Caddy 2 Web Server Configuration

I run a multitude of services from my network. Having the ability to configure a simple and secure web server is an absolute necessity. Until recently, I have always continually bounced between Lighttpd and Nginx. Nginx seemed more secure, but the configurations could be similar to setting up an apache server. Lighttpd had some issues using weird header information and the documentation was lacking. I had a lot of issues with Cockpit and Lighttpd, and the community seemed to be lacking when it came to user support.

I recently stumbled upon Caddy as a possibility (which worked out well). I was a bit skeptical about this one as it seemed to be one of the ‘new kids on the block’ in terms of web servers.

After installing, I realized that the documentation was fairly straight forward and the community was very willing to help out. One of the first things I needed to do was get the service file so that I could enable and launch Caddy at boot. Like any other service file, this one was pretty clean and easy:

/etc/systemd/system/caddy.service

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
User=http
Group=http
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512\
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

Caddy provided the service script on their GitHub.

Then it was off to the configuration file. After seeing the simplicity of the setup, I knew this was going to be perfect. As you can see from the service file, the configuration is stored in /etc/caddy/ in a file called Caddyfile.

WordPress Configuration:

Configuring a WordPress blog is really easy. Declare the root folder, make sure that you add the right location for PHP FastCGI (also, this might be work mentioning, but the link does include // instead of : after unix, this tripped me up the first time). Make sure to use the proper location for php-fpm.sock; in Arch Linux, this is the proper location. The last two options are required for proper handling. I noticed what when I didn’t add encode gzip, the login page for WordPress was missing a theme and the add post/page was blank.

thebytes.net {
    root * /var/http/site
    php_fastcgi unix//var/run/php-fpm/php-fpm.sock

    encode gzip
    file_server {
index index.php
hide .htaccess
}
}

Standard/Static HTML Website Configuration:

Like WordPress, configuring a standard HTML website with Caddy is a very simple process. The only difference is that you don’t need a FastCGI configuration.

thebytes.net {
    root * /var/http/site

    encode gzip
    file_server {
index index.html
}
}

Reverse Proxy:

This was another very easy module to setup. Simply add the subdomain name, and declare the reverse proxy location. I am not sure if there is a difference between using localhost or the loopback address (127.0.0.1). From my experience with firewall configuration, localhost seemed to be the better option.

place.thebytes.net {
reverse_proxy localhost:8123
}

One of the best features of Caddy is the automated SSL features and the security of the entire server. I had no issues with setting up a reverse proxy Cockpit and Home Assistant, out of the box, they just worked.

The best part is, just run all of these together and make one configuration file to host multiple sites/services. Ultimately, I think Caddy is now the best solution for simple web servers. Especially when it comes to at-home solutions.