over 2 years
Caddy is a production-ready open-source web server that is fast, easy to use, and makes you more productive.
Available for Windows, Mac, Linux, BSD, Solaris, and Android.
Caddy should definitely be considered now as it has matured very well since this was first suggested.
Its crypto library is written in a memory-safe language (Go) instead of using OpenSSL where OpenSSL has many unsafe APIs and countless CVEs. And the web server itself.
Caddy supports secure TLS ciphers by default and using TLS 1.3 uses all secure ciphers by default.
Reverse proxying is extremely easy and deals with required headers and such all for you unlike Nginx.
Caddy supports HTTP3/QUIC and HTTP2 Cleartext.
Its config file, Caddyfile, is very simplistic and easy to learn and manage with decent documentation.
Domains can request certificates from LetsEncrypt and LetsEncrypt staging (such as wildcard domains), but also ZeroSSL if LetsEncrypt fails. You can also specify a greater certificate cipher (such as RSA4096) as by default it requests RSA2048.
Caddy has easy and perfect integration with Cloudflare and you can use a Full Strict SSL mode with zero configuration necessary. Just a LetsEncrypt/ZeroSSL certificate on the web server.
And using compression algorithms like GZIP and ZSTD are very easy to configure.
Caddy features modules which you can compile with Caddy very easily using their tool.
Only downside I've been able to find during my usage was their Brotli module is surprisingly very bad and was taken out entirely, discouraging its usage until it's been made better.
Definitely down for caddy! Initially started tinkering with IOT Stack to run a Raspbian Nextcloud NAS (and some other IOT stuff). I used Caddy to set up a simple secure reverse proxy with cloudflare. Then I discovered DietPi and had to make the switch for all the other IOT goodness. An optimised setup for Caddy would be amazing!
Join the discussion!