How to Install Caddy on CentOS 7

Caddy is a modern open source web server with built-in support for HTTP/2 and automatic HTTPS. It can serve static files, act as a reverse proxy, and perform load balancing with health checks. This guide will walk you through installing and running Caddy on a CentOS 7 server using systemd. No prior experience is required.

Prerequisites

  • A CentOS 7 server with root or sudo access
  • Firewalld installed and running
  • SELinux set to permissive mode or configured for Caddy

Step 1: Download the Caddy Binary

Run the following command to download and install Caddy:

curl https://getcaddy.com | bash

Step 2: Verify the Installation

Check where the Caddy binary was installed:

which caddy

You should see:

/usr/local/bin/caddy

Step 3: Set Ownership and Permissions

If you did not run the install script as root, adjust the file owner and permissions:

chown root:root /usr/local/bin/caddy
chmod 755 /usr/local/bin/caddy

Allow Caddy to bind to ports 80 and 443:

setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy

Step 4: Create a Dedicated User and Group

groupadd caddy
useradd \
  -g caddy \
  --home-dir /var/www \
  --no-create-home \
  --shell /usr/sbin/nologin \
  --system caddy

Step 5: Create Directories and Set Permissions

  • Create the main config directory:
mkdir /etc/caddy
chown -R root:caddy /etc/caddy
chmod 750 /etc/caddy
  • Create the SSL storage directory:
mkdir /etc/ssl/caddy
chown -R caddy:root /etc/ssl/caddy
chmod 770 /etc/ssl/caddy
  • Create the web root directory:
mkdir /var/www
chown -R caddy:caddy /var/www
chmod -R 555 /var/www

Step 6: Create the Caddyfile

Create and secure the main Caddyfile:

touch /etc/caddy/Caddyfile
chown caddy:caddy /etc/caddy/Caddyfile
chmod 444 /etc/caddy/Caddyfile

Add your site configuration to /etc/caddy/Caddyfile.

Step 7: Configure the Systemd Service

Switch to the systemd directory and create the service file:

cd /etc/systemd/system/
nano caddy.service

Paste this unit file:

[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service

[Service]
Restart=on-failure
StartLimitInterval=86400
StartLimitBurst=5
User=caddy
Group=caddy
Environment=CADDYPATH=/etc/ssl/caddy
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/www
ExecReload=/bin/kill -USR1 $MAINPID
LimitNOFILE=1048576
LimitNPROC=64
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=full
ReadWriteDirectories=/etc/ssl/caddy

[Install]
WantedBy=multi-user.target

Save and exit. Then set the correct permissions:

chown root:root /etc/systemd/system/caddy.service
chmod 644 /etc/systemd/system/caddy.service

Step 8: Enable and Start Caddy

Reload systemd, enable Caddy to start on boot, and start the service:

systemctl daemon-reload
systemctl enable caddy
systemctl start caddy
systemctl status caddy

Step 9: Adjust Firewall Rules

Allow HTTP and HTTPS traffic:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

Conclusion

Caddy is now installed on your CentOS 7 server and running as a service. To add or update sites, edit /etc/caddy/Caddyfile and reload with:

systemctl reload caddy
Cette réponse était-elle pertinente? 220 Utilisateurs l'ont trouvée utile (229 Votes)