IT Get in touch

Caddy 2.0: web server with automatic HTTPS

Caddy 2.0 (May 2020) by Matt Holt: web server written in Go with automatic HTTPS via Let's Encrypt, JSON/Caddyfile configuration, reverse proxy, HTTP/3. Modern alternative to Nginx and Apache.

Open SourceWeb
Open SourceWeb CaddyGoMatt HoltWeb ServerHTTPSOpen Source
Linux Services & Systems

Linux Services & Systems

Domains, hosting, PEC, email infrastructure, network services and Linux systems. Assistance and management of Open Source infrastructure.

Discover →

Automatic HTTPS as default

TLS configuration is historically painful: obtain certificate, configure SSL directives, renew, restart server. Nginx/Apache require external automation (certbot). Caddy does something different: HTTPS automatic by default, transparent, with renewal.

The release

Caddy 1.0 is published in 2015 by Matt Holt. Caddy 2.0 is a full rewrite released on 4 May 2020. Written in Go, Apache 2.0 licence. Single binary ~25 MB, zero dependencies.

example.com {
    reverse_proxy localhost:3000
}

api.example.com {
    reverse_proxy localhost:8080
    encode gzip
}

These 5 lines do: obtain Let’s Encrypt certificate for example.com and api.example.com, configure HTTPS with HTTP/2 and HTTP/3, reverse proxy, gzip. Automatic renewal.

Features

  • Automatic HTTPS — integrated ACME client (Let’s Encrypt, ZeroSSL)
  • HTTP/3 (QUIC) natively supported
  • Fluent reverse proxy
  • Load balancing — round-robin, random, least-conn, IP hash
  • Dynamic config — JSON API for reconfiguration without reload
  • On-demand TLS — certificate at first hit for multi-tenant SaaS
  • Modules — plugin system (auth, metrics, logging, hooks)
  • Structured logging (JSON, slog)
  • Prometheus metrics
  • FastCGI (PHP-FPM, Python uWSGI)

Configuration formats

  • Caddyfile — human-friendly DSL (see above)
  • JSON — native API, more expressive
  • Adapters — can import from nginx config, Consul, etc.

Versions

  • 2.0 (May 2020) — rewrite
  • 2.4 (March 2021) — HTTP/3 stable
  • 2.5 (April 2022) — SNI improvements
  • 2.6 (September 2022) — Go 1.18
  • 2.7 (June 2023) — improved logging
  • 2.8 (2024) — built-in Caddy metrics Prometheus

Competitors

  • Nginx — industrial standard, faster under extreme load, verbose configuration, manual HTTPS
  • Apache HTTPD — veteran, complex mod_ssl
  • Traefik — similar auto-HTTPS philosophy, container/k8s oriented
  • HAProxy — pure load balancer, TCP/HTTP
  • OpenResty — nginx + Lua

Use cases

  • Edge proxy for containerised apps
  • Personal servers / homelab
  • Dev environments with real HTTPS
  • Multi-tenant SaaS with on-demand TLS
  • Nginx replacement for teams valuing DX

In the Italian context

Caddy is used in:

  • Italian web agencies for simple SSL hosting
  • Homelab and self-hosting enthusiasts
  • Startups wanting to avoid nginx configurations
  • Edge gateway in front of Node/Python/Go apps
  • Multi-tenant hosting (Italian B2B SaaS)

Often chosen as reverse proxy in front of Node.js or Python apps instead of Nginx.

References: Caddy 2.0 (4 May 2020). Matt Holt. Apache 2.0 licence. Written in Go. Automatic HTTPS via ACME (Let’s Encrypt, ZeroSSL). Native HTTP/3. Caddyfile DSL, JSON API.

Need support? Under attack? Service Status
Need support? Under attack? Service Status