Caddy is an open source web server that has built-in automatic HTTPS. I find it easier to use than other web servers where you have to set up HTTPS (automatic or otherwise) separately. I maintain the caddy package in Fedora to make it more accessible and easier to use. This guide will demonstrates how to use that package.
Note: Replace instances of example.com
in this guide with the actual hostname you want to use.
Preparation
When you first start Caddy, it will attempt to provision Let’s Encrypt certificates for any configured hostnames. You need to ensure that the appropriate DNS records and network access are in place first so that Caddy can complete the ACME challenges.
- DNS "A" record pointing to your public IPv4 address
- DNS "AAAA" record pointing to your public IPv6 address
- port 80 network access allowed
- port 443 network access allowed
Fedora enables a software firewall by default. Configure it to allow the necessary access.
firewall-cmd --permanent --add-service http --add-service https
firewall-cmd --reload
Installation
Caddy v2 is available in the default package repositories for Fedora 33 and newer.
dnf install caddy
If you are using an older Fedora release, RHEL, CentOS, or OpenSUSE, the upstream project has a COPR repository available to get Caddy v2 packages.
Content
Add your own content in /var/www/example.com
, or use this example index file to get started now and swap in your own content later.
mkdir -p /var/www/example.com
echo '<h1>Hello world!</h1>' > /var/www/example.com/index.html
Recursively restore the SELinux file context for your content.
restorecon -r /var/www
Configuration
The most common way to configure Caddy is with a Caddyfile. The Fedora package includes a Caddyfile as /etc/caddy/Caddyfile
. The default block serves a welcome page over HTTP only. In this file, you will need to change the address and the site root. Aside from the comments, the default Caddyfile looks like this:
http:// {
root * /usr/share/caddy
file_server
}
You need to change it to look like this:
example.com {
root * /var/www/example.com
file_server
}
Using the bare hostname as the address (no protocol) will enable automatic HTTPS with HTTP to HTTPS redirection.
Service
Enable and start the Caddy daemon.
systemctl enable --now caddy
Conclusion
You should now be able to open https://example.com in your browser. With just that minimal configuration, you get:
- automatic certificate provisioning and renewal
- HTTP to HTTPS redirection
- static content served from your content directory
You can learn more about Caddy by reading the documentation. You can also ask questions on the forum. Caddy is a pleasure to use, and I hope you find it as useful as I do.
Top comments (0)