These days, HTTPS is key when hosting a website. Without it, your users could be leaking very personal data from your website into the world. To solve this, many Linux webmasters have taken to using the LetsEncrypt tools, as they make it very easy to generate a certificate. Still, for as easy as LetsEncrpyt is, enabling it on Nginx or Apache on Linux can still be a bit of a chore. Luckily, there’s a better way. Introducing the Caddy web server. It’s web server that has HTTPS enabled by default. If you’re sick of hassling with SSL certificates, Caddy may be just what you need.

Installing Caddy

Installing the Caddy web server works pretty much the same no matter what server operating system you are using. The reason Caddy is so easy to install is that of the developer’s choice to use a downloadable Bash script for installing the software, rather than adding third-party software repositories or installing via binaries.

In this tutorial, we’ll be using Ubuntu Server, though running the Caddy web Server will work just fine on most other Linux OS’s too, even desktop ones. To start off, make sure you have the Curl app on your Linux PC. If you don’t, open up a terminal search your package manager for “curl”, and install it.

Note: determine if you have curl already by running curl in the terminal. If the “help” dialog shows up for the program, you have Curl on your Linux machine.

curl https://getcaddy.com | bash -s personal

The Caddy web server is free to use for personal use, but you must specify it. Planning to use Caddy in an enterprise setting? Run the installation command with:

‘);
if (navigator.appVersion.indexOf(“Mac”)!=-1) document.write(”);

RECOMMENDED FOR YOU

curl https://getcaddy.com | bash -s commercial

Running Curl will pipe it through Bash and automatically start the installation process. The Caddy installer will take time to download the web server binary and place it in /usr/local/bin/ directory. If the installation is successful, you’ll see a message saying “Successfully Installed”.

At this point, you’ll need to modify the Caddy binary. Run the following command in the terminal, with sudo privileges.

sudo setcap cap_net_bind_service=+ep /usr/local/bin/caddy

Configuring Caddy

Caddy is installed on the server. The next step in the process is to configure the directory structure. Start out by getting a root terminal. Doing this will make modifying folders in the file system much faster, as you won’t need to enter sudo for every command, followed by a password.

On most systems, users can log directly into the root account with:

su

On Ubuntu server, however, the Root account is locked for security reasons. To get around this, gain a root shell with sudo.

sudo -s

Now that we have root access, create the necessary directories for the Caddy server to operate correctly.

mkdir /etc/caddy

mkdir /etc/ssl/caddy

Note: If your server already has a /var/www/ directory, skip this last mkdir command.

mkdir /var/www

Next, create a new “Caddyfile” inside of /etc/caddy/.

touch /etc/caddy/Caddyfile

Using the chmod command, update the permissions for the Caddy sub-folder inside of /etc/ssl/.

chmod 0770 /etc/ssl/caddy

Lastly, chown the /var/www/ directory:

chown www-data: /var/www

Caddy Systemd File

Most servers, especially Ubuntu server make heavy use of the systemd init system. However, since the web server installs via Bash script, a systemd file isn’t present. Instead, we’ll need to make our own. Use the touch command to make a new, blank service file.

touch /lib/systemd/system/caddy.service

Open up the new caddy.service file and paste the following code into it:

[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target

[Service]
Restart=on-failure
StartLimitInterval=86400
StartLimitBurst=5

User=www-data
Group=www-data
; Letsencrypt-issued certificates will be written to this directory.
Environment=CADDYPATH=/etc/ssl/caddy

ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID

LimitNOFILE=1048576
LimitNPROC=64

PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=full
ReadWriteDirectories=/etc/ssl/caddy

; The following additional security directives only work with systemd v229 or later.
; They further retrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
;AmbientCapabilities=CAP_NET_BIND_SERVICE
;NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

There is a lot of code for the caddy.service file, so do your best to ensure everything is there. When you’re sure, save the changes by pressing the Ctrl + X keyboard combination. Exit the editor with Ctrl + X.

systemctl enable caddy.service

systemctl start caddy.service

After setting up systemd, everything should be ready to go.

Setting Up Domains

Caddy, like any other web server, needs a bit of configuration before using it. Start off by creating a domain folder:

Note: be sure to rename “test-domain.org” with your domain.

mkdir -p /var/www/test-domain.org/

Next, edit the file Caddyfile we created earlier.

nano /etc/caddy/Caddyfile

Paste the following code to activate your new domain:

my-domain.com {
root /var/www/test-domain.org
}

Restart the Caddy systemd service to save the changes. When the service finishes restarting, Caddy is ready to use on your server.

systemctl restart caddy.service