Caddy (web server)

From David's Wiki
\( \newcommand{\P}[]{\unicode{xB6}} \newcommand{\AA}[]{\unicode{x212B}} \newcommand{\empty}[]{\emptyset} \newcommand{\O}[]{\emptyset} \newcommand{\Alpha}[]{Α} \newcommand{\Beta}[]{Β} \newcommand{\Epsilon}[]{Ε} \newcommand{\Iota}[]{Ι} \newcommand{\Kappa}[]{Κ} \newcommand{\Rho}[]{Ρ} \newcommand{\Tau}[]{Τ} \newcommand{\Zeta}[]{Ζ} \newcommand{\Mu}[]{\unicode{x039C}} \newcommand{\Chi}[]{Χ} \newcommand{\Eta}[]{\unicode{x0397}} \newcommand{\Nu}[]{\unicode{x039D}} \newcommand{\Omicron}[]{\unicode{x039F}} \DeclareMathOperator{\sgn}{sgn} \def\oiint{\mathop{\vcenter{\mathchoice{\huge\unicode{x222F}\,}{\unicode{x222F}}{\unicode{x222F}}{\unicode{x222F}}}\,}\nolimits} \def\oiiint{\mathop{\vcenter{\mathchoice{\huge\unicode{x2230}\,}{\unicode{x2230}}{\unicode{x2230}}{\unicode{x2230}}}\,}\nolimits} \)

Caddy is a webserver with automatic HTTPS and modern defaults (e.g. http2, websocket support). This article is about Caddy v2. Note that caddy does not support .htaccess which is only supported in Apache.

Caddyfile

Reverse Proxy

Just use the reverse_proxy directive.
By default, this will automatically preserve headers.
Things like websockets will work automatically. 

gitlab.example.com {
  encode zstd gzip
  reverse_proxy localhost:8001
}


To HTTPS

If you are reverse proxying to another HTTPS, you may need to specify the SNI as follows: 

dev2.davidl.me {
  reverse_proxy https://192.168.1.41 {
    transport http {
      tls_server_name dev2.davidl.me
    }
  }
}
  • Try this if you get 502 errors.

Only Local

  @localnet remote_ip 127.0.0.1 192.168.0.0/16
  @notlocalnet not remote_ip 127.0.0.1 192.168.0.0/16

PHP

  1. Install php-fpm
  2. Modify /etc/php/7.4/fpm/pool.d/www.conf to listen on a socket or port (e.g. 9000)
example.com {
  root * /var/www/wordpress
  encode zstd gzip
  php_fastcgi unix//run/php/php-version-fpm.sock
  file_server
}

Notes

  • If you prefer to use a UNIX socket, you can use php_fastcgi unix//var/run/php/php7.4-fpm.sock

HTTP3

Experimental HTTP3 support can be enabled by adding the following to your Caddyfile.
Note that HTTP3/QUIC uses UDP which needs to be allowed in your firewall and port forwarded through any NATs.

{ 
  servers {
    protocol {
      experimental_http3
    }
  }
}
Retrieved from "https://wiki.davidl.me/index.php?title=Caddy_(web_server)&oldid=6195"