Caddy Web Server on Linux: Modern Alternative to Nginx
Caddy has emerged as a modern alternative to traditional web servers like Apache and Nginx, offering automatic HTTPS, simpler configuration, and sensible defaults. Written in Go, Caddy handles SSL certificate provisioning through Let’s Encrypt without manual intervention. This guide covers installing and configuring Caddy on Linux for hosting websites with minimal complexity.
📑 Table of Contents
Why Choose Caddy?
Caddy’s headline feature is automatic HTTPS. Simply specify your domain names, and Caddy obtains, configures, and renews SSL certificates automatically. No certbot setup, no cron jobs, no certificate expiration emergencies—HTTPS just works.
The Caddyfile configuration format prioritizes readability over flexibility. Common configurations require just a few lines compared to equivalent Nginx or Apache setups. This simplicity reduces configuration errors and speeds deployment.
Installation
# Ubuntu/Debian
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
# Fedora/RHEL
sudo dnf install 'dnf-command(copr)'
sudo dnf copr enable @caddy/caddy
sudo dnf install caddy
# Arch Linux
sudo pacman -S caddyBasic Caddyfile Configuration
The Caddyfile lives at /etc/caddy/Caddyfile:
# Simple static site
example.com {
root * /var/www/example.com
file_server
}
# Multiple sites
example.com {
root * /var/www/example
file_server
}
blog.example.com {
root * /var/www/blog
file_server
}Reverse Proxy Configuration
# Proxy to backend application
app.example.com {
reverse_proxy localhost:3000
}
# Load balancing multiple backends
api.example.com {
reverse_proxy localhost:8001 localhost:8002 localhost:8003 {
lb_policy round_robin
health_uri /health
health_interval 10s
}
}
# WebSocket support (automatic)
ws.example.com {
reverse_proxy localhost:8080
}PHP Configuration
# PHP-FPM setup
example.com {
root * /var/www/example
php_fastcgi unix//run/php/php8.2-fpm.sock
file_server
}
# WordPress configuration
wordpress.example.com {
root * /var/www/wordpress
php_fastcgi unix//run/php/php8.2-fpm.sock
file_server
@disallowed {
path /xmlrpc.php
path *.sql
path /wp-content/uploads/*.php
}
respond @disallowed 403
}Security Headers
example.com {
root * /var/www/example
file_server
header {
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-XSS-Protection "1; mode=block"
Referrer-Policy strict-origin-when-cross-origin
Strict-Transport-Security "max-age=31536000; includeSubDomains"
}
}Basic Authentication
# Generate password hash
caddy hash-password
# Apply authentication
private.example.com {
basicauth {
admin $2a$14$hash_from_above
}
root * /var/www/private
file_server
}Logging Configuration
example.com {
root * /var/www/example
file_server
log {
output file /var/log/caddy/example.log {
roll_size 100mb
roll_keep 5
}
format json
}
}Managing Caddy Service
# Start/stop/restart
sudo systemctl start caddy
sudo systemctl stop caddy
sudo systemctl restart caddy
# Reload configuration without downtime
sudo systemctl reload caddy
# Validate Caddyfile syntax
caddy validate --config /etc/caddy/Caddyfile
# Format Caddyfile
caddy fmt --overwrite /etc/caddy/CaddyfileLocal Development (No HTTPS)
# Development without SSL
:8080 {
root * /home/user/project
file_server browse
}
localhost {
root * /var/www/dev
file_server
}Conclusion
Caddy simplifies web server administration dramatically through automatic HTTPS, readable configuration, and sensible defaults. For new deployments or migrations from complex configurations, Caddy offers a refreshing approach that handles common requirements with minimal effort. The automatic certificate management alone justifies evaluation for any production deployment.
Was this article helpful?
About Ramesh Sundararamaiah
Red Hat Certified Architect
Expert in Linux system administration, DevOps automation, and cloud infrastructure. Specializing in Red Hat Enterprise Linux, CentOS, Ubuntu, Docker, Ansible, and enterprise IT solutions.