Web Server - Caddy
Caddy, sometimes clarified as the Caddy web server, is an open source, HTTP/2-enabled web server written in Go. It uses the Go standard library for its HTTP functionality.
One of Caddy’s most notable features is enabling HTTPS by default.
Other web servers were designed for the Web, but Caddy was designed for humans.
Download and Install
Download Caddy from the Caddy Download Page and put it in your PATH
. You can get Caddy for nearly any OS and architecture. Caddy’s download page is unique from other web servers: it lets you customize your build with plugins.
In linux, you install it from one command.
1 | :~$ curl https://getcaddy.com | bash -s personal http.cache,http.cgi,http.filter,http.geoip,http.ipfilter,http.locale,http.login,http.minify,http.ratelimit,http.realip,http.webdav |
Run
- By default, Caddy will use the current directory (the directory it is being executed from, not the folder where the binary lives) as the root of the site. This makes it easy to work on sites locally!
1
2
3:~$ cd /var/www
:/var/www$ caddy &
:/var/www$ firefox 127.0.0.1 - run with systemd.service
1
:~$ sudo systemctl start caddy
Caddy.service
Github-Download-Caddy.service
1 | :~$ sudo cat > /lib/systemd/system/caddy.service << EOF |
Example of Configure
1 | http://www.example.com { |
Caddy Docs
Caddy-Docs
http.log
Caddy-Docs-log
log enables request logging. The request log is also known from some vernaculars as an access log.
Syntax
With no arguments, an access log is written to access.log in the common log format for all requests:
1 | www.example.com { |
path is the base request path to match in order to be logged.file is the log file to create (or append to), relative to current working directory.format is the log format to use; default is Common Log Format.rotate_size is the size in megabytes a log file must reach before rolling it.rotate_age is how long in days to keep rotated log files.rotate_keep is the maximum number of rotated log files to keep; older rotated log files get pruned.rotate_compress is the option to compress rotated log files. gzip is the only format supported.ipmask enables masking IP addresses to comply with corporate or legal restrictions. The first argument is a mask for IPv4 addresses, and the second argument is a mask for IPv6 addresses. The IPv6 mask is optional; and if only IPv6 is to be masked, the IPv4 mask can be an empty string token.except exempts requests by path from being logged. More than one path can be specified per line (space-separated), if desired, or this subdirective can be used multiple times.
Log Format
You can specify a custom log format with any placeholder values.
Log supports both request and response placeholders.
Currently there are two predefined formats.
- {common} (default)
1
{remote} - {user} [{when}] \"{method} {uri} {proto}\" {status} {size}
- {combined}
1
{remote} - {user} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\"
Custmos log format
1 | :~$ cat > /etc/caddy/Caddyfile <<EOF |
http.gzip
Caddy-Docs-gzip
gzip enables gzip compression if the client supports it. By default, responses are not gzipped.
Note that, even without the gzip directive, Caddy will serve .gz (gzip) or .br (brotli) compressed files if they already exist on disk and the client supports that encoding.
Syntax
1 | www.example.com { |
extensions… is a space-separated list of file extensions to compress. Supports wildcard*
to match all extensions.paths is a space-separated list of paths in which not to compress.compression_level is a number from1
(best speed) to9
(best compression). Default is6
.min_bytes is the minimum number of bytes in a response needed before compression will happen. Default is no minimum length.
Example
1 | web.example.com { |
http.root
Caddy-Docs-root
root simply specifies the root of the site. This is very useful, in fact required, if the root (/) directory of the website is not the same as where Caddy is being executed from.
http.webdav
Caddy-Docs-Http.webdav
Syntax
1 | www.example.com { |
All the options are optional.
url is the place where you can access the WebDAV interface. Defaults to/
.scope is an absolute or relative (to the current working directory of Caddy) path that indicates the scope of the WebDAV. Defaults to.
.modify indicates if the user has permission to edit/modify the files. Defaults totrue
.allow and block are used to allow or deny access to specific files or directories using their relative path to the scope. You can use the magic worddotfiles
to allow or deny the access to every file starting by a dot.allow_r andblock_r and variations of the previous options but you are able to use regular expressions with them.
Example
1 | :~$ cat > /etc/caddy/Caddyfile << EOF |
http.basicauth
Basic Authentication can be used to protect directories and files with a username and password.
Note that
basic auth is not secure over plain HTTP. Use discretion when deciding what to protect with HTTP Basic Authentication.
When a user requests a resource that is protected, the browser will prompt the user for a username and password if they have not already supplied one.
If the proper credentials are present in the Authorization header, the server will grant access to the resource and set the {user} placeholder to the value of the username.
If the header is missing or the credentials are incorrect, the server will respond with HTTP 401 Unauthorized.
Syntax
1 | www.example.com { |
path is the file or directory to protectusername is the usernamepassword is the passwordrealm identifies the protection partition; it is optional and cannot be repeated. Realms are used to specify the space in which the protection applies. This can be convenient for user agents that are configured to remember authentication details (which is most browsers).resources is a list of files/directories to protect, one per line.
Example
Add a Password for WebDAV with basicauth
1 | www.example.com { |
http.redir
redir sends the client an HTTP redirect status code if the URL matches the specified pattern. It is also possible to make a redirect conditional.
Syntax
1 | redir from to [code] |
Example
Redirect http to https
1 | http://www.example.com { |
http.proxy
1 | localhost:8080 { |
request to http://example.com/api/abcd
hits http://localhost:8080/abcd
Preference:
- Caddy-website
- Caddy-download
- Caddy-docs