Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

github.com/caddyserver/caddy

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/caddyserver/caddy

  • v1.0.5
  • Source
  • Go
  • Socket score

Version published
Created
Source

Caddy

Every Site on HTTPS

Caddy is a general-purpose HTTP/2 web server that serves HTTPS by default.


@caddyserver on Twitter Caddy Forum Caddy on Sourcegraph

Download · Documentation · Community


Caddy is a production-ready open-source web server that is fast, easy to use, and makes you more productive.

Available for Windows, Mac, Linux, BSD, Solaris, and Android.

Thanks to our special sponsor:

Relica - Cross-platform file backup to the cloud, local disks, or other computers

Menu

Features

  • Easy configuration with the Caddyfile
  • Automatic HTTPS on by default (via Let's Encrypt)
  • HTTP/2 by default
  • Virtual hosting so multiple sites just work
  • Experimental QUIC support for cutting-edge transmissions
  • TLS session ticket key rotation for more secure connections
  • Extensible with plugins because a convenient web server is a helpful one
  • Runs anywhere with no external dependencies (not even libc)

See a more complete list of features built into Caddy. On top of all those, Caddy does even more with plugins: choose which plugins you want at download.

Altogether, Caddy can do things other web servers simply cannot do. Its features and plugins save you time and mistakes, and will cheer you up. Your Caddy instance takes care of the details for you!

Powered by
CertMagic

Install

Caddy binaries have no dependencies and are available for every platform. Get Caddy any of these ways:

Build

To build from source you need Git and Go (1.13 or newer).

To build Caddy without plugins:

  • Run go get github.com/caddyserver/caddy/caddy

Caddy will be installed to your $GOPATH/bin folder.

With these instructions, the binary will not have embedded version information (see golang/go#29228), but it is fine for a quick start.

To build Caddy with plugins (and with version information):

There is no need to modify the Caddy code to build it with plugins. We will create a simple Go module with our own main() that you can use to make custom Caddy builds.

  • Create a new folder anywhere and within create a Go file (with an extension of .go, such as main.go) with the contents below, adjusting to import the plugins you want to include:
package main

import (
	"github.com/caddyserver/caddy/caddy/caddymain"
	
	// plug in plugins here, for example:
	// _ "import/path/here"
)

func main() {
	// optional: disable telemetry
	// caddymain.EnableTelemetry = false
	caddymain.Run()
}
  1. go mod init caddy
  2. Run go get github.com/caddyserver/caddy
  3. go install will then create your binary at $GOPATH/bin, or go build will put it in the current directory.

To install Caddy's source code for development:

  • Run git clone https://github.com/caddyserver/caddy.git in any folder (doesn't have to be in GOPATH).

You can make changes to the source code from that clone and checkout any commit or tag you wish to develop on.

When building from source, telemetry is enabled by default. You can disable it by changing caddymain.EnableTelemetry = false in run.go, or use the -disabled-metrics flag at runtime to disable only certain metrics.

Quick Start

To serve static files from the current working directory, run:

caddy

Caddy's default port is 2015, so open your browser to http://localhost:2015.

Go from 0 to HTTPS in 5 seconds

If the caddy binary has permission to bind to low ports and your domain name's DNS records point to the machine you're on:

caddy -host example.com

This command serves static files from the current directory over HTTPS. Certificates are automatically obtained and renewed for you! Caddy is also automatically configuring ports 80 and 443 for you, and redirecting HTTP to HTTPS. Cool, huh?

Customizing your site

To customize how your site is served, create a file named Caddyfile by your site and paste this into it:

localhost

push
browse
websocket /echo cat
ext    .html
log    /var/log/access.log
proxy  /api 127.0.0.1:7005
header /api Access-Control-Allow-Origin *

When you run caddy in that directory, it will automatically find and use that Caddyfile.

This simple file enables server push (via Link headers), allows directory browsing (for folders without an index file), hosts a WebSocket echo server at /echo, serves clean URLs, logs requests to an access log, proxies all API requests to a backend on port 7005, and adds the coveted Access-Control-Allow-Origin: * header for all responses from the API.

Wow! Caddy can do a lot with just a few lines.

Doing more with Caddy

To host multiple sites and do more with the Caddyfile, please see the Caddyfile tutorial.

Sites with qualifying hostnames are served over HTTPS by default.

Caddy has a nice little command line interface. Run caddy -h to view basic help or see the CLI documentation for details.

Running in Production

Caddy is production-ready if you find it to be a good fit for your site and workflow.

Running as root: We advise against this. You can still listen on ports < 1024 on Linux using setcap like so: sudo setcap cap_net_bind_service=+ep ./caddy

The Caddy project does not officially maintain any system-specific integrations nor suggest how to administer your own system. But your download file includes unofficial resources contributed by the community that you may find helpful for running Caddy in production.

How you choose to run Caddy is up to you. Many users are satisfied with nohup caddy &. Others use screen. Users who need Caddy to come back up after reboots either do so in the script that caused the reboot, add a command to an init script, or configure a service with their OS.

If you have questions or concerns about Caddy' underlying crypto implementations, consult Go's crypto packages, starting with their documentation, then issues, then the code itself; as Caddy uses mainly those libraries.

Contributing

Join our forum where you can chat with other Caddy users and developers! To get familiar with the code base, try Caddy code search on Sourcegraph!

Please see our contributing guidelines for instructions. If you want to write a plugin, check out the developer wiki.

We use GitHub issues and pull requests only for discussing bug reports and the development of specific changes. We welcome all other topics on the forum!

If you want to contribute to the documentation, please submit an issue describing the change that should be made.

Good First Issue

If you are looking for somewhere to start and would like to help out by working on an existing issue, take a look at our Good First Issue tag

Thanks for making Caddy -- and the Web -- better!

Donors

  • DigitalOcean is hosting the Caddy project.
  • DNSimple provides DNS services for Caddy's sites.
  • DNS Spy keeps an eye on Caddy's DNS properties.

We thank them for their services. If you want to help keep Caddy free, please become a sponsor!

About the Project

Caddy was born out of the need for a "batteries-included" web server that runs anywhere and doesn't have to take its configuration with it. Caddy took inspiration from spark, nginx, lighttpd, Websocketd and Vagrant, which provides a pleasant mixture of features from each of them.

The name "Caddy" is trademarked: The name of the software is "Caddy", not "Caddy Server" or "CaddyServer". Please call it "Caddy" or, if you wish to clarify, "the Caddy web server". See brand guidelines. Caddy is a registered trademark of Light Code Labs, LLC.

Author on Twitter: @mholt6

FAQs

Package last updated on 15 Jan 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc