Skip to main content

Caddy

website: https://caddyserver.com/

Caddy is a powerful and easy-to-use web server that comes with built-in HTTPS support, making it a great choice for serving your website with SSL certificates. It automatically provisions and renews SSL certificates for you using Let’s Encrypt or another ACME-compatible CA, which simplifies the process.

Instal Caddy

reference: https://caddyserver.com/docs/install

For Linux (Ubuntu & Debian)

curl -s https://getcaddy.com | bash -s personal

Manual installation

download execute file: https://github.com/caddyserver/caddy/releases/

curl https://github.com/caddyserver/caddy/releases/download/v2.8.4/caddy_2.8.4_linux_amd64.tar.gz --output caddy.tar.gz
wget https://github.com/caddyserver/caddy/releases/download/v2.8.4/caddy_2.8.4_linux_amd64.tar.gz

Unzip and move to PATH

tar -zxvf caddy.tar.gz
mv caddy /usr/bin/

Verify installation

# caddy version
v2.8.4 h1:HoysvZkLcN2xJExEepaFHK92Qgs7xAiCFydN5x5Hs6Q=

Create group and user

sudo groupadd --system caddy
sudo useradd --system \
    --gid caddy \
    --create-home \
    --home-dir /var/lib/caddy \
    --shell /usr/sbin/nologin \
    --comment "Caddy web server" \
    caddy

Create service

configuration file: /etc/systemd/system/caddy.service

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

Enable caddy service

systemctl daemon-reload
systemctl enable --now caddy

Web Server

Run caddy with configuration file Caddyfile

caddy run --config /etc/caddy/Caddyfile

A static website

yourdomain.com {
    root * /var/www/html
    file_server
    encode gzip
    log {
        output file /var/log/caddy/access.log
    }
    tls youremail@example.com  # Email for Let's Encrypt registration
}

Reverse proxy

yourdomain.com {
    reverse_proxy localhost:8080
}

Caddy allows you to configure your server using JSON. Json configuration file is powerful then Caddyfile

Example of json configuration file

{
    "apps": {
        "http": {
            "servers": {
                "example_server": {
                    "listen": [":443"],
                    "routes": [
                        
                        {
                            "match": [
                                {
                                    "host": ["yourdomain.com"],
                                    "path": ["/api/*"]
                                }
                            ],
                            "handle": [
                                {
                                    "handler": "reverse_proxy",
                                    "upstreams": [
                                        {
                                            "dial": "localhost:8080"
                                        }
                                    ]
                                }
                            ]
                        },
                        {
                            "match": [
                                {
                                    "host": ["yourdomain.com"]
                                }
                            ],
                            "handle": [
                                {
                                    "handler": "static_response",
                                    "files": {
                                        "root": "/var/www/html"
                                    }
                                }
                            ]
                        }
                    ]
                }
            }
        }
    }
}