Caddy (web server)
This article contains content that is written like an advertisement. (June 2020) (Learn how and when to remove this template message)
|Original author(s)||Matthew Holt|
|Initial release||28 April 2015|
2.2.1 / 13 October 2020
|Operating system||Android, BSD variants, Linux, Plan 9, OS X and Windows|
|Type||Web server, reverse proxy server|
The author, Matthew Holt, began developing Caddy in December 2014 and released it in April 2015. Since then it has been worked on by over two hundred other developers, adding for example support for QUIC.
Caddy supports a variety of Web technologies and is available as statically-compiled binaries for Microsoft Windows, macOS, Linux, Android, and BSD operating systems on x86-64, IA-32, and ARM architectures.
A variety of web site technologies can be served by Caddy, which can also act as a reverse proxy and load balancer. Most of Caddy's features are implemententations found in Go's library, but some enhancements are available as middleware and exposed through directives in the Caddyfile (a text file used to configure Caddy).
- HTTP/1.1 (plaintext HTTP), HTTP/2 (default for HTTPS connections), and as of 2.0 beta 17, experimental support for HTTP/3. 
- HTTPS, either automatically enabled and managed, or manually configured
- Virtual hosting (multiple sites on the same port)
- Native IPv4 and IPv6 support
- Serve static files (uses sendfile where possible)
- Graceful restart/reload
- Reverse proxy (HTTP or WebSockets)
- Load balancing with health checks
- FastCGI proxy
- Templates (similar to Server Side Includes)
- Markdown rendering
- Common Gateway Interface via WebSockets
- Gzip compression
- Basic access authentication
- URL rewriting
- File browsing
- Access, error, and process logs
- Experimental QUIC support
With regards to protocols and cipher suites, Caddy uses TLS 1.0-1.2 and prefers ECDHE ECDSA with AES-256 GCM SHA-384, although a dozen different ciphers are supported. Caddy has also been used by Cloudflare as a platform to serve an experimental TLS 1.3 implementation.
Traditional privilege de-escalation as performed in C programs is non-trivial or not possible in Go programs.
Caddy activates HTTPS by default for sites with qualifying domain names (names for which a TLS certificate can be negotiated via the ACME protocol), and redirects HTTP requests to HTTPS. It obtains certificates as needed during startup and keeps them renewed during the lifetime of the server. Let's Encrypt is the default certificate authority, but the user may customize the ACME CA that is used, which is often necessary when testing configurations. As of Q1 2016, Caddy accounted for about 2% of certificates issued by Let's Encrypt.
An alternate configuration allows Caddy to obtain certificates only as needed during TLS handshakes rather than at startup, a feature dubbed "On-Demand TLS." To enable this feature, the user must specify a maximum number of certificates that can be issued this way. When Caddy receives a request for a hostname for which it does not yet have a certificate, it will negotiate a new certificate via ACME and serve it immediately, while caching the obtained certificate in memory and storing it on disk. This process usually takes a few seconds, and is subject to tight rate limits.
When serving TLS, Caddy will automatically rotate session ticket keys periodically to help preserve perfect forward secrecy.
Caddy v2 has no telemetry.
- "Releases". Github. Retrieved 19 October 2020.
- Gerrand, Andrew (17 February 2016). "Go 1.6 is released". golang.org. Retrieved 5 March 2016.
- "Light Code Labs". lightcodelabs.com. Light Code Labs. Retrieved 2019-09-15.
Caddy is an open source, easy-to-use HTTP/2 web server...
- Johnson, Brad (23 February 2016). "A Better Web Server with Free SSL". VolumeLabs.net. Retrieved 5 March 2016.
- "Automatic HTTPS with Caddy Server". 18 December 2015. Retrieved 5 March 2016.
- Aas, Josh (12 February 2016). NYLUG Presents: Josh Aas on Let's Encrypt: A Free, Automated, and Open CA. Bloomberg. 32 minutes in.
- "Show HN: Caddy, a cross-platform HTTP/2 web server". news.ycombinator.com. 28 April 2015.
- "The Caddyfile". Retrieved 29 February 2016.
- "Release 2.0 beta 17 · caddyserver/caddy". Github. 2020-03-13. Retrieved 2020-08-11.
- "tls - Caddy Directives". Retrieved 8 March 2016.
- Benedetti, Benoit (November 2015). "Caddy, Le Serveur Web Facile" [Caddy, The Easy Web Server]. GNU/Linux Magazine France (in French). France.
- "How to Setup [sic] the Caddy Web Server with php-fpm". Archived from the original on 2017-08-18. Retrieved 2016-03-09.
- Beke, Mathias (21 August 2015). "Caddy Server and WordPress (PHP-FPM)".
- "SSL Server Test: caddyserver.com (Powered by Qualys SSL Labs)". SSLLabs.com. Retrieved 5 March 2016.
- "Release 0.7.1 · mholt/caddy". 2 June 2015.
- Nick Sullivan [@grittygrease] (4 Mar 2016). "It's built in Go using custom versions @rlbarnes's Mint and @mholt6's Caddy" (Tweet) – via Twitter.
- "syscall: Setuid/Setgid doesn't apply to all threads on Linux". 21 January 2011. Retrieved 5 March 2016.
- "Automatic HTTPS". Retrieved 5 March 2016.
- Eckersley, Peter (21 February 2016). USENIX Enigma 2016 - Several Horror Stories about the Encrypted Web. USENIX. 13 minutes in.
- "On-Demand TLS". Retrieved 5 March 2016.
- Kubacki, Mark (12 April 2016). "server: Rotate TLS ticket 'keys'". Archived from the original on 13 June 2019. Retrieved 13 June 2019 – via GitHub.
- "Caddy 0.11 Will Have Telemetry". Caddy. 2018-03-30. Retrieved 2018-06-05.
- "Caddy Telemetry - Documentation". caddyserver.com. Retrieved 20 February 2019.
- Belamaric, John; Liu, Cricket (2019). "1: Introduction". Learning CoreDNS: Configuring DNS for Cloud Native Environments (1 ed.). ISBN 9781492047964. OCLC 1091363083. What is CoreDNS?.