https://localhost:9576 -- certificate signed by Let's Encrypt CA, public internet TLS
caddy tls port:        https://localhost:9577 -- certificate signed by Let's Encrypt CA, public internet TLS

unix sockets used (alternative to ports)

All of these socket files are owned by whatever user is running the greenhouse-daemon process. They all use plain http with no TLS.

greenhouse-daemon api: /var/run/greenhouse-daemon.sock

threshold admin api:   /var/run/greenhouse-daemon-threshold.sock
caddy admin api:       /var/run/greenhouse-daemon-caddy-admin.sock
caddy http port:       /var/run/greenhouse-daemon-caddy-http.sock
caddy https port:      /var/run/greenhouse-daemon-caddy-https.sock
caddy tls port:        /var/run/greenhouse-daemon-caddy-tls.sock