• No products in the cart.

Caddy Web Server On FreeBSD

Caddy Web Server On FreeBSD

By Abdorrahman Homaei


What Is Caddy Web Server?
Caddy Features
Caddy VS Others ?
How to Install Caddy in FreeBSD 11.1
Caddy Configuration
Caddy Real Scenario
Useful Links
About The Author


What Is Caddy Web Server?

Caddy is an open-source, middleware, secure, HTTP/2-enabled web server written in Go programming language. Since its unveiling in 2015, Caddy has gained popularity due to its simple yet clear configuration and initiation. . Besides its ease of use, Caddy lets you create a HTTPS enabled website in 5 seconds, and here is the best part, the SSL certificate costs you nothing.
Caddy supports HTTP/2, and automatic TLS encryption. HTTP/2 is HTTP protocol successor that can load websites faster.
Caddy is integrated with Let’sEncrypt, a certificate authority which provides free TLS/SSL certificates. Hence, it automatically gets an SSL key and then serves your website securely.
Caddy not only supports a variety of Web technologies but it is also available as statically-compiled binaries for Windows, Mac, Linux, Android, and BSD operating systems on i386, amd64, and ARM architectures.
A variety of website technologies can be served by Caddy which can also act as a reverse proxy and load balancer. Most of its features are implemented as middleware and exposed through directives in the Caddyfile (a text file used to configure Caddy).
Caddy is not vulnerable to a number of widespread CVEs including Heart-bleed, DROWN, POODLE, and BEAST. Moreover, it uses TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.

Caddy Features

Caddy notable features are:
HTTP/2 enabled
OCSP Stapling
Virtual hosting
Native IPv4 and IPv6 support
Serve static files
Graceful restart/reload
Reverse proxy
Load balancing with health checks
FastCGI proxy
Markdown rendering
CGI via WebSockets
Gzip compression
Basic access authentication
URL rewriting
File browsing
Access, error, and process logs
QUIC Support

How to Install Caddy in FreeBSD 11.1

To install caddy, all you have to do is:

# pkg install caddy

You can simply issue “caddy -h” command to learn how to use caddy:

# caddy -h

Agree to the CA’s Subscriber Agreement
-ca string
URL to certificate authority’s ACME server directory (default “https://acme-v01.api.letsencrypt.org/directory”)
-catimeout duration
Default ACME CA HTTP timeout
-conf string
Caddyfile to load (default “Caddyfile”)
-cpu string
CPU cap (default “100%”)
Disable the ACME HTTP challenge
Disable the ACME TLS-SNI challenge
-email string
Default ACME CA account email address
-grace duration
Maximum duration of graceful shutdown (default 5s)
-host stringDefault host
-http-port string
Default port to use for HTTP (default “80”)
Use HTTP/2 (default true)
-https-port string
Default port to use for HTTPS (default “443”)
-log string
Process log file
-pidfile string
Path to write pid file
List installed plugins
-port string
Default port (default “2015”)
Use experimental QUIC
Quiet mode (no initialization output)
-revoke string
Hostname for which to revoke the certificate
-root string
Root path of default site (default “.”)
-type string
Type of server to run (default “http”)
Parse the Caddyfile but do not start the server
Show version

Caddy Configuration

First, we need to create a directory and name it caddy:
# mkdir caddy
Copy your index.html in it:
# cp index.html ./caddy/index.html
Then, go to the directory and issue the following caddy command:
# caddy -host corebox.ir -cpu 50% -log log.txt -agree
Activating privacy features… done.
We can now open “corebox.ir” in the browser. The point is caddy automatically activates SSL key.

Caddy Real Scenario

In the real-world, we need to cap the CPU, save web server logs or change web server root directory.
In the next example, we run our web server in “/usr/local/www” directory. This command caps the CPU to 50 percent. Logs will be saved in “/var/log/caddy.log” and we also have to agree to the CA’s subscriber agreement.
# caddy -host corebox.ir -cpu 50% -log “/var/log/caddy.log” -agree -root “/usr/local/www”.
You can create a file named Caddyfile and place all options in it:
# touch Caddyfile
# ee Caddyfile
cpu 50%
log /var/log/caddy.log

Caddy With API Access

In this example, caddy proxies all API requests to a backend through port 9000.
# ee Caddyfile
cpu 50%
log /var/log/caddy.log
proxy /api


Caddy is an open-source web server but has features like QUIC that only an enterprise web server supports. Its configuration syntax is so clean and beautiful.

Useful Links


About The Author

Abdorrahman Homaei has been working as a software developer since 2000. He has used FreeBSD for more than ten years. Additionally, he became involved with the meetBSD dot ir and performed serious training on FreeBSD. He is started his company (etesal amne sara tehran) in Feb 2017 and it is based in Iran Silicon Valley.
Full CV: http://in4bsd.com
His company: http://corebox.ir

April 17, 2018

0 responses on "Caddy Web Server On FreeBSD"

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013