Introduction<\/b><\/p>\n
<\/p>\n
Caddy is the new trend. Caddy is the new web server. It\u2019s uncomplicated and it\u2019s great to be used for \u00a0environment production.<\/span><\/p>\n It contains an helpful automatic TLS encryption. \u00a0It also features an instinctive configuration file, HTTP\/2 support. The HTTP\/2 of Caddy is the new version of HTTP protocol; which helps to make \u00a0website faster by just using single connection for transferring multiple files and header compression among other features . TLS is widely adopted on internet because it provide an great service to serve websites encrypted over a secure connection. It is inconvenience to get and install certificates manually.<\/span><\/p>\n Caddy can be called as the great blender with Let\u2019s Encrypt, it provides a certificate authority which then provides free TLS\/SSL certificate and when in need it automatically obtain and renews the certificate. It can also be said as, that whichever \u00a0\u00a0website that is under Caddy it would be automatically served over a secure connection with no additional configuration or action necessary.<\/span><\/p>\n For this tutorial, firstly we need to install and configure Caddy. After following all the steps, you will end up with a simple working served using HTTP\/2 and a secure TLS connection.<\/span><\/p>\n <\/p>\n Prerequisites<\/span><\/p>\n To follow this tutorial you will need the followings<\/span><\/p>\n Step 1 \u2014 Installing the Caddy Binaries<\/span><\/p>\n The Caddy project provides an installation script that will retrieve and install the Caddy server’s binary files. To execute it, type:<\/span><\/p>\n <\/p>\n <\/p>\n You can view the script by visiting\u00a0https:\/\/getcaddy.com\u00a0in your browser or downloading the file with\u00a0wget\u00a0or\u00a0curl\u00a0before you execute it.<\/span><\/p>\n During the installation, the script will use\u00a0sudo\u00a0to gain administrative privileges in order to put Caddy files in system-wide directories, so it might prompt you for a password.<\/span><\/p>\n The command output will look like this:<\/span><\/p>\n https:\/\/caddyserver.com\/download\/build?os=linux&arch=amd64&arm=&features=<\/span><\/p>\n Extracting…<\/span><\/p>\n Putting caddy in \/usr\/local\/bin (may require password)<\/span><\/p>\n [sudo] password for sammy:<\/span><\/p>\n Caddy 0.9.5<\/span><\/p>\n Successfully installed<\/span><\/p>\n After the script finishes, the Caddy binaries are installed on the server and ready to use. You can verify that Caddy binaries have been put in place by using\u00a0which\u00a0to check their location.<\/span><\/p>\n The command output will say that the Caddy binary can be found in\u00a0\/usr\/local\/bin\/caddy.<\/span><\/p>\n Caddy does not create any system-wide configuration during installation and does not install itself as a service, which means it won’t start up automatically during boot. In the next two steps, we’ll create the files Caddy needs to function and install its service file.<\/span><\/p>\n Step 2 \u2014 Setting Up Necessary Directories<\/span><\/p>\n Caddy’s automatic TLS support and unit file (which we’ll install in the next step) expect particular directories and files to exist with specific permissions. We’ll create them all in this step.<\/span><\/p>\n First, create a directory that will house the main\u00a0Caddyfile, which is a configuration file that tells Caddy what websites should it serve and how.<\/span><\/p>\n Change the owner of this directory to the\u00a0<\/span>root<\/b>\u00a0user and its group to\u00a0<\/span>www-data<\/b>\u00a0so Caddy can read it.<\/span><\/p>\n In this directory, create an empty\u00a0Caddyfile\u00a0which we’ll edit later.<\/span><\/p>\n Create another directory in\u00a0\/etc\/ssl. Caddy needs this to store the SSL private keys and certificates that it automatically obtains from Let’s Encrypt.<\/span><\/p>\n Caddy needs to be able to write to this directory when it obtains the certificate, so make the owner the\u00a0<\/span>www-data<\/b>\u00a0user . You can leave the group as\u00a0<\/span>root<\/b>, unchanged from the default:<\/span><\/p>\n Then make sure no one else can read those files by removing all the access rights for others.<\/span><\/p>\n The final directory we need to create is the one where the website itself will be published. We will use\u00a0\/var\/www, which is customary and also the default path when using other web servers, like Apache or Nginx.<\/span><\/p>\n This directory should be completely owned by\u00a0<\/span>www-data<\/b>.<\/span><\/p>\n You have now prepared the necessary environment for Caddy to run. In the next step, we will configure Caddy as a system service to ensure it starts with system boot and can be managed with\u00a0systemctl.<\/span><\/p>\n Step 3 \u2014 Installing Caddy as a System Service<\/span><\/p>\n While Caddy does not install itself as a service, the project provides an official\u00a0<\/span>systemd\u00a0unit file<\/span>. This file does assume the directory structure we set up in the previous step, so make sure your configuration matches.<\/span><\/p>\n Download the file from the official Caddy repository. The additional\u00a0-o\u00a0parameter to the\u00a0curl\u00a0command will save the file in the\u00a0\/etc\/systemd\/system\/\u00a0directory and make it visible to\u00a0systemd.<\/span><\/p>\n Make\u00a0systemd\u00a0aware of the new service file.<\/span><\/p>\n Then, enable Caddy to run on boot.<\/span><\/p>\n You can verify that the service has been properly loaded and enabled to start on boot by checking its status.<\/span><\/p>\n The output should look as follows:<\/span><\/p>\n Caddy service status output<\/span><\/p>\n \u00a0\u00a0Loaded: loaded (\/etc\/systemd\/system\/caddy.service; enabled; vendor preset: enabled)<\/span><\/p>\n \u00a0\u00a0Active: inactive (dead)<\/span><\/p>\n \u00a0\u00a0\u00a0\u00a0Docs: https:\/\/caddyserver.com\/docs<\/span><\/p>\n Specifically, it says that the service is\u00a0<\/span>loaded<\/b>\u00a0and\u00a0<\/span>enabled<\/b>, but it is not yet running. We will not start the server just yet because the configuration is still incomplete.<\/span><\/p>\n You have now configured Caddy as a system service which will start automatically on boot without the need to run it manually. Next, we’ll allow web traffic through the firewall.<\/span><\/p>\n Step 4 \u2014 Allowing HTTP and HTTPS Connections<\/span><\/p>\n Because Caddy wasn’t installed using APT (Ubuntu’s package manager), UFW has no way to know how to manage rules for it. We’ll add those rules manually here.<\/span><\/p>\n Caddy serves websites using HTTP and HTTPS protocols, so we need to allow access to the appropriate ports in order to make Caddy available from the internet.<\/span><\/p>\n Both commands, when run, will output the following success messages:<\/span><\/p>\n UFW output<\/span><\/p>\n Rule added<\/span><\/p>\n Rule added (v6)<\/span><\/p>\n This will allow Caddy to serve websites to the visitors freely. In the next step, we will create a sample web page and update the\u00a0Caddyfile\u00a0to serve it in order to test the Caddy installation.<\/span><\/p>\n Step 5 \u2014 Creating a Test Web Page and a Caddyfile<\/span><\/p>\n Let’s start by creating a very simple HTML page which will display a plain\u00a0<\/span>Hello World!<\/b>\u00a0message. This command will create an\u00a0index.html\u00a0file in the website directory we created earlier with just the one line of text,\u00a0<h1>Hello World!<\/h1>, inside.<\/span><\/p>\n Next, we’ll fill out the\u00a0Caddyfile. The\u00a0Caddyfile, in its simplest form, consists of one or more\u00a0<\/span>server blocks<\/span><\/i>\u00a0which each define the configuration for a single website. A server block starts with an address definition and is followed by curly braces. Inside the curly braces, you can include configuration directives to apply to that website.<\/span><\/p>\n An\u00a0<\/span>address definition<\/span><\/i>\u00a0is specified in the form\u00a0protocol:\/\/host:port. Caddy will assume some defaults by itself if you leave some fields blank. For example, if you specify the protocol but not the port, the latter will be automatically derived (i.e. port\u00a080\u00a0is assumed for HTTP, and port\u00a0443\u00a0is assumed for HTTPS). The rules governing the address format are described in-depth in\u00a0<\/span>the official Caddyfile documentation<\/span><\/a>.<\/span><\/p>\n Open the\u00a0Caddyfile\u00a0you created in Step 2 using\u00a0nano\u00a0or your favorite text editor.<\/span><\/p>\n Paste in the following contents:<\/span><\/p>\n \/etc\/caddy\/Caddyfile<\/span><\/p>\n http:\/\/ {<\/span><\/p>\n \u00a0\u00a0\u00a0root \/var\/www<\/span><\/p>\n \u00a0\u00a0\u00a0gzip<\/span><\/p>\n }<\/span><\/p>\n Then save the file and exit. Let’s explain what this specific\u00a0Caddyfile\u00a0does.<\/span><\/p>\n Here, we’re using\u00a0http:\/\/\u00a0for the address definition. This tells Caddy it should bind to port\u00a080\u00a0and serve all requests using plain HTTP protocol (without TLS encryption), regardless of the domain name used to connect to the server. This will allow you to access the websites Caddy is hosting using your server’s IP address.<\/span><\/p>\n Inside the curly braces of our server block, there are two directives:<\/span><\/p>\n Once the configuration file is ready, start the Caddy service.<\/span><\/p>\n We can now test if the website works. For this you use your server’s public IP address. If you do not know your server’s IP address, you can get it with\u00a0curl -4 icanhazip.com. Once you have it, visit\u00a0http:\/\/your_server_ip\u00a0in your favorite browser to see the\u00a0<\/span>\n
\n
\n<\/span>Downloading Caddy for linux\/amd64…<\/span><\/p>\n\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n