Caddy Web Server: Automatic HTTPS Made Effortless
Deploy Caddy as your web server and reverse proxy with zero-config automatic HTTPS. Covers Caddyfile syntax, reverse proxy patterns, Docker integration,...
Why Caddy?
Caddy is a web server written in Go that provisions and renews HTTPS certificates automatically. No certbot, no cron jobs, no manual renewal. Just point your domain at Caddy, and it handles everything.
Workflow automation: triggers, conditions, and actions chain together to eliminate manual processes.
Compare the config needed for HTTPS:
Nginx: 20+ lines for SSL config, plus certbot setup, plus renewal cron job.
Caddy: Zero lines. It just works.
Installation
Docker
services:
caddy:
image: caddy:latest
container_name: caddy
ports:
- "80:80"
- "443:443"
- "443:443/udp" # HTTP/3
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_config:/config
restart: unless-stopped
volumes:
caddy_data:
caddy_config:
Binary
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update && sudo apt install caddy
Caddyfile Basics
Static File Server
Get more insights on Tutorials
Join 2,000+ engineers who get our weekly deep-dives. No spam, unsubscribe anytime.
example.com {
root * /var/www/html
file_server
}
That is the entire configuration. Caddy will automatically obtain an HTTPS certificate from Let's Encrypt, redirect HTTP to HTTPS, and serve your files.
Reverse Proxy
api.example.com {
reverse_proxy localhost:8080
}
app.example.com {
reverse_proxy localhost:3000
}
docs.example.com {
reverse_proxy localhost:4000
}
Three services, three lines each. Automatic HTTPS for all of them.
SPA (Single Page Application)
app.example.com {
root * /var/www/app
try_files {path} /index.html
file_server
encode gzip zstd
}
Path-Based Routing
example.com {
handle /api/* {
reverse_proxy api-service:8080
}
handle /docs/* {
reverse_proxy docs-service:4000
}
handle {
root * /var/www/frontend
try_files {path} /index.html
file_server
}
}
A reverse proxy terminates TLS, routes requests by hostname, and load-balances across backend services.
Advanced Features
Compression
example.com {
encode gzip zstd
reverse_proxy backend:8080
}
Rate Limiting
example.com {
rate_limit {
zone dynamic {
key {remote_host}
events 100
window 1m
}
}
reverse_proxy backend:8080
}
Headers and Security
example.com {
header {
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Referrer-Policy "strict-origin-when-cross-origin"
Strict-Transport-Security "max-age=31536000; includeSubDomains"
-Server
}
reverse_proxy backend:8080
}
Basic Authentication
admin.example.com {
basicauth {
admin JDJhJDE0JDlENmRYaHlBdGVJNk5...(bcrypt hash)
}
reverse_proxy admin-panel:9090
}
Generate the hash with:
caddy hash-password --plaintext "your-password"
WebSocket Proxy
ws.example.com {
reverse_proxy backend:8080 {
# WebSocket support is automatic in Caddy
# No special headers needed
}
}
Free Resource
Free Cloud Architecture Checklist
A 47-point checklist covering security, scalability, cost optimization, and disaster recovery for production cloud environments.
Caddy with Docker Compose
services:
caddy:
image: caddy:latest
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
frontend:
image: myapp/frontend:latest
api:
image: myapp/api:latest
docs:
image: myapp/docs:latest
# Caddyfile
app.example.com {
reverse_proxy frontend:3000
}
api.example.com {
reverse_proxy api:8080
}
docs.example.com {
reverse_proxy docs:4000
}
Caddy vs Nginx vs Traefik
| Feature | Caddy | Nginx | Traefik |
|---|---|---|---|
| Auto HTTPS | Built-in | certbot | Built-in |
| Config Format | Caddyfile | nginx.conf | YAML/TOML/Labels |
| Docker Discovery | Plugin | No | Built-in |
| Memory | ~30MB | ~5MB | ~50MB |
| HTTP/3 | Built-in | Experimental | Built-in |
| Config Reload | Instant API | nginx -s reload | Hot reload |
| Best For | Simplicity | Raw performance | Docker/K8s |
Server infrastructure: production and staging environments connected via VLAN with offsite backups.
When to Choose Caddy
- You want zero-config HTTPS
- You value simplicity over fine-grained control
- You do not need Docker service discovery (use Traefik for that)
- You want HTTP/3 support out of the box
- You are running a small to medium deployment
At TechSaaS, we use Traefik for our Docker-based infrastructure because of its native service discovery. But for standalone projects and client deployments that do not use Docker, we recommend Caddy. Its simplicity is unmatched.
Need help choosing a web server? Contact [email protected].
Related Service
Cloud Solutions
Let our experts help you build the right technology strategy for your business.
Need help with tutorials?
TechSaaS provides expert consulting and managed services for cloud infrastructure, DevOps, and AI/ML operations.
We Will Build You a Demo Site — For Free
Like it? Pay us. Do not like it? Walk away, zero complaints. You will spend way less than hiring developers or any agency.
No spam. No contracts. Just a free demo.