How to Install Caddy on CentOS 7
Caddy is a modern open source web server with built-in support for HTTP/2 and automatic HTTPS. It can serve static files, act as a reverse proxy, and perform load balancing with health checks. This guide will walk you through installing and running Caddy on a CentOS 7 server using systemd. No prior experience is required.
Prerequisites
- A CentOS 7 server with root or sudo access
- Firewalld installed and running
- SELinux set to permissive mode or configured for Caddy
Step 1: Download the Caddy Binary
Run the following command to download and install Caddy:
curl https://getcaddy.com | bash
Step 2: Verify the Installation
Check where the Caddy binary was installed:
which caddy
You should see:
/usr/local/bin/caddy
Step 3: Set Ownership and Permissions
If you did not run the install script as root, adjust the file owner and permissions:
chown root:root /usr/local/bin/caddy
chmod 755 /usr/local/bin/caddy
Allow Caddy to bind to ports 80 and 443:
setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
Step 4: Create a Dedicated User and Group
groupadd caddy
useradd \
-g caddy \
--home-dir /var/www \
--no-create-home \
--shell /usr/sbin/nologin \
--system caddy
Step 5: Create Directories and Set Permissions
- Create the main config directory:
mkdir /etc/caddy
chown -R root:caddy /etc/caddy
chmod 750 /etc/caddy
- Create the SSL storage directory:
mkdir /etc/ssl/caddy
chown -R caddy:root /etc/ssl/caddy
chmod 770 /etc/ssl/caddy
- Create the web root directory:
mkdir /var/www
chown -R caddy:caddy /var/www
chmod -R 555 /var/www
Step 6: Create the Caddyfile
Create and secure the main Caddyfile:
touch /etc/caddy/Caddyfile
chown caddy:caddy /etc/caddy/Caddyfile
chmod 444 /etc/caddy/Caddyfile
Add your site configuration to /etc/caddy/Caddyfile.
Step 7: Configure the Systemd Service
Switch to the systemd directory and create the service file:
cd /etc/systemd/system/
nano caddy.service
Paste this unit file:
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
Restart=on-failure
StartLimitInterval=86400
StartLimitBurst=5
User=caddy
Group=caddy
Environment=CADDYPATH=/etc/ssl/caddy
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/www
ExecReload=/bin/kill -USR1 $MAINPID
LimitNOFILE=1048576
LimitNPROC=64
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=full
ReadWriteDirectories=/etc/ssl/caddy
[Install]
WantedBy=multi-user.target
Save and exit. Then set the correct permissions:
chown root:root /etc/systemd/system/caddy.service
chmod 644 /etc/systemd/system/caddy.service
Step 8: Enable and Start Caddy
Reload systemd, enable Caddy to start on boot, and start the service:
systemctl daemon-reload
systemctl enable caddy
systemctl start caddy
systemctl status caddy
Step 9: Adjust Firewall Rules
Allow HTTP and HTTPS traffic:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
Conclusion
Caddy is now installed on your CentOS 7 server and running as a service. To add or update sites, edit /etc/caddy/Caddyfile and reload with:
systemctl reload caddy
