Hi, folks. In this post, you will learn how to install Caddy on Ubuntu 20.04.
Caddy is the HTTP/2 web server with automatic HTTPS. That’s the description they give us on their website. It is a lightweight, commercially supported web server that can acquire and renew SSL/TLS certificates automatically using Let’s Encrypt.
Among its most outstanding features are:
- Easy configuration with the Caddyfile.
- Automatic HTTPS on by default (via Let’s Encrypt)
- HTTP/2 by default. In other words, this is important to maintain the security of our websites.
- Virtual hosting so multiple sites just work.
- Experimental QUIC support for cutting-edge transmissions.
- TLS session ticket key rotation for more secure connections.
- Extensible with plugins because a convenient web server is a helpful one.
- Runs anywhere with no external dependencies.
As can be seen, it is an interesting and practical web server. It comes to add to the list that already conform to the veteran Apache and Nginx.
Install Caddy server on Ubuntu 20.04
Caddy is not present in the official Ubuntu 20.04 repositories but this is not a problem because Caddy has its repository that is compatible with Ubuntu 20.04
So, open a terminal or SSH session and run the following command to add the repository:
echo "deb [trusted=yes] https://apt.fury.io/caddy/ /" | sudo tee -a /etc/apt/sources.list.d/caddy-fury.list
Then, update the APT cache.
sudo apt update
Finally, install Caddy using this command:
sudo apt install caddy Reading package lists… Done Building dependency tree Reading state information… Done The following NEW packages will be installed: caddy 0 upgraded, 1 newly installed, 0 to remove and 132 not upgraded. Need to get 11.5 MB of archives. After this operation, 33.1 MB of additional disk space will be used.
When installing, remember that if you use a Firewall you have to allow access to ports 80 and 443.
Also, you can check the operation of Caddy with systemctl
sudo systemctl status caddy
● caddy.service - Caddy
Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2020-09-30 16:11:22 UTC; 1min 12s ago
Docs: https://caddyserver.com/docs/
Main PID: 1662 (caddy)
Tasks: 9 (limit: 847)
Memory: 9.9M
CGroup: /system.slice/caddy.service
└─1662 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
Sep 30 16:11:22 osradar caddy[1662]: USER=caddy
Sep 30 16:11:22 osradar caddy[1662]: INVOCATION_ID=a7e8af36842649de879618f3b02fad07
Sep 30 16:11:22 osradar caddy[1662]: JOURNAL_STREAM=9:31431
Sep 30 16:11:22 osradar caddy[1662]: {"level":"info","ts":1601482282.753998,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":">
Sep 30 16:11:22 osradar caddy[1662]: {"level":"info","ts":1601482282.7627285,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_ori>
Sep 30 16:11:22 osradar caddy[1662]: {"level":"info","ts":1601482282.7633834,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS wil>
Sep 30 16:11:22 osradar caddy[1662]: {"level":"info","ts":1601482282.7788668,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache">
Sep 30 16:11:22 osradar caddy[1662]: {"level":"info","ts":1601482282.7808697,"logger":"tls","msg":"cleaned up storage units"}
Sep 30 16:11:22 osradar caddy[1662]: {"level":"info","ts":1601482282.7819138,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Sep 30 16:11:22 osradar caddy[1662]: {"level":"info","ts":1601482282.7840743,"msg":"serving initial configuration"}
Now open a web browser and go to the IP address of the server or domain.
And so it is installed. Now let’s go for the PHP support.
Enable the PHP support
It is normal for a web server to have PHP support, at least. In the case of Caddy to gain PHP support, a valid SSL certificate or domain is required since Caddy is capable of generating it.
First, install the basic PHP packages:
sudo apt install php-cli php-fpm
After the installation is complete, modify the php-fpm configuration file:
sudo nano /etc/php/7.4/fpm/pool.d/www.conf
And locate the user and group directives and leave them as follows:
user = caddy
group = caddy
Also, place the listen.owner and listen.group directives and leave them like this:
listen.owner = caddy
listen.group = caddy
Save the changes and exit the editor and to apply the changes restart the php-fpm service
sudo systemctl restart php7.4-fpm
Now create a new folder where your host will be hosted along with the logs folder.
sudo mkdir -p /var/www/html/osradar/log/
Substitute osradar for yours.
Assign the appropriate permissions:
sudo chown -R caddy:caddy /var/www/html/
sudo chmod -R 777 /var/www/html/
Then, you have to modify the main Caddy configuration file. There we will establish the new virtual host.
By default, the file is very basic. In fact, most of the file is commented. Comment the few lines that are not and at the end of everything, add the following:
{
experimental_http3
}
caddy.osradar.test {
root * /var/www/html/osradar/
log {
output file /var/www/html/osradar/log/osradar.log {
roll_size 5MiB
roll_keep 8
roll_keep_for 72h
}
format json
}
encode gzip zstd
php_fastcgi unix//run/php/php7.4-fpm.sock
tls [email protected] {
protocols tls1.2 tls1.3
}
}
Replace the fields with your own. For example, caddy.osradar.test by yours.
From this file it is worth indicating that the TLS section is quite important because it establishes which is the mail that has already registered a certificate and proceeds to create it in the pc.
Save the changes and close the editor.
Restart Caddy to apply the changes:
sudo systemctl restart caddy
And it’s ready. Remember that the tutorial will work if you have a valid and registered domain name, otherwise, you will get an error when accessing via a web browser.
Conclusion
Caddy is emerging as a great option to keep in mind, however, it seems that he still has some way to go in the business field.
And what do you think? did you like the program? do you use it? we want to know what you think
Please spread this article through your social networks. Also, join our telegram channel.
