Caddy Webserver

August 06, 2019

Deploying Caddy Webserver is pretty easy and I’ve posted the instructions in my Media Server Series, specifically in the Plex post. Still, it makes sense to have some of the information used in those posts separated out into their own post. Just like my ssh post, I will start putting all of my Caddy information in here.

Installing Caddy on Ubuntu

curl https://getcaddy.com | sudo bash -s personal http.nobots,http.prometheus,tls.dns.namecheap

At this point Caddy is downloaded and installed. There are a few things I included in the install, namely http.nobots and http.prometheus. Feel free to drop tls.dns.namecheap if you don’t use Namecheap.

http.notbots ensures that bots like Google and Yahoo don’t crawl your server. http.prometheus will allow us to monitor the http metrics of Caddy in the future.

Setting Caddy Up as a Service

sudo -i
chown root:root /usr/local/bin/caddy
chmod 755 /usr/local/bin/caddy
setcap 'cap_net_bind_service=+eip' /usr/local/bin/caddy
mkdir -p /etc/caddy
chown -R root:www-data /etc/caddy
mkdir -p /etc/ssl/caddy
chown -R www-data:root /etc/ssl/caddy
chmod 770 /etc/ssl/caddy
touch -p /etc/caddy/Caddyfile
curl -L https://github.com/mholt/caddy/raw/master/dist/init/linux-systemd/caddy.service | sed "s/;CapabilityBoundingSet/CapabilityBoundingSet/" | sed "s/;AmbientCapabilities/AmbientCapabilities/" | sed "s/;NoNewPrivileges/NoNewPrivileges/" | tee /etc/systemd/system/caddy.service
chown root:root /etc/systemd/system/caddy.service
chmod 744 /etc/systemd/system/caddy.service
systemctl daemon-reload
systemctl enable caddy.service

Using Caddy as a Proxy

Let’s build the start of our Caddyfile:

vim /etc/caddy/Caddyfile

https://example.com {
  gzip
  proxy / localhost:8080 {
    transparent
  }
}

The configuration is pretty straightforward, but let’s walk through it, because we’ll be utilizing this configuration several times.

Starting Caddy

systemctl start caddy.service