Docs / Web Servers / How to Set Up Caddy Server with Automatic HTTPS

How to Set Up Caddy Server with Automatic HTTPS

By Admin · Mar 2, 2026 · Updated Apr 23, 2026 · 28 views · 3 min read

How to Set Up Caddy Server with Automatic HTTPS

Caddy is a modern web server that automatically provisions and renews TLS certificates from Let's Encrypt with zero configuration. It is an excellent choice for quickly deploying secure websites and APIs on your Breeze server without manually managing SSL certificates.

Installing Caddy

Install Caddy using the official repository:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update && sudo apt install -y caddy

Basic Caddyfile Configuration

Caddy uses a configuration file called Caddyfile located at /etc/caddy/Caddyfile. The simplest configuration serves a static site with automatic HTTPS:

yourdomain.com {
    root * /var/www/yourdomain.com
    file_server
}

That is it. Caddy will automatically obtain a certificate from Let's Encrypt, redirect HTTP to HTTPS, and serve your files. No extra directives needed.

Serving Multiple Sites

Add additional site blocks for each domain:

site1.com {
    root * /var/www/site1
    file_server
    encode gzip
}

site2.com {
    root * /var/www/site2
    file_server
    encode gzip
}

api.yourdomain.com {
    reverse_proxy localhost:3000
}

Reverse Proxy Configuration

Caddy excels as a reverse proxy. Forward traffic to a backend application with a single line:

app.yourdomain.com {
    reverse_proxy localhost:8080
}

# With load balancing
app.yourdomain.com {
    reverse_proxy localhost:8080 localhost:8081 localhost:8082 {
        lb_policy round_robin
        health_uri /health
        health_interval 30s
    }
}

PHP Application Support

To serve a PHP application like WordPress or Laravel:

yourdomain.com {
    root * /var/www/yourdomain.com/public
    php_fastcgi unix//var/run/php/php8.2-fpm.sock
    file_server
    encode gzip
}

Adding Headers and Security

yourdomain.com {
    root * /var/www/yourdomain.com
    file_server
    encode gzip

    header {
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        Referrer-Policy "strict-origin-when-cross-origin"
        -Server
    }

    log {
        output file /var/log/caddy/access.log
        format json
    }
}

Managing Caddy

# Validate configuration
caddy validate --config /etc/caddy/Caddyfile

# Reload without downtime
sudo systemctl reload caddy

# View certificate status
caddy list-modules
curl -s http://localhost:2019/config/ | jq .

# Check logs
journalctl -u caddy --no-pager -f

Custom TLS Configuration

If you need to customize TLS settings or use your own certificates:

yourdomain.com {
    tls /etc/ssl/certs/yourdomain.pem /etc/ssl/private/yourdomain.key

    # Or use a specific email for Let's Encrypt
    tls admin@yourdomain.com
}

Why Choose Caddy

  • Zero-config HTTPS — automatic certificate provisioning and renewal with no extra tools
  • Simple syntax — the Caddyfile is significantly more concise than Apache or Nginx configs
  • HTTP/2 and HTTP/3 — enabled by default with no additional configuration
  • Built-in reverse proxy — no modules or extra packages required
  • Automatic OCSP stapling — improves TLS performance for visitors

Was this article helpful?

Related Articles