Select Page

Hosting on HTTPS is hard. First off you have to get your domain, then pay some annoying security giant a large amount of money for a SSL certificate that expires in 1 year (and you have to pay them again), then you have to configure your website to use the certificate, ug! Too much work!
A few talented people around the globe have heard the desperate cry of the IT man stuck trying to get the little green lock on his webpage and have been taking steps to make it simpler. First we had free certificates which required some configuration and some more automation, but allowed you to have a properly signed certificate with no monetary cost.
Now there is the latest and greatest innovation from the HTTPS lovers out there: Caddy!


 When you browse to a website and get that warm and fuzzy feeling from the little green pad lock, you have HTTPS to thank. So what does a HTTPS secured website mean?

Someone didn’t use Caddy!

One of the main things that HTTPS does is ensure the website you are visiting are who they claim they are. That way when you go to and you see  you know that this is really and not someone pretending to be and steal your information. This is important on shared networks someone could redirect one of your favorite social media sites to a fake one, in an attempt to steal your passwords or other details. This is the classic man-in-the-middle attack. Avoiding man-in-the-middle attacks is why you should never ignore big red certificate invalid errors!

The other important thing that HTTPS does is encrypt the connection from you to the server. This means that someone who intercepts the data being sent to the server can read it, only the server can. This protects information like messages, credit card details, passwords, and other private information.

How Does Caddy Help?

HTTPS runs based on certificates. In (very) simple terms, a certificate certifies that I am who I say I am, so only Twitter can hold the certificate for These certificates should be signed by someone who everyone can trust. That signature says that this person claiming to be Twitter is actually Twitter; I have checked. We can then trust that is actually because they have the correct signed certificate.

In the before Caddy (and before LetsEncrypt) times we would have to go through this process with a person, and a credit card. Pay some money, have some checks run to make sure that we are who we say we are, and we have control over the web domain that we are trying to get the certificate for, then a few hours/days/weeks later we would get a certificate file that we could then go and configure with our website to get that cute little green padlock. With Caddy we need to do none of these things. Caddy will communicate with the certificate authority (the people who can sign things) behind the free certificates service LetsEncrypt and grabs us a valid, free certificate with none of the fuss from the old systems. Yay!

Caddy is Easy to Configure too. { 
    root /var/www 

Yup, that all the configuration you need to host a static website from the /var/www directory! Not only that, but that configuration will automatically generate and use a valid HTTPS certificate. Caddy is very easy to use.

Caddy can do Other Things

Caddy can do all the thing you would expect for a web server, proxy connections, filter connections, compress things on connections. Some of these are possible through Caddy it’s self a other are possible through the extensive list of plugins available for Caddy users. See more here:

What does Caddy cost?

Caddy used to be free for everyone, but recently they seem to be moving into requiring a commercial licence IF you download the pre-built binaries from their website. So just compile it yourself and you are good to go. You can still even include plugins!


So that is the Caddy web server. A welcome utility with a number of cool features that heaps of places can benefit from! Visit getting started to start using Caddy and keep an eye out for a Caddy how-to blog on a few of the cooler use cases for Caddy! Until then…

Tim Gray
Coffee to Code


You can read Tim’s other DevOps blogs here

%d bloggers like this: