In the present world, security is the most important thing to keep an eye on. Even the slightest leakage can allow a huge tragedy to take place. In the case of websites, HTTPS is very important as without it, users are more likely to leak their sensitive info in the online. If you’re a webmaster, you may already be using NGINX or Apache. These are obviously very popular and powerful, but setting up HTTPS with them is a painful task.
Thanks to the world of devs, there’s another alternative solution to the problem – Caddy Web Server. It’s a really nice alternative to all those popular choices. It also comes with HTTPS by default, saving a lot of hassle and problem in the start.
Let’s take a look on installing Caddy in our system.
Installing Caddy Web Server
For installing Caddy in our Linux system, we’re going to use cURL. Caddy works the same on all the available platforms including all the normal Linux versions and server editions. It’s because Caddy loves to distribute their software with the help of a specialized bash script instead of adding software repo.
Run the following command:
curl https://getcaddy.com | bash -s personal
In this demo, we’ll be running the Caddy “personal” (free) edition. It’s free of course, but for larger organizations and for higher usage, you should get the commercial edition. However, the commercial one is a bit costly. You can check out the commercial price plans here.
If you want to install the commercial version of Caddy Web Server, run the following command:
curl https://getcaddy.com | bash -s commercial
After the script finishes downloading and installing Caddy, it’ll be installed in /usr/local/bin/ directory. Now, run the following command for modifying the Caddy binary.
sudo setcap cap_net_bind_service=+ep /usr/local/bin/caddy
Configuring Caddy
Now, we have to configure the server. Let’s get going.
Enable root access:
su OR sudo -s
Create the directories where Caddy will operate:
mkdir /etc/caddy mkdir /etc/ssl/caddy mkdir /var/www
Note that if your server already contains “/var/www/” directory, you can skip the last command.
Now, create a new “Caddyfile”:
touch /etc/caddy/Caddyfile
Update the folder permission of the Caddy sub-folder:
chmod 0770 /etc/ssl/caddy
Now, chown the “/var/www” directory.
chown www-data: /var/www
For working properly with the “systemd”, run the following commands:
touch /lib/systemd/system/caddy.service nano /lib/systemd/system/caddy.service
Paste the following code into the editor, then “Ctrl + O” to save the file and “Ctrl + X” to close the editor
[Unit] Description=Caddy HTTP/2 web server Documentation=https://caddyserver.com/docs After=network-online.target Wants=network-online.target [Service] Restart=on-failure StartLimitInterval=86400 StartLimitBurst=5 User=www-data Group=www-data ; Letsencrypt-issued certificates will be written to this directory. Environment=CADDYPATH=/etc/ssl/caddy ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp ExecReload=/bin/kill -USR1 $MAINPID LimitNOFILE=1048576 LimitNPROC=64 PrivateTmp=true PrivateDevices=true ProtectHome=true ProtectSystem=full ReadWriteDirectories=/etc/ssl/caddy ; The following additional security directives only work with systemd v229 or later. ; They further retrict privileges that can be gained by caddy. Uncomment if you like. ; Note that you may have to add capabilities required by any plugins in use. ;CapabilityBoundingSet=CAP_NET_BIND_SERVICE ;AmbientCapabilities=CAP_NET_BIND_SERVICE ;NoNewPrivileges=true [Install] WantedBy=multi-user.target
Restart “caddy.service”:
systemctl enable caddy.service systemctl start caddy.service
Setting up domains
Now, it’s just normal configuration like most other servers to perform some configurations. Let’s start with the domain folder.
Edit the “Caddyfile” for activating your new domain. Don’t forget to change the names with your domain name.
mkdir -p /var/www/osradar.com/
nano /etc/caddy/Caddyfile
# Paste the following code for activating your domain on Caddy
domain-demo.com {
root /var/www/osradar.com
}
Restart the “caddy.service”:
systemctl restart caddy.service
Enjoy Caddy! Check out installing MariaDB server on CentOS 6/7 and Fedora 27/28.
I think some semicolons went missing. I would recommend just:
mkdir -p /etc/caddy /etc/ssl/caddy /var/www
(with -p there are no problems if the directory already exists, or if the parent doesn’t).
The lines starting with “touch”, “systemctl” and “mkdir -p” are missing semicolons.
Also, the setcap is not necessary, as it is part of the standard install script.