Hosting Website with Caddy on Ubuntu

Published by Daniel Draga on

Introduction

 

Caddy is the new trend. Caddy is the new web server. Itโ€™s uncomplicated and itโ€™s great to be used for ย environment production.

It contains an helpful automatic TLS encryption. ย It also features an instinctive configuration file, HTTP/2 support. The HTTP/2 of Caddy is the new version of HTTP protocol; which helps to make ย website faster by just using single connection for transferring multiple files and header compression among other features . TLS is widely adopted on internet because it provide an great service to serve websites encrypted over a secure connection. It is inconvenience to get and install certificates manually.

Caddy can be called as the great blender with Letโ€™s Encrypt, it provides a certificate authority which then provides free TLS/SSL certificate and when in need it automatically obtain and renews the certificate. It can also be said as, that whichever ย ย website that is under Caddy it would be automatically served over a secure connection with no additional configuration or action necessary.

For this tutorial, firstly we need to install and configure Caddy. After following all the steps, you will end up with a simple working served using HTTP/2 and a secure TLS connection.

 

Prerequisites

To follow this tutorial you will need the followings

  • One Ubuntu 16.04 server set up withย this initial server setup tutorial, including a sudo non-root user and a firewall.
  • A domain name configured to point to your server. This is necessary for Caddy to obtain an SSL certificate for the website; without using a proper domain name, the website will not be served securely with TLS encryption.ย 

Step 1 โ€” Installing the Caddy Binaries

The Caddy project provides an installation script that will retrieve and install the Caddy server’s binary files. To execute it, type:

 

  • curl -s https://getcaddy.com | bash

 

You can view the script by visitingย https://getcaddy.comย in your browser or downloading the file withย wgetย orย curlย before you execute it.

During the installation, the script will useย sudoย to gain administrative privileges in order to put Caddy files in system-wide directories, so it might prompt you for a password.

The command output will look like this:


Downloading Caddy for linux/amd64…

https://caddyserver.com/download/build?os=linux&arch=amd64&arm=&features=

Extracting…

Putting caddy in /usr/local/bin (may require password)

[sudo] password for sammy:

Caddy 0.9.5

Successfully installed

After the script finishes, the Caddy binaries are installed on the server and ready to use. You can verify that Caddy binaries have been put in place by usingย whichย to check their location.

  • which caddy

The command output will say that the Caddy binary can be found inย /usr/local/bin/caddy.

Caddy does not create any system-wide configuration during installation and does not install itself as a service, which means it won’t start up automatically during boot. In the next two steps, we’ll create the files Caddy needs to function and install its service file.

Step 2 โ€” Setting Up Necessary Directories

Caddy’s automatic TLS support and unit file (which we’ll install in the next step) expect particular directories and files to exist with specific permissions. We’ll create them all in this step.

First, create a directory that will house the mainย Caddyfile, which is a configuration file that tells Caddy what websites should it serve and how.

  • sudo mkdir /etc/caddy

Change the owner of this directory to theย rootย user and its group toย www-dataย so Caddy can read it.

  • sudo chown -R root:www-data /etc/caddy

In this directory, create an emptyย Caddyfileย which we’ll edit later.

  • sudo touch /etc/caddy/Caddyfile

Create another directory inย /etc/ssl. Caddy needs this to store the SSL private keys and certificates that it automatically obtains from Let’s Encrypt.

  • sudo mkdir /etc/ssl/caddy

Caddy needs to be able to write to this directory when it obtains the certificate, so make the owner theย www-dataย user . You can leave the group asย root, unchanged from the default:

  • sudo chown -R www-data:root /etc/ssl/caddy

Then make sure no one else can read those files by removing all the access rights for others.

  • sudo chmod 0770 /etc/ssl/caddy

The final directory we need to create is the one where the website itself will be published. We will useย /var/www, which is customary and also the default path when using other web servers, like Apache or Nginx.

  • sudo mkdir /var/www

This directory should be completely owned byย www-data.

  • sudo chown www-data:www-data /var/www

You have now prepared the necessary environment for Caddy to run. In the next step, we will configure Caddy as a system service to ensure it starts with system boot and can be managed withย systemctl.

Step 3 โ€” Installing Caddy as a System Service

While Caddy does not install itself as a service, the project provides an officialย systemdย unit file. This file does assume the directory structure we set up in the previous step, so make sure your configuration matches.

Download the file from the official Caddy repository. The additionalย -oย parameter to theย curlย command will save the file in theย /etc/systemd/system/ย directory and make it visible toย systemd.

  • sudo curl -s https://raw.githubusercontent.com/mholt/caddy/master/dist/init/linux-systemd/caddy.service -o /etc/systemd/system/caddy.service

Makeย systemdย aware of the new service file.

  • sudo systemctl daemon-reload

Then, enable Caddy to run on boot.

  • sudo systemctl enable caddy.service

You can verify that the service has been properly loaded and enabled to start on boot by checking its status.

  • sudo systemctl status caddy.service

The output should look as follows:

Caddy service status output

  • caddy.service – Caddy HTTP/2 web server

ย ย Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)

ย ย Active: inactive (dead)

ย ย ย ย Docs: https://caddyserver.com/docs

Specifically, it says that the service isย loadedย andย enabled, but it is not yet running. We will not start the server just yet because the configuration is still incomplete.

You have now configured Caddy as a system service which will start automatically on boot without the need to run it manually. Next, we’ll allow web traffic through the firewall.

Step 4 โ€” Allowing HTTP and HTTPS Connections

Because Caddy wasn’t installed using APT (Ubuntu’s package manager), UFW has no way to know how to manage rules for it. We’ll add those rules manually here.

Caddy serves websites using HTTP and HTTPS protocols, so we need to allow access to the appropriate ports in order to make Caddy available from the internet.

  • sudo ufw allow http
  • sudo ufw allow https

Both commands, when run, will output the following success messages:

UFW output

Rule added

Rule added (v6)

This will allow Caddy to serve websites to the visitors freely. In the next step, we will create a sample web page and update theย Caddyfileย to serve it in order to test the Caddy installation.

Step 5 โ€” Creating a Test Web Page and a Caddyfile

Let’s start by creating a very simple HTML page which will display a plainย Hello World!ย message. This command will create anย index.htmlย file in the website directory we created earlier with just the one line of text,ย <h1>Hello World!</h1>, inside.

  • echo ‘<h1>Hello World!</h1>’ | sudo tee /var/www/index.html

Next, we’ll fill out theย Caddyfile. Theย Caddyfile, in its simplest form, consists of one or moreย server blocksย which each define the configuration for a single website. A server block starts with an address definition and is followed by curly braces. Inside the curly braces, you can include configuration directives to apply to that website.

Anย address definitionย is specified in the formย protocol://host:port. Caddy will assume some defaults by itself if you leave some fields blank. For example, if you specify the protocol but not the port, the latter will be automatically derived (i.e. portย 80ย is assumed for HTTP, and portย 443ย is assumed for HTTPS). The rules governing the address format are described in-depth inย the official Caddyfile documentation.

Open theย Caddyfileย you created in Step 2 usingย nanoย or your favorite text editor.

  • sudo nano /etc/caddy/Caddyfile

Paste in the following contents:

/etc/caddy/Caddyfile

http:// {

ย ย ย root /var/www

ย ย ย gzip

}

Then save the file and exit. Let’s explain what this specificย Caddyfileย does.

Here, we’re usingย http://ย for the address definition. This tells Caddy it should bind to portย 80ย and serve all requests using plain HTTP protocol (without TLS encryption), regardless of the domain name used to connect to the server. This will allow you to access the websites Caddy is hosting using your server’s IP address.

Inside the curly braces of our server block, there are two directives:

  • Theย rootย directive tells Caddy where the website files are located. In our example, it’sย /var/www, where we created the test page.
  • Theย gzipย directive tells Caddy to use Gzip compression to make the website faster. It does not need additional configuration.

Once the configuration file is ready, start the Caddy service.

  • sudo systemctl start caddy

We can now test if the website works. For this you use your server’s public IP address. If you do not know your server’s IP address, you can get it withย curl -4 icanhazip.com. Once you have it, visitย http://your_server_ipย in your favorite browser to see theย Hello World!ย website.

This means your Caddy installation is working correctly. In the next step, you will enable a secure connection to your website with Caddy’s automatic TLS support.

Step 6 โ€” Configuring Automatic TLS

One of the main features that distinguishes Caddy from other web servers is its ability to automatically request and renew TLS certificates from Let’s Encrypt, a free certificate authority (CA). In addition, setting Caddy up to automatically serve websites over secure connection only requires a one line change in theย Caddyfile.

Caddy takes care of enabling secure HTTPS connection for all configured server blocks and obtaining necessary certificates automatically, assuming some requirements are met by the server blocks configuration.

In order for TLS to work, the following requirements must be met:

  • Caddy must be able to bind itself to portย 443ย for HTTPS, and the same port must be accessible from the internet.
  • The protocol must not be set to HTTP, the port must not be not set toย 80, and TLS must not be explicitly turned off or overridden with other settings (e.g. with theย tlsย directive in the server block).
  • The hostname must be valid domain name; it must not not empty or set toย localhostย or an IP address. This is necessary because Let’s Encrypt can only issue certificates to valid domain names.
  • Caddy must know the email address that can be used for key recovery with Let’s Encrypt.

If you’ve been following this tutorial, the first requirement is already met. However, the current server block address is configured simply asย http://, defining a plain HTTP scheme with no encryption as well as no domain name. We have also not provided Caddy with an e-mail address which Let’s Encrypt requires when requesting for a certificate. If the address is not supplied in the configuration, Caddy asks for it during startup. However, because Caddy is installed as a system service, it cannot ask questions during startup and in the result it will not start properly at all.

To fix this, open theย Caddyfileย for editing again.

  • sudo nano /etc/caddy/Caddyfile

First, replace the address definition ofย http://ย with your domain. This removes the insecure connection forced by HTTP and provides a domain name for the TLS certificate. Second, provide Caddy with an email address using theย tlsย directive inside the server block.

The modifiedย Caddyfileย should look as follows, with your domain and email address substituted in:

/etc/caddy/Caddyfile

example.com {

ย ย ย root /var/www

ย ย ย gzip

ย ย ย tls sammy@example.com

}

Save the file and exit the editor. To apply the changes, restart Caddy.

  • sudo systemctl restart caddy

Now you can direct to ย your browser toย https://example.comย to verify if the changes were applied correctly. If so, you should once again see theย Hello World!ย page. This time you can check that the website is served with HTTPS by looking at the URL or for a lock symbol in the URL bar.

CONCLUSION

Now you can configure your Caddy for properly serving your website over a secure TLS connection. Letโ€™s Encrypt will automatically obtain and renew certificates.With the use of the new HTTP/2 protocol serve your website over a secure connection, with the use of gzip compression you can reduce your time loading.

This following tutorial was an simple and easy example for the beginners to get started with Caddy. To know more about Caddy unique features you get read it on the official Caddy documentation.

Categories: Announcements

0 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

personal branding website
Announcements

Why Every Professional Needs a Personal Branding Website

Your professional reputation matters, and how you present yourself online plays a significant role in shaping it. A personal branding website isnโ€™t just a nice-to-have; itโ€™s an essential tool for showcasing your expertise, sharing your Read more…

Announcements

๐ŸŽƒ Virtono’s Spooktacular Halloween Hosting Deals Are Here! ๐Ÿ•ธ๏ธ

Hello Digital Witches and Wizards! This Halloween, Virtono.com is brewing up some devilishly delightful deals that are so good, it’s scary! Our virtual cauldron is bubbling over with offers that’ll have you cackling with joy. Read more…

Virtono worldwide datacenters
Announcements

Cloud Services are provisioned in 29 different locations globally.

We’re excited to announce that Virtono.com has recently made some significant investments and upgrades to our hardware, which allows us to offer even better services to our clients. We’ve installed infrastructure in new data centers Read more…