Caddy, recommended in this issue, is a scalable server platform that uses TLS by default.
Caddy is a powerful, scalable platform to serve your sites, services, and applications, written in Go. The API configuration using Caddy is dynamic and exportable. Although configuration files are not required, you can still use them; Most people’s favorite way to configure Caddy is to use Caddyfile. Configuration documents come in a variety of formats, with configuration adapters, but Caddy’s native configuration language is JSON.
Characteristic Caddy
- Easy configuration with Caddyfile
- Powerful configuration and its native JSON configuration
- Dynamic configuration using the JSON API
- If you don’t like JSON, configure the adapter
- Default automatic HTTPS
- Stay up and running when other servers are down due to TLS/OCSP/ certificate-related issues
- After processing trillions of requests and managing millions of TLS certificates, it can be put into production
- Expands to tens of thousands of sites…… And probably more.
- HTTP/1.1, HTTP/2, and experimental HTTP/3 support
- The highly scalable modular architecture allows Caddy to do everything without bloating
- Run anywhere with no external dependencies (not even libc)
- Written in Go, a language with higher memory security guarantees than other servers
Caddy installation
Debian、Ubuntu、Raspbian
Installing this package automatically starts and runs caddy as a systemd service named, and if you need it, caddy also comes with a service that is not enabled by default by Caddy-API.
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddyTest releases (including beta and release candidates) :
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/testing/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-testing-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/testing/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-testing.list
sudo apt update
sudo apt install caddyFedora, Red Hat, CentOS
This package comes with Caddy’s two systemd service unit files, but they are not enabled by default.
Fedora or RHEL/CentOS 8:
dnf install 'dnf-command(copr)'
dnf copr enable @caddy/caddy
dnf install caddyRHEL/CentOS 7:
yum install yum-plugin-copr
yum copr enable @caddy/caddy
yum install caddyWebi
Linux and macOS:
curl -sS https://webinstall.dev/caddy | bashwindows:
curl.exe -A MS https://webinstall.dev/caddy | powershellYou may need to adjust Windows Firewall rules to allow incoming connections from non-local hosts.
Quick start
Start Caddy first:
caddy start
Caddy is currently idle (configured as blank). Give it a simple configuration curl:
curl localhost:2019/load \
-H "Content-Type: application/json" \
-d @- << EOF
{
"apps": {
"http": {
"servers": {
"hello": {
"listen": [":2015"],
"routes": [
{
"handle": [{
"handler": "static_response",
"body": "Hello, world!"
}]
}
]
}
}
}
}
}Using Heredoc to provide POST body can be tedious, so if you prefer to use files, save JSON to a file called caddy.json and then use the following command instead:
curl localhost:2019/load \
-H "Content-Type: application/json" \
-d @caddy.jsonNow load localhost:2015curl in your browser or use:
curl localhost:2015
Hello, world!We can also use this JSON to define multiple sites on different interfaces:
{
"apps": {
"http": {
"servers": {
"hello": {
"listen": [":2015"],
"routes": [
{
"handle": [{
"handler": "static_response",
"body": "Hello, world!"
}]
}
]
},
"bye": {
"listen": [":2016"],
"routes": [
{
"handle": [{
"handler": "static_response",
"body": "Goodbye, world!"
}]
}
]
}
}
}
}
}Update your JSON and then execute the API request again.
Try the new “goodbye” endpoint in your browser, or use curl to make sure it works:
curl localhost:2016
Goodbye, world!When Caddy is finished, be sure to stop it:
caddy stopReverse proxy Quickstart
Prerequisites:
- Basic terminal/command line skills
- caddy is in your path
- Running back-end processes to proxy to
In your terminal, run the following command:
caddy reverse-proxy --to 127.0.0.1:9000If you do not have the right to bind to a low-end port, you can proxy from a higher port:
caddy reverse-proxy --from :2016 --to 127.0.0.1:9000Then make a request to localhost (or whatever address –from you specify in) to see if it works!
In the current working directory, create a file named Caddyfile with the following contents:
localhost
reverse_proxy 127.0.0.1:9000
Then, run from the same directory:
caddy runYou can then make a request to https://localhost to see if it works!
HTTPS and ports
Caddy’s default port is no longer :2015. Caddy 2’s default port is :443, or, if you don’t know the host name /IP, port :80. You can always customize the port in the configuration.
If the host name or IP is known, the default protocol for Caddy 2 is always HTTPS. This is different from Caddy 1, where only public domain names use HTTPS by default. Now, every site uses HTTPS (unless you do this by explicitly specifying the port :80 or disabling it http://).
The IP address and localhost domain will issue the certificate from the local trusted embedded CA. All other fields will use ZeroSSL or Let’s Encrypt. (This is all configurable.)
The storage structure of certificates and ACME resources has changed. Caddy 2 May obtain a new certificate for your site; But if you have a lot of certificates, you can migrate them manually if it doesn’t suit you.
—END—
Open source license: Apache-2.0 license
