Install and Enjoy Caddy Web Server on Linux

1
1684

In the present world, security is the most important thing to keep an eye on. Even the slightest leakage can allow a huge tragedy to take place. In the case of websites, HTTPS is very important as without it, users are more likely to leak their sensitive info in the online. If you’re a webmaster, you may already be using NGINX or Apache. These are obviously very popular and powerful, but setting up HTTPS with them is a painful task.

Thanks to the world of devs, there’s another alternative solution to the problem – Caddy Web Server. It’s a really nice alternative to all those popular choices. It also comes with HTTPS by default, saving a lot of hassle and problem in the start.

Let’s take a look on installing Caddy in our system.

Installing Caddy Web Server

For installing Caddy in our Linux system, we’re going to use cURL. Caddy works the same on all the available platforms including all the normal Linux versions and server editions. It’s because Caddy loves to distribute their software with the help of a specialized bash script instead of adding software repo.

Run the following command:

curl https://getcaddy.com | bash -s personal

In this demo, we’ll be running the Caddy “personal” (free) edition. It’s free of course, but for larger organizations and for higher usage, you should get the commercial edition. However, the commercial one is a bit costly. You can check out the commercial price plans here.

If you want to install the commercial version of Caddy Web Server, run the following command:

curl https://getcaddy.com | bash -s commercial

After the script finishes downloading and installing Caddy, it’ll be installed in /usr/local/bin/ directory. Now, run the following command for modifying the Caddy binary.

sudo setcap cap_net_bind_service=+ep /usr/local/bin/caddy

Configuring Caddy

Now, we have to configure the server. Let’s get going.

Enable root access:

su

OR

sudo -s

Create the directories where Caddy will operate:

mkdir /etc/caddy
mkdir /etc/ssl/caddy
mkdir /var/www

Note that if your server already contains “/var/www/” directory, you can skip the last command.

Now, create a new “Caddyfile”:

touch /etc/caddy/Caddyfile

Update the folder permission of the Caddy sub-folder:

chmod 0770 /etc/ssl/caddy

Now, chown the “/var/www” directory.

chown www-data: /var/www

For working properly with the “systemd”, run the following commands:

touch /lib/systemd/system/caddy.service
nano /lib/systemd/system/caddy.service

Paste the following code into the editor, then “Ctrl + O” to save the file and “Ctrl + X” to close the editor

[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target

[Service]
Restart=on-failure
StartLimitInterval=86400
StartLimitBurst=5

User=www-data
Group=www-data
; Letsencrypt-issued certificates will be written to this directory.
Environment=CADDYPATH=/etc/ssl/caddy

ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID

LimitNOFILE=1048576
LimitNPROC=64

PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=full
ReadWriteDirectories=/etc/ssl/caddy

; The following additional security directives only work with systemd v229 or later.
; They further retrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
;AmbientCapabilities=CAP_NET_BIND_SERVICE
;NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

Restart “caddy.service”:

systemctl enable caddy.service
systemctl start caddy.service

Setting up domains

Now, it’s just normal configuration like most other servers to perform some configurations. Let’s start with the domain folder.

Edit the “Caddyfile” for activating your new domain. Don’t forget to change the names with your domain name.

mkdir -p /var/www/osradar.com/
nano /etc/caddy/Caddyfile

# Paste the following code for activating your domain on Caddy

domain-demo.com {
root /var/www/osradar.com
}

Restart the “caddy.service”:

systemctl restart caddy.service

Enjoy Caddy! Check out installing MariaDB server on CentOS 6/7 and Fedora 27/28.

1 COMMENT

  1. I think some semicolons went missing. I would recommend just:
    mkdir -p /etc/caddy /etc/ssl/caddy /var/www
    (with -p there are no problems if the directory already exists, or if the parent doesn’t).

    The lines starting with “touch”, “systemctl” and “mkdir -p” are missing semicolons.

    Also, the setcap is not necessary, as it is part of the standard install script.

LEAVE A REPLY

Please enter your comment!
Please enter your name here