How To Install The Caddy Web Server On Linux
These days, HTTPS is key when hosting a website. Without it, your users could be leaking very personal data from your website into the world. To solve this, many Linux webmasters have taken to using the LetsEncrypt tools, as they make it very easy to generate a certificate. Still, for as easy as LetsEncrpyt is, enabling it on Nginx or Apache on Linux can still be a bit of a chore. Luckily, there’s a better way. Introducing the Caddy web server. It’s web server that has HTTPS enabled by default. If you’re sick of hassling with SSL certificates, Caddy may be just what you need.
Installing Caddy
Installing the Caddy web server works pretty much the same no matter what server operating system you are using. The reason Caddy is so easy to install is that of the developer’s choice to use a downloadable Bash script for installing the software, rather than adding third-party software repositories or installing via binaries.
In this tutorial, we’ll be using Ubuntu Server, though running the Caddy web Server will work just fine on most other Linux OS’s too, even desktop ones. To start off, make sure you have the Curl app on your Linux PC. If you don’t, open up a terminal search your package manager for “curl”, and install it.
Note: determine if you have curl already by running curl in the terminal. If the “help” dialog shows up for the program, you have Curl on your Linux machine.
curl https://getcaddy.com | bash -s personal
The Caddy web server is free to use for personal use, but you must specify it. Planning to use Caddy in an enterprise setting? Run the installation command with:
curl https://getcaddy.com | bash -s commercial
Running Curl will pipe it through Bash and automatically start the installation process. The Caddy installer will take time to download the web server binary and place it in /usr/local/bin/ directory. If the installation is successful, you’ll see a message saying “Successfully Installed”.
At this point, you’ll need to modify the Caddy binary. Run the following command in the terminal, with sudo privileges.
sudo setcap cap_net_bind_service=+ep /usr/local/bin/caddy
Configuring Caddy
Caddy is installed on the server. The next step in the process is to configure the directory structure. Start out by getting a root terminal. Doing this will make modifying folders in the file system much faster, as you won’t need to enter sudo for every command, followed by a password.
On most systems, users can log directly into the root account with:
su
On Ubuntu server, however, the Root account is locked for security reasons. To get around this, gain a root shell with sudo.
sudo -s
Now that we have root access, create the necessary directories for the Caddy server to operate correctly.
mkdir /etc/caddy mkdir /etc/ssl/caddy
Note: If your server already has a /var/www/ directory, skip this last mkdir command.
mkdir /var/www
Next, create a new “Caddyfile” inside of /etc/caddy/.
touch /etc/caddy/Caddyfile
Using the chmod command, update the permissions for the Caddy sub-folder inside of /etc/ssl/.
chmod 0770 /etc/ssl/caddy
Lastly, chown the /var/www/ directory:
chown www-data: /var/www
Caddy Systemd File
Most servers, especially Ubuntu server make heavy use of the systemd init system. However, since the web server installs via Bash script, a systemd file isn’t present. Instead, we’ll need to make our own. Use the touch command to make a new, blank service file.
touch /lib/systemd/system/caddy.service
Open up the new caddy.service file and paste the following code into it:
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target
[Service]
Restart=on-failure
StartLimitInterval=86400
StartLimitBurst=5
User=www-data
Group=www-data
; Letsencrypt-issued certificates will be written to this directory.
Environment=CADDYPATH=/etc/ssl/caddy
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID
LimitNOFILE=1048576
LimitNPROC=64
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=full
ReadWriteDirectories=/etc/ssl/caddy
; The following additional security directives only work with systemd v229 or later.
; They further retrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
;AmbientCapabilities=CAP_NET_BIND_SERVICE
;NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
There is a lot of code for the caddy.service file, so do your best to ensure everything is there. When you’re sure, save the changes by pressing the Ctrl + X keyboard combination. Exit the editor with Ctrl + X.
systemctl enable caddy.service systemctl start caddy.service
After setting up systemd, everything should be ready to go.
Setting Up Domains
Caddy, like any other web server, needs a bit of configuration before using it. Start off by creating a domain folder:
Note: be sure to rename “test-domain.org” with your domain.
mkdir -p /var/www/test-domain.org/
Next, edit the file Caddyfile we created earlier.
nano /etc/caddy/Caddyfile
Paste the following code to activate your new domain:
my-domain.com {
root /var/www/test-domain.org
}
Restart the Caddy systemd service to save the changes. When the service finishes restarting, Caddy is ready to use on your server.
systemctl restart caddy.service
