• LOGIN
  • No products in the cart.

Caddy Web Server On FreeBSD

Caddy Web Server On FreeBSD

By Abdorrahman Homaei

INSIDE

What Is Caddy Web Server?
Caddy Features
Caddy VS Others ?
How to Install Caddy in FreeBSD 11.1
Caddy Configuration
Caddy Real Scenario
Conclusion
Useful Links
About The Author

 

What Is Caddy Web Server?

Caddy is an open-source, middleware, secure, HTTP/2-enabled web server written in Go programming language. Since its unveiling in 2015, Caddy has gained popularity due to its simple yet clear configuration and initiation. . Besides its ease of use, Caddy lets you create a HTTPS enabled website in 5 seconds, and here is the best part, the SSL certificate costs you nothing.
Caddy supports HTTP/2, and automatic TLS encryption. HTTP/2 is HTTP protocol successor that can load websites faster.
Caddy is integrated with Let’sEncrypt, a certificate authority which provides free TLS/SSL certificates. Hence, it automatically gets an SSL key and then serves your website securely.
Caddy not only supports a variety of Web technologies but it is also available as statically-compiled binaries for Windows, Mac, Linux, Android, and BSD operating systems on i386, amd64, and ARM architectures.
A variety of website technologies can be served by Caddy which can also act as a reverse proxy and load balancer. Most of its features are implemented as middleware and exposed through directives in the Caddyfile (a text file used to configure Caddy).
Caddy is not vulnerable to a number of widespread CVEs including Heart-bleed, DROWN, POODLE, and BEAST. Moreover, it uses TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.

Caddy Features

Caddy notable features are:
HTTP/2 enabled
SNI
OCSP Stapling
Virtual hosting
Native IPv4 and IPv6 support
Serve static files
Graceful restart/reload
Reverse proxy
Load balancing with health checks
FastCGI proxy
Templates
Markdown rendering
CGI via WebSockets
Gzip compression
Basic access authentication
URL rewriting
Redirects
File browsing
Access, error, and process logs
QUIC Support

How to Install Caddy in FreeBSD 11.1

To install caddy, all you have to do is:

# pkg install caddy

You can simply issue “caddy -h” command to learn how to use caddy:

# caddy -h
 -agree

Agree to the CA’s Subscriber Agreement
-ca string
URL to certificate authority’s ACME server directory (default “https://acme-v01.api.letsencrypt.org/directory”)
-catimeout duration
Default ACME CA HTTP timeout
-conf string
Caddyfile to load (default “Caddyfile”)
-cpu string
CPU cap (default “100%”)
-disable-http-challenge
Disable the ACME HTTP challenge
-disable-tls-sni-challenge
Disable the ACME TLS-SNI challenge
-email string
Default ACME CA account email address
-grace duration
Maximum duration of graceful shutdown (default 5s)
-host stringDefault host
-http-port string
Default port to use for HTTP (default “80”)
-http2
Use HTTP/2 (default true)
-https-port string
Default port to use for HTTPS (default “443”)
-log string
Process log file
-pidfile string
Path to write pid file
-plugins
List installed plugins
-port string
Default port (default “2015”)
-quic
Use experimental QUIC
-quiet
Quiet mode (no initialization output)
-revoke string
Hostname for which to revoke the certificate
-root string
Root path of default site (default “.”)
-type string
Type of server to run (default “http”)
-validate
Parse the Caddyfile but do not start the server
-version
Show version

Caddy Configuration

First, we need to create a directory and name it caddy:
# mkdir caddy
Copy your index.html in it:
# cp index.html ./caddy/index.html
Then, go to the directory and issue the following caddy command:
# caddy -host corebox.ir -cpu 50% -log log.txt -agree
Activating privacy features… done.
https://corebox.ir
http://corebox.ir
We can now open “corebox.ir” in the browser. The point is caddy automatically activates SSL key.

Caddy Real Scenario

In the real-world, we need to cap the CPU, save web server logs or change web server root directory.
In the next example, we run our web server in “/usr/local/www” directory. This command caps the CPU to 50 percent. Logs will be saved in “/var/log/caddy.log” and we also have to agree to the CA’s subscriber agreement.
# caddy -host corebox.ir -cpu 50% -log “/var/log/caddy.log” -agree -root “/usr/local/www”.
You can create a file named Caddyfile and place all options in it:
# touch Caddyfile
# ee Caddyfile
corebox.ir
agree
browse
cpu 50%
log /var/log/caddy.log

Caddy With API Access

In this example, caddy proxies all API requests to a backend through port 9000.
# ee Caddyfile
corebox.ir
agree
browse
cpu 50%
log /var/log/caddy.log
proxy /api 127.0.0.1:9000

Conclusion

Caddy is an open-source web server but has features like QUIC that only an enterprise web server supports. Its configuration syntax is so clean and beautiful.

Useful Links

https://github.com/mholt/caddy#quick-start
https://en.wikipedia.org/wiki/QUIC
https://en.wikipedia.org/wiki/Caddy_(web_server)
https://en.wikipedia.org/wiki/HTTP/2

About The Author

Abdorrahman Homaei has been working as a software developer since 2000. He has used FreeBSD for more than ten years. Additionally, he became involved with the meetBSD dot ir and performed serious training on FreeBSD. He is started his company (etesal amne sara tehran) in Feb 2017 and it is based in Iran Silicon Valley.
Full CV: http://in4bsd.com
His company: http://corebox.ir

April 17, 2018

Leave a Reply

avatar

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
Notify of
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013