Caddy, sometimes clarified as the Caddy web server, is an open source, HTTP/2-enabled web server written in Go. It uses the Go standard library for its HTTP functionality.A variety of web site technologies can be served by Caddy, which can also act as a reverse proxy and load balancer.
Capabilities:
- Virtual hosting.
- Native IPv4 and IPv6 support.
- Serve static files.
- Graceful restart/reload
- Reverse proxy.
- Load balancing with health checks.
- FastCGI proxy.
Download Caddy binaries
Run the following script, it will download Caddy binary and put them in your executable PATH:
curl https://getcaddy.com | bash
You can run the following command to see where is your Caddy’s binary file:
which caddy
Your output should be like below:
/usr/local/bin/caddy
Creating Caddy Service
Caddy does not install itself as a service which means it doesn’t start automatically during reboots, in the following steps we are going to create a dedicated user for Caddy and place the configuration files in the proper places and set their ownerships permissions.
If you didn’t download the binary file with the root user you have to modify the binary file permission with the commands below:
chown root:root /usr/local/bin/caddy
chmod 755 /usr/local/bin/caddy
With the command below you will give the binary the ability to bind the privileged ports:
setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
Now it’s time to set up user and group for Caddy:
groupadd caddy
useradd \
-g caddy \
--home-dir /var/www --no-create-home \ --shell /usr/sbin/nologin \ --system caddy
We have to create some directories and set their permissions and owner as well.
Execute the commands below to create the main directory of Caddy (which you are going to store your configuration files) and set the proper permission:
mkdir /etc/caddy
chown -R root:caddy /etc/caddy
Make the SSL directory to store your SSL configurations:
mkdir /etc/ssl/caddy
chown -R caddy:root /etc/ssl/caddy
chmod 770 /etc/ssl/caddy
Place the “Caddyfile” in the proper directory appropriate ownership and permission:
touch /etc/caddy/Caddyfile
chown caddy:caddy /etc/caddy/Caddyfile
chmod 444 /etc/caddy/Caddyfile
Create the Home directory for Caddy and set the permission and ownership:
mkdir /var/www
chown -R caddy:caddy /var/www
chmod -R 555 /var/www
At last, we can create the “caddy.service” file, Switch to the following directory:
cd /etc/systemd/system/
Create a new file named “caddy.service”
nano caddy.service
Paste the following configuration then save and exit:
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
Restart=on-failure
StartLimitInterval=86400
StartLimitBurst=5
; User and group the process will run as.
User=caddy
Group=caddy
; Letsencrypt-issued certificates will be written to this directory.
Environment=CADDYPATH=/etc/ssl/caddy
; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID
; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
LimitNOFILE=1048576
; Unmodified caddy is not expected to use more than that.
LimitNPROC=64
; Use private /tmp and /var/tmp, which are discarded after caddy stops.
PrivateTmp=true
; Use a minimal /dev
PrivateDevices=true
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
ProtectHome=true
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full
; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
; This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
ReadWriteDirectories=/etc/ssl/caddy
; The following additional security directives only work with systemd v229 or later.
; They further retrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
;AmbientCapabilities=CAP_NET_BIND_SERVICE
;NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
Set the owner and permissions:
chown root:root /etc/systemd/system/caddy.service
chmod 644 /etc/systemd/system/caddy.service
Restart “systemd” to take effect:
systemctl daemon-reload
Now you can use your Caddy as a service with the commands below:
systemctl enable caddy
systemctl start caddy
systemctl status caddy
Simple Configuration of Caddy
Now that you created your Caddy’s service it’s time for you to configure your Caddy to actually serve something on your standard HTTP port (80)
In order to do that, we have to write some configuration in our Caddyfile which placed in “/etc/caddy/”
nano /etc/caddy/Caddyfile
With the configuration below you will make Caddy run on port 80 and set the “/var/www” as the document root (make sure to replace the red area with your Public IP address or your Domain name):
Your_Domain_Or_IP_Address:80
root /var/www
Save and exit.
Restart your Caddy with the command below:
systemctl restart caddy
Switch to document root with the command below:
cd /var/www
Make an “index.html” file for the test with the command below:
nano index.html
Put the following code in it then save and exit:
<html>
<body>
Hello world!
</body>
</html>
Now you can see your IP or your Domain name through a browser and see your Hello to the world!