Caddy: Installation and Basic Reverse Proxy Configuration

These days, when deploying websites, a common question arises: how can you set up a reliable, secure, and easy-to-manage infrastructure? In this article, we’ll walk you through setting up Caddy — a modern web server and reverse proxy that’s perfect for small to medium-sized projects, especially if you don’t want to spend hours configuring Nginx or Apache.

We’ll cover how to install Caddy on Ubuntu, create a configuration file for serving static files and PHP applications, and connect a custom SSL certificate — a particularly relevant topic when using proxies like Cloudflare.

What is Caddy, and Why Should You Care?

Caddy is a cross-platform web server and reverse proxy written in Go. It was designed from the ground up to be simple to use — you can get it up and running in just a few minutes and still enjoy a full suite of modern features: from automatic HTTPS to compression and proxying.

Unlike many other servers, Caddy supports automatic SSL certificate issuance via Let’s Encrypt out of the box. You don’t need to install separate agents, set up cron jobs, or configure certbot — everything is done automatically. Just specify the domain in the config, and Caddy takes care of the rest.

Installing Caddy on Ubuntu

You only need a couple of commands to get started. First, ensure your system is up to date:
sudo apt update

Now install the Caddy server:

sudo apt install caddy
Copy

To check that the installation was successful:

caddy version
Copy

If you see a version number, such as 2.6.2, everything is working.

Configuration: Two Options

After installation, it's time to configure Caddy. The developers offer two main approaches:
→ Caddyfile + CLI – the simplest option, perfect for small sites and manual configuration. Even beginners can understand what to write and where.

→ JSON + API – a powerful tool for automation and scalable setups. More suited to DevOps engineers or developers integrating Caddy into CI/CD pipelines.

In this article, we’ll focus on the first option — Caddyfile. It’s much easier to start with and gets results quickly.
Important: Caddy lets you store configurations either in a single global Caddyfile or in separate files per site. We'll use a single main config file located at /etc/caddy/Caddyfile.

Hosting a Static Website

Let’s say you have a static website you want to host at static.example.com. Here’s how to do it step by step.
First, create a directory for the site’s files:

sudo mkdir -p /var/www/static-site
cd /var/www/static-site
Copy

Download a sample archive and extract it:

wget https://example.com/static_site_sample.tgz
tar xf static_site_sample.tgz --strip 1
rm static_site_sample.tgz
Copy

Set the correct file permissions:

sudo chown -R www-dаta:www-data /var/www
Copy

Open the config file:

sudo nano /etc/caddy/Caddyfile
Copy

Add the following block:

static.example.com {
    root * /var/www/static-site
    file_server
}
Copy

This tells Caddy to serve files from the specified directory when static.example.com is requested. The file_server directive enables the built-in static file server.

Save the file and validate the config:

sudo caddy validate
Copy

If there are no errors, apply the changes:

sudo caddy reload
Copy

After a few seconds, the site will be live in your browser — no server restart needed.

Example: Hosting a WordPress Site

Let’s take it a step further and host a dynamic WordPress site using Caddy as the web server and reverse proxy.
First, install the required packages:

sudo apt install php php-fpm mysql-server
sudo apt install php-mysql php-xml php-gd php-mbstring php-curl php-zip php-bcmath
Copy

Create the site directory:

sudo mkdir -p /var/www/wp-site
Copy

Upload your WordPress archive and database dump, then extract the files. Afterward, set permissions:

sudo chown -R www-dаta:www-data /var/www/wp-site
sudo chmod -R 750 /var/www/wp-site
Copy

Now set up the database. Launch MySQL:

mysql -u root
Copy

Run these commands:

CREATE DATABASE wp_site;
CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'your_secure_password';
GRANT ALL PRIVILEGES ON wp_site.* TO 'wp_user'@'localhost';
EXIT;
Copy

Import your database dump:

mysql -u wp_user -p wp_site < /path/to/dump.sql
Copy

Edit wp-config.php to add your database name, user, and password.

Now configure Caddy:

sudo nano /etc/caddy/Caddyfile
Copy

Add this block:

wordpress.example.com {
    root * /var/www/wp-site
    php_fastcgi unix//run/php/php-fpm.sock
    file_server
    encode gzip

    log {
        output file /var/log/caddy/access.log
        format console
    }

    @blocked {
        path /xmlrpc.php
        path *.sql
        path /wp-content/uploads/*.php
    }

    rewrite @blocked /index.php
}
Copy

This enables PHP processing, file serving, and basic protection from unwanted requests.
Check and reload the config:

sudo caddy validate
sudo caddy reload
Copy

That’s it — your WordPress site is now up and running.

Using a Custom SSL Certificate

Caddy handles SSL automatically, but sometimes you may need to use your own certificate. For example, when using Cloudflare in Full (Strict) mode, you must manually provide a certificate and key.

Option 1: Use Caddy’s built-in self-signed certificate
Just add this to your config:

example.com {
    tls internal
}
Copy

Caddy will generate a certificate automatically.

Option 2: Use your own certificate
Place the .pem files on your server:
→ Certificate: /etc/ssl/certs/certificate.pem

→ Private Key: /etc/ssl/private/key.pem

Then specify them in the config:

example.com {
    tls /etc/ssl/certs/certificate.pem /etc/ssl/private/key.pem
}
Copy

Reload the config:

sudo caddy reload
Copy

Now Caddy will use your certificate instead of Let’s Encrypt.

Conclusion

Caddy is a powerful yet simple and user-friendly tool. Its main strength lies in its simplicity. You can set up a web server with automatic HTTPS in minutes — without writing dozens of config lines. And if you need more control, the API and JSON config options are available.

We’ve covered the basics: hosting static sites, running WordPress, and setting up SSL. But that’s just the tip of the iceberg — Caddy also supports routing, load balancing, WebSocket handling, and more.

If you want to launch a website quickly and painlessly — give Caddy a try.