How To Setup An Caddy Server - The Ultimate Server

hi and welcome in this video we will be looking at as caddy themselves say the ultimate server in this video we will learn how you can set up your own caddy server to easily add TLS to your traffic py is a server that functions as a web server a reverse proxy and a load balancer and what's special about caddy is that it actually handles certificate management automatically by default and this is really handy so it will fetch a certificate for you and it will install the C certificate on your server it will also renew this certificate so you don't have to even consider your certificate anymore it's actually really amazing once you have caddy set up and one other thing that's really interesting about caddy is how easy it is to get started let's begin by taking a look at what caddy has to offer Us and how it can offer Us automatic certificate management so caddy boasts a pretty strong feature set so it can serve static files it can work as a reverse proxy and you can use it for https and certificate management and it also makes uh using https during local development very easy so one thing that's kind of important to understand about caddy is how does the certificate management work because we will be offloading our security basically to them because we will rely on caddy to actually work properly to give us our C certificate so that we can use encrypted traffic caddy is running something called Acme now Acme is a protocol built to automate certificate management so that's basically what caddy is using now to make a really simple explanation of Acme um we can actually just uh put up caddy here so we have our caddy server and our caddy server we will be talking to a certificate Authority certificate Authority and the certificate Authority is a is somebody who can create new certificates for us so by default with C without any configuration it will be using let's encrypt and also Zer SSL so those will be used by default unless you specify otherwise with now Patty will be talking to the certificate Authority for us and basically it will ask the certificate Authority for a certificate and they will respond that you have a challenge to solve before we can give you one and this can be a DNS or https challenge so basically if we take a look at the DNS challenge for instance that would mean somehow proving that we are the owners of the domain and this is usually done by adding a some kind of value to your DNS records and once we have done that the certificate Authority knows that okay you are the true owner of this domain and then caddy can send back to them something called a certificate signing request uh or also known as CSR and this CSR contains information such as the public key used for the for the crypto once it's received by the certificate Authority they can hand us our certificate and everyone is happy and once we have the certificate we are good to go using https or TLS and everything here is done automatically for us by tag or should I say the Acme protocol one thing with caddy is that not only does it by default use two certificate authorities so if one of these would not respond anymore if the certificate signing request fails for whatever reason it will actually fall back by default to the second Authority so that's also really a amazing okay so before we start setting up caddy let's also make a quick note that the there are three ways in which you can configure caddy you can configure caddy using a API caddy file which is a file using a special syntax only for caddy which will be using when we're setting up our CAD server there's also Json configurations f so you have to decide which one suits your needs my recommendation is to use the API or djon configurations whenever you have Dynamic services such as maybe endpoints that needs to be programmatically modified and changed then the API is great um but working with caddy files as you probably will see real shortly is that it's really easy the syntax is super easy and and they are kind of fast to set up to get started with the magic of caddy we first need to install it there's there's a ton of supported option if you visit their website on how to install it you can use Docker and you can use a barebone installation paty comes as a single binary so it's pretty easy to use in this tutorial I will be using caddy installed on a Ubunto machine and it's as easy as copying the commands and running them once you run these commands you should be able to use caddy and in the command line note that this this installation will run caddy as a system service so it's important to understand that and go to my terminal and simply paste them in it will prompt me for my password and we should see a bunch of stuff stuff being installed once the commands are done you should be able to to use caddy to see information being printed now remember that installing caddy like this on a barebone machine will start the system service so we are now having a caddy running on my machine but by default caddy doesn't do anything the default installation is a zero configuration we can make sure caddy is running by curling Local Host Port 2019 SLC config and we can pipe the output to JQ to JQ to get a nice print you can see this is our current configuration on the caddy server so it's listening on Port 80 and it's handling a simple file server and a user and this is this means that cadd is up and running we're getting a response on Port 80 now what did I curl we curled 2019 which is the default port for the caddy API so caddy a caddy server comes with a API that you can use to manage it and it's by default on Port 2019 so cadd is up and running on my server here and that's great let's take a look at caddy um because we don't want to run it as a service while we are testing it so I'm actually going to go ahead and show you guys the difference between a few commands we can run caddy stop that will stop my server if I go ahead and Cur it now I won't get any response so there there is two commands to run caddy one of them is caddy start which will run the caddy Ser server as a background service so if I run caddy start it will start in the background you can also see a bit of information such as the address Etc I'm going to go ahead and stop it again and I'm going to go ahead and this time use the caddy run caddy run allows us to run caddy inside my terminal and it's very useful when you're testing your new configurations and you want to see what's going on and you can easily and you can easily um have it running like this so that's what we're going to do during this tutorial so let's begin by configuring the caddy server using our caddy file to act as a reverse proxy to begin with now we will be writing our first caddy file to learn how that works so we're going to do a simple hello world response thing to just get the hang of it and see what's going on and before we begin I'm going to make sure that CAD isn't running because we want to run it in the terminal and we're going to see how easy it is to set up caddy on Local Host post to get a https service running so we're going to begin by creating a new file called Addy file which will be our configuration now we can whenever we do caddy run we can specify the-- config to specify which caddy file we're going to load during the startup and we can simply insert our caddy file like this so we make sure that caddy starts with with the configuration that we are actually currently developing and I'm going to go ahead and open my caddy file and once we have this caddy file we're going to take a look at the very simple syntax of caddy You Begin by specifying the name of your domain let's go ahead and make sure we want to host a app. localhost and and app. localhost is the domain name so you always type your domain name here as a server block to tell caddy that on this domain we want to do something something and that something will be in this case a simple respond hello from caddy so this configuration is super basic on the domain app. localhost respond with this let's go ahead and save that and well let's run it that's all you need to do to create a HTTP route on your Local Host which automatically renews your certificate by by the way and before we before we run this I want to mention that localhost is a kind of magic prefix in Caddy so to make certificates for your Local Host which well you have to use makert or something but if the domain name ends with Local Host Caddy will automatically manage the certificate for you so any domain name with localhost is a special domain if you want to learn more about the special addresses there's a block on their website for these so as you can see here you can see Local Host is special and CAD will act on that so let's go ahead we want to run this so before we run this I'm actually going to run cadd as PSE sudo the reason why I want to run caddy as PSE Sudo is because caddy requires uh root access to install the certificates so whenever you have generated a certificate it needs to be installed on the server and CAD will do this for you but it does need permission so I'm just going to go and run PSE sudo and if you don't want to use PSE sudo you can take a look at the manual installation block you can configure a caddy to run without it but you you need to set up the permissions for the correct folders Etc and we're going to go CAD run and if you do caddy run it will automatically detect any file named caddy file in your directory so if I run it here it will automatically search for this file if this file isn't present we can use the-- config to tell it tell CAD where to find it but for now we can simply run py run you can see a bunch of stuff is happening that didn't happen before it's actually installing the root certificate and it's actually telling us that we need to run CAD fum which we can do which will just format our CAD FY let's go ahead let's just do that before we do anything else to make sure that we don't have any errors let's fum and let's run it again so you can actually take a look at the information we can see enabled automatic TS TLS certificate management for the domain app. localhost and this is pretty cool now to make sure this works let's go ahead and open our browser and let's just visit https going to Local Host we're going to app. localhost and notice that we're using https to the Local Host you can see it's not uh you might see this um since we're using a local host right now so this is this is due to so this security warning is because we're on local host of course we don't have a valid domain but we do get a hello from CAD you see how easy it was to set up caddy like seriously let's take a look at the caty this is everything we needed to do which is pretty amazing but we're not done yet this was kind of basic example right to make this a little bit more interesting we should go ahead and host an application so we can see how we can use Paddy as a reverse proxy for instance to do TLS termination for our service uh and to do that let's go ahead and just create a simple main.go I'm going to create a super small go program that simply hosts a help endpoint that we can ping or check to see that our application is up and running so I'm going to create a main function and I'm going to allow us to insert a port flag so we can determine which port to use let's use 880 by default and this is the port to host the server port to host server and we're going to do a flag. parse and let's just create a HTTP Handler in go which should look like this and whenever we get a request we are we just want to log let's just say we got a heal request that's just going to print to the standard out that our request was received we are going to respond to the caller and we're just going to say okay that's a simple health check right and let's also make sure that we Host this on a https server so we're simply going to create a URL which is using the port and let's yeah what let's print starting server on and let's print that and let's print out the address and then let's start the server and we do that simply by HTTP listen and serve and we're doing it on our address and we don't have a HTTP Handler in this case and if anything goes wrong let's just print it for now fail to fail no server just print error and let's change this to a print F this is a super simple oh my bad and let's change this to just use print line instead and we've covered the errors let's skip the go PLS error so this is a simple go program which will host a HTP server with a slal endpoint which we can use to call and in our address here we need to make sure that we're using a pointer to the string so make sure we do that and then I'm going to open a new terminal and I'm going going to run Port 8081 so I'm now running a goang server on Port 8081 let's go back to our C file to see how we can use um to see how we can expose this I'm going to open our CAD file hi everyone I just wanted to thank better stack for sponsoring this video If you're looking for topnotch log management and monitoring better stack has got you covered better stack offers powerful tools that help you monitor your entire infrastructure analyze logs and ensure that your applications run smoothly better Stack's intuitive dashboards and realtime alerts make it easy to stay on top of any issues before they become a problem better stack can help you monitor up times help you with monitoring logs and metrics not only that integrating better stack into your infrastructure is really easy by using their interactive connection setup you select your platform and there is a ton of platforms supported everything from debm to Docker rnet AWS and a lot of other stuff basically everything is available so if you need reliable uptime monitoring and log management do like many of the other big companies and check out better stack thank you for sponsoring and I'm going to add a new domain I'm just going to do a new block here and I'm going to call it service and I'm going to call it my service. Local Host and we will be doing a reverse proxy so in Caddy you can specify reverse proxy and then after reverse proxy you add where it can find um the real application so I'm just going to do Local Host 881 so we're say any requests coming into the caddy server on service. localhost will be reverse proxied towards Lo host 881 that's pretty simple so let's save this file I'm also going to do a caddy fumed override just to make sure that everything's fine and let's do a cad run uh as pseudo so that we can install the certificate and you should be able to see it's now printing service. localhost so C is running let's create a new terminal and let's just curl I'm just going to curl curl it https service. localhost SL Health which is where our application is having an endpoint and I'm receiving okay if I go back to my go server you can see got a help request so that's how you set up a reverse proxy using caddy and I have to say it's pretty damn easy compared to many of the other options out there not only do we have a reverse proxy we have automatic TLS management it's just this is just going to keep renewing my TLS certificates right now they're Local Host so we will cover that shortly so there's much more you can do with caddy we have only looked at how we can use a reverse proxy let's take a look at load balancing and health checks and then after that we will set up a real domain to use cadd the load balancing is another great feature of caddy and load balancing is when you set up a set of multiple instances socalled upstreams so maybe in our use case we will be running the go service on two ports for instance but these could be on two different servers so you would have redundancy so we're going to set up caddy for load balancing and it's basically so we have our caddy server and we have requests coming in and we're going to tell caddy that we have something called obst and these upstreams are of course are applications running on Port 8081 for instance but we're also going to tell caddy that this application can also be found on Port 882 this way we can have redundancy and we can easily tell caddy to do this for us so let's take a look at how we can do that open up a terminal and I'm going to go to my folder where I keep the go program and I'm going to run it but this time I'm going to run it on Port 8082 apart from that we need to go back to our cadile because we need to update it now we're going to still use a reverse proxy but we want to load balance between our two applications we can easily do that by simply typing the URL to the second service after the first so these are our two Upstream servers running our goang application and once we have that we can do brackets to add options so we can add load balancing options and in our case we're going to say that the load balancing policy will be a round robin and a round robin will be that it sends the first request to this one the second request to the second one and then round and round we go now of course learn more about the different load balancing items you can use the amazing documentation in Caddy to learn more about it there's a lot of things that you can configure there's a lot of things that you can configure such as retries Etc how often it should retry and how often you should retry and other settings this is a simple load balancing between our two services I'm just going to go ahead and restart the cad server to show you guys that this is actually working as expected so I'm going to do sudo Caton and I am going to go back to my curl and I'm going to curl a few times and let's go to our goang Terminals and you should see now they both are getting requests so we're load balancing between the two of them using caddy the qu the requests are going to caddy and caddy just kind of reverse proxies them to the correct application so let's take a look at uh health checks also because that's pretty important if you have a load balancer you need to configure like how you need to configure stuff like how will we know that the application is up and running how should the load balancer know when a application is down or not and that's uh pretty easy in Caddy as well so can specify something called a health path this is a path where in which caddy can send requests to validate that the application is up and running I'm going to go ahead and add our health SL Health that means it will send requests to Local Host 881 health and also 882 Health to make sure that the services are up and running now we can specify how often by Health interval for instance so each F each fifth second and we can set a time out for 2 seconds this is how long we will wait for a response from the health endpoint so if it takes more than two seconds we will consider the service down and we can also specify the health status uh we want 200 this is the HTTP code that we are EXP if we get anything other than 200 we will know something is up so we can save this and we can uh go ahead and do caddy run again and I'm going to jump to my goang services and you will see that we are now getting Health requests to our service now what if one server goes down if I shut down 8082 like this I've shut that down now you can see it keeps sending requests and if we go to the caddy server you can see that we're getting errors now so the help Checker is actually responding and if I go back to my curl I shouldn't even notice you see everything keeps working it has detected that this application is down so it just keeps forwarding us to 8081 and of course if I were to rerun my program you can see it automatically starts injesting new requests again so CAD as a load balancer reverse proxy is super easy to set up and it makes using https on your Local Host with real domain names really easy and I like that because I've noticed sometimes where I'm developing an application then we're going going to go production we switch to H HT PS and there might be unforeseen uh problems so I just kind of always run it to always have https and whatever it's super simple to use so to use caddy with a real domain you need to do one thing you need to go into your DNS provider or wherever you have your DNS I'm going to show you how I'm using Cloud flare right now and I'm going to use cloud flare to add my DNS record for CAD in it's a a record in your DNS provider you can name it whever you want but I'm going to use Addy as a subdomain so I'm naming my caddy you need to insert the IP address of your server that will host caddy this should go towards your caddy instance and once you've added a DNS record for your Caddy server you can start up caddy and add the domain so I'm just going to go into my droplets and I'm going to do a new C file on my droplets and I want to add the domain name a record that I used in my case it was py do my domain which is pery Balmer workor I want to do a reverse proxy and I wanted to use Local Host 880 in m so any requests going to caddy doers Balmer dwork will be reverse proxied into the service running on 880 I'm going to go ahead and run my go main.go I'm going to specify Port 880 so that my service starts running on Port 880 in my case I'm just going to put that in the background for now so it's up and running let's go ahead and make sure we do caddy run has configured the domain for caddy dopal mer.org so it's the same thing as when you're doing Local Host you don't have to change anything just in your CAD file you put the domain name we can simply open up a new browser and do caddy Percy Balmer dwor and I'm also going to visit SL health because that's our endpoint and what do you know we're getting a response from our server using caddy and it's https and the certificate will keep keep on uh renewing and everything is done automatically for us I just want to quickly mention that when you're running caddy maybe you don't want to do caddy run and one thing that is good to know is that Caddy will automatically search for a caddy configuration whenever the system service starts up inside SLC slash caddy slash caddy file so I'm just going to go ahead and copy my caddy file to that location and then whenever I do caddy start um Caddy will be running in the background and you can see it's using my configuration because we are seeing the domain being picked up so that's pretty good if you want to start using it before we sum this tutorial up I think it's important that we start talking about Advanced features and Mony and P has support for many Advanced features such as configuring where to store data uh as you can see by default it's using a file storage uh on the machine but you can configure this to use whatever you want you can configure custume CA roots to use and a lot of the options are found inside the caddy documentation and I I'm really impressed with the cad documentation I feel it's it's very well structured and easy to read so I recommend you to take a look at all the options that are available now one thing that's really important is actually I'm just going to go ahead and mod modify our caddy file because I want to add something that I feel is really important and inside caddy you can use a global configuration and that is done by having this super simple empty without a domain name block and in here we can insert the configurations that we want to use one such thing is the email the email configuration will allow you to specify an email address that will receive emails when there are issues with grabbing in new certificates and that might be really important if maybe for some reason somebody removed your DNS record and and it cannot it can't and it can no longer renew your certificate and you want to be notified with that so I'm just going to go ahead on my server and specify my email so now caddy can include this information to the certificate Authority so you can receive an email whenever there's an issue and one other thing that I find super important and super nice is the server block where you can configure specific stuff for your server and one of them is if you add metrics like this you have a server block with the name metrics and if we save this howy will automatically and we can do caddy reload and I'm just going to specify my caddy F because otherwise it will use my non production file I'm reloading the configuration and reload will you know update your current configuration for the service which is great once that is done we can actually do a curve on Local Host 2019 SL metrics and you will see Prometheus metrics being printed which can be used to automatically detect if there's any errors currently uh you can see how many upstreams you have up and running and this can be used to monitor to know like if for instance when we turned one of the upstreams down before that would change from a two to a one and we can use that to monitor so metrics is really important to include all right I hope this tutorial has shown you how to set up a cad server for That Sweet automatic enablement of http TLS and also the renewal and I hope you understand that using caddy leaves you with no work it's everything is done automatically for you and I feel CAD is a fresh Breeze in the server management since it's very easy to configure it's very easy to use and again you don't have to worry about the certificates or anything it just kind of seems magical and works and I'm really impressed with the c files as well how easy they are to use I hope you enjoyed this video and I hope you will set out and try caddy to see how you can use it and see if you can start using it in production

I often use Nginx with Let's Encrypt to provide TLS to my services. The setup is straightforward: install Nginx and Cerbot, which will automatically renew your certificates.  That has been my favorite approach over the past years. What if we could make it even easier?  Caddy is a server that functions as a web server, reverse proxy, and load balancer. All with built-in automatic certificate management. With Caddy, there is no need to install or manage anything other than Caddy itself. This integration reduces the setup complexity and minimizes the potential for errors, which makes it super efficient to start using. Everything that needs to be done is pointing a DNS record to the Caddy server and everything will be taken care of, leaving you with a secure communication for your services. Caddy has a strong set of features that it provides. Serving static files Reverse Proxy HTTPS and certificate management Making Localhost HTTPS development easy One thing we need to understand is how the certificate management is performed. Caddy leverages the ACME protocol to manage certificates This video was sponsored by Betterstack. You can view their product at https://betterstack.com/ BetterStack specializes in collecting logs and monitoring.