Caddy Server Guide

Getting things ready

• sudo su
• mkdir -p /etc/ssl/caddy && mkdir -p /etc/caddy
• chown -R www-data:www-data /etc/ssl/caddy && chown -R www-data:www-data /etc/caddy
• nano /etc/systemd/system/caddy.service
• insert this:

[Unit]
Description=Caddy HTTP/2 web server
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service

[Service]
Restart=on-abnormal
User=www-data
Group=www-data
Environment="CADDYPATH=/etc/ssl/caddy"
ExecStart=/usr/local/bin/caddy -quic -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp

ExecReload=/bin/kill -USR1 $MAINPID
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=1024
PrivateTmp=true
PrivateDevices=false
ProtectHome=true
ProtectSystem=full
ReadWriteDirectories=/etc/ssl/caddy

[Install]
WantedBy=multi-user.target

Installing caddy

• curl https://getcaddy.com | bash -s personal
• setcap cap_net_bind_service=+ep $(which caddy)

Configuring

• nano /etc/caddy/Caddyfile
• insert this:

(global-conf) {
  header / Strict-Transport-Security "max-age=31536000"
  tls {
    protocols tls1.2 tls1.3
    key_type p384
    curves X25519 p521 p384 p256
  }
}

www.example.com {
  import global-conf
  redir https://example.com{uri}
}
example.com {
  import global-conf
  root /var/www/html
}
 

• edit the domain example.com to your own domain and add add your html content to /var/www/html or change the path in the root directive to your content (make sure to chown the html directory).

Running the server

• systemctl enable caddy
• systemctl start caddy
• systemctl status caddy