Caddy is one of the next generation modern web servers written in GO language that’s why the binaries are entirely self-contained and can be run on every platform. These are some of the benefits of the Caddy:
- Caddy is very lightweight and has low resource requirements.
- Configuration is very simple.
- Supports HTTP/2.0
- Caddy is the only web server that uses HTTPS by default.
- It’s very fast for processing static content.
In this tutorial, we are going to install and configure Caddy and make it run as a service.
We are assuming that you have root permission, otherwise, you may start commands with “sudo”.
Download Caddy binaries
Run the following script, it will download Caddy binary and put them in your executable PATH:
curl https://getcaddy.com | bash
You can run the following command to see where is your Caddy’s binary file:
Your output should be like below:
Creating Caddy Service
Caddy does not install itself as a service which means it doesn’t start automatically during reboots, in the following steps we are going to create a dedicated user for Caddy and place the configuration files in the proper places and set their ownerships permissions.
If you didn’t download the binary file with the root user you have to modify the binary file permission with the commands below:
chown root:root /usr/local/bin/caddy
chmod 755 /usr/local/bin/caddy
With the command below you will give the binary the ability to bind the privileged ports:
setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
Now it’s time to set up user and group for Caddy:
useradd \> -g caddy \ > --home-dir /var/www --no-create-home \ > --shell /usr/sbin/nologin \ > --system caddy
We have to create some directories and set their permissions and owner as well.
Execute the commands below to create the main directory of Caddy (which you are going to store your configuration files) and set the proper permission:
chown -R root:caddy /etc/caddy
Make the SSL directory to store your SSL configurations:
chown -R caddy:root /etc/ssl/caddy
chmod 770 /etc/ssl/caddy
Place the “Caddyfile” in the proper directory appropriate ownership and permission:
chown caddy:caddy /etc/caddy/Caddyfile
chmod 444 /etc/caddy/Caddyfile
Create the Home directory for Caddy and set the permission and ownership:
chown -R caddy:caddy /var/www
chmod -R 555 /var/www
At last, we can create the “caddy.service” file, Switch to the following directory:
Create a new file named “caddy.service”
Paste the following configuration then save and exit:
[Unit] Description=Caddy HTTP/2 web server Documentation=https://caddyserver.com/docs After=network-online.target Wants=network-online.target systemd-networkd-wait-online.service [Service] Restart=on-failure StartLimitInterval=86400 StartLimitBurst=5 ; User and group the process will run as. User=caddy Group=caddy ; Letsencrypt-issued certificates will be written to this directory. Environment=CADDYPATH=/etc/ssl/caddy ; Always set "-root" to something safe in case it gets forgotten in the Caddyfile. ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp ExecReload=/bin/kill -USR1 $MAINPID ; Limit the number of file descriptors; see `man systemd.exec` for more limit settings. LimitNOFILE=1048576 ; Unmodified caddy is not expected to use more than that. LimitNPROC=64 ; Use private /tmp and /var/tmp, which are discarded after caddy stops. PrivateTmp=true ; Use a minimal /dev PrivateDevices=true ; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys. ProtectHome=true ; Make /usr, /boot, /etc and possibly some more folders read-only. ProtectSystem=full ; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there. ; This merely retains r/w access rights, it does not add any new. Must still be writable on the host! ReadWriteDirectories=/etc/ssl/caddy ; The following additional security directives only work with systemd v229 or later. ; They further retrict privileges that can be gained by caddy. Uncomment if you like. ; Note that you may have to add capabilities required by any plugins in use. ;CapabilityBoundingSet=CAP_NET_BIND_SERVICE ;AmbientCapabilities=CAP_NET_BIND_SERVICE ;NoNewPrivileges=true [Install] WantedBy=multi-user.target
Set the owner and permissions:
chown root:root /etc/systemd/system/caddy.service
chmod 644 /etc/systemd/system/caddy.service
Restart “systemd” to take effect:
Now you can use your Caddy as a service with the commands below:
systemctl enable caddy
systemctl start caddy
systemctl status caddy
Simple Configuration of Caddy
Now that you created your Caddy’s service it’s time for you to configure your Caddy to actually serve something on your standard HTTP port (80)
In order to do that, we have to write some configuration in our Caddyfile which placed in “/etc/caddy/”
With the configuration below you will make Caddy run on port 80 and set the “/var/www” as the document root (make sure to replace the red area with your Public IP address or your Domain name):
Your_Domain_Or_IP_Address:80 root /var/www
Save and exit.
Restart your Caddy with the command below:
systemctl restart caddy
Switch to document root with the command below:
Make an “index.html” file for the test with the command below:
Put the following code in it then save and exit:
<html> <body> Hello world! </body> </html>
Now you can see your IP or your Domain name trough a browser and see your Hello to the world!
You can visit Caddy official website for more information and news!