Secure by Default

Caddy is the only web server that uses HTTPS by default. A hardened TLS stack with modern protocols preserves privacy and exposes MITM attacks.

No Dependencies

Written in Go, Caddy binaries are entirely self-contained and run on every platform, including containers. You don't even need libc.

Easy on Beginners

Caddy's audience ranges from new site developers to seasoned professionals because simple configuration helps you get things done faster.

Production-Ready

Caddy is the real deal: a robust web server that is trusted in production environments for thousands of sites.

✔ Static files
✔ Dynamic sites
✔ Simple configuration
✔ Zero-downtime reloads
✔ Extensible core
✔ Automagic TLS

Features

General

Other web servers were designed for the Web, but Caddy was designed for humans, with today's Web in mind.

Basic Features

The Caddyfile

An easy, intuitive way to configure your site. It's not scripting, and not hard to memorize. Rolls off the fingers. You'll really like it.

Static Files

By default, Caddy will serve static files in the current working directory. It's so brilliantly simple and works fast.

Dynamic Sites

Caddy can also be used to serve dynamic sites with templates, proxying, FastCGI, and by the use of plugins.

Command Line Interface

Customize how Caddy runs with its simple, cross-platform command line interface; especially great for quick, one-off server instances.

Plugins

Caddy can be extended with plugins. All server types, directives, DNS providers, and more features are plugins! They're easy to write and get compiled in directly.

Multi-core

When the going gets tough, Caddy gets going on more CPUs. Go's scheduler understands Go code, and goroutines are more lightweight than system threads. So yeah, it's fast.

Embeddable

Writing another program or web service that could use a powerful web server or reverse proxy? Caddy can be used like a library in your Go program.

Run Commands

Caddy can be configured to run system commands at startup and shutdown. Useful when your site requires other processes running.

Caddyfile Validation

Given a command line flag, Caddy will parse and verify your Caddyfile without actually running it.

Process Log

Caddy can write a log of all its significant events, especially errors. Log to a file, stdout/stderr, or a local or remote system log!

Log Rolling

When log files get large, Caddy will automatically rotate them to conserve disk space.

Deployment

Static Binary

Caddy is a single executable file with no dependencies, not even libc. Literally just needs some metal and a kernel. Put Caddy in your PATH and run it. Done.

Cross-Platform

Windows, macOS, Linux, BSD, Android, Solaris, 32-bit, x64, ARM, mips64... you name it: Caddy probably compiles for it.

Graceful Reloads

After making config changes, use signal USR1 to reload Caddy gracefully with zero downtime on Unix systems.

Graceful Upgrades

Replace the binary and upgrade it by signaling Caddy with USR2. Caddy will restart with zero downtime on Unix systems.

Custom Builds

When you download Caddy from our website, choose the plugins you want to include, and get a custom build in seconds made just for you.

Signed Downloads

Each download from the Caddy website—even custom builds—are cryptographically signed which you can use to check their integrity.

PIDFile

Caddy can write a process ID (PID) file to disk so you can more easily keep track of it in automated/headless environments.

Containers

Caddy runs well in bare Docker images and is even available for download as a Docker image.

Homebrew

Caddy is already so easy to install, but it's even easier on Mac with brew install caddy.

GetCaddy.com

Use getcaddy.com to download and Caddy with a single command. It only takes a single HTTPS request to download a custom build!

Help & Support

Personal License

  • Community forum
  • Basic email support
  • Company use

Commercial License

  • Community forum
  • Basic email support
  • Company use

Questions? Email sales@lightcodelabs.com or call +1-435-612-0494.

Security

Among Caddy's flagship advantages are its sensible defaults and unique security features which help protect your site and your visitors' privacy.

TLS

Modern Cipher Suites

Caddy uses the best cipher technologies including AES-GCM, ChaCha, and ECC by default, balancing security and compatibility. You can customize which ciphers are allowed.

Man-in-the-Middle Detection

For HTTPS requests, Caddy can detect when the client's TLS connection is likely being intercepted by a proxy, giving you the ability to act accordingly.

Memory Safety

Caddy is the only web server in its class that is impervious to bugs like Heartbleed and buffer overflows because it is written in the memory-safe language of Go.

Client Authentication

With TLS client auth, you can configure Caddy to allow only certain clients to connect to your service.

Hardened Stack

Caddy is proudly written in Go, and its TLS stack is powered by the robust crypto/tls package in the Go standard library. Never vulnerable to Heartbleed or other similar flaws!

PCI Compliant

Companies choose Caddy because its TLS configuration is PCI-compliant by default. It has even saved some companies hours before losing certification!

Scalable Storage

TLS assets are stored on disk, but the storage mechanism can be swapped out for custom implementations so you can deploy and coordinate a fleet of Caddy instances.

Key Rotation

Caddy is cited as the only web server to rotate TLS session ticket keys by default. This helps preserve forward secrecy, i.e. visitor privacy.

Server Name Indication

Caddy uses the TLS extension Server Name Indication (SNI) to be able to host multiple sites on a single interface. Like most features, this just works.

Redirect HTTP to HTTPS

Caddy's automatic HTTPS feature includes redirecting HTTP to HTTPS for you by default.

Certificates

Auto Obtain

Caddy obtains certificates for you automatically using Let's Encrypt. Any ACME-compatible CA can be used! Caddy was the first web server to implement this technology.

Auto Renew

Certificates are automatically renewed in the background before they get close to expiring, no downtime or notifications required!

Certificates On-Demand

Caddy is the only web server that can obtain certificates during a TLS handshake and use it right away.

Bring Your Own

If you still prefer to manage certificates yourself, you can give Caddy your certificate and key files (PEM format) like you're used to.

Bulk Cert Loading

If you manage many certificates yourself, you can give Caddy an entire folder to load certificates from.

Easy Self-Signed Certs

For easy local development and testing, Caddy can generate and manage self-signed certificates for you without any hassle.

SAN Certificates

Caddy fully accepts SAN certificates for times when you may be managing your own SAN certificates and wish to use those instead.

Cluster Support

Caddy can share managed certificates stored on disk with other instances and synchronize renewals in fleet deployments.

Scalable

Caddy's certificate management scales well up to tens of thousands of sites and tens of thousands of certificates per instance.

Wildcards

When needed, Caddy can obtain and renew wildcard certificates for you when you have many related subdomains to serve.

OCSP

Stapling

Caddy staples OCSP responses to every qualifying certificate by default. Caddy's OCSP stapling is more robust against network failure than other web servers.

Caching

Every OCSP response is cached on disk to preserve integrity through restarts, in case the responder goes down or the network link is being attacked.

Must-Staple

Caddy can be configured to obtain Must-Staple certificates, which requires that certificate to always have the OCSP response stapled.

Background Updates

Unlike other web servers, Caddy updates OCSP responses in the background, asynchronously of any requests, well before their expiration.

Pre-Validated

An OCSP response will not be stapled unless it checks out for validity first, to make sure it's something clients will accept.

ACME Protocol

HTTP Challenge

Caddy can solve the HTTP challenge to obtain certificates. You can also configure Caddy to proxy these challenges to other processes.

TLS-SNI Challenge

Caddy solves the TLS-SNI challenge which happens on port 443 and does not require opening port 80 at all.

DNS Challenge

Caddy solves the DNS challenge which does not involve opening any ports on the machine. There are integrations for all major DNS providers!

Revocation

If one of your private keys becomes compromised, you can use Caddy to easily revoke the affected certificates.

Customizable CA

Caddy is designed to be used with any ACME-compatible certificate authority, which you can customize with a single command line flag.

Robust to Failovers

Caddy is the only web server and only major ACME client that was not disrupted by CA changes and outages, or OCSP responder hiccups.

Caddy changed Internet history when it became the first web server to set up and maintain good HTTPS for site owners automatically.

Caddy proved that Internet security doesn't have to be an afterthought. Or a thought at all.

We believe privacy is a human right. All it takes is one Caddy instance to give privacy to potentially millions of people.

Sponsor the project and become a valuable partner in making the Web more secure!

Get in touch! Email sales@lightcodelabs.com or call +1-435-612-0494.

HTTP Server

Caddy's most popular server is the HTTP server because of its wide array of features, performance, and easy deployment.

Site Features

Directory Browsing

List files and folders with Caddy's attractive, practical design or according to your own custom template.

Virtual Hosts

Serve multiple sites from the same IP address with the Caddyfile.

Configurable Binding

You can select which network interfaces to which you bind the listener, giving you more access control over your site.

Markdown

Let Caddy render your Markdown files as HTML on-the-fly. You can customize the CSS and JS files for each page, or provide an entire template.

Templates

A powerful and improved alternative to Server-Side Includes, templates allow you to make semi-dynamic sites quickly and easily.

Custom Error Pages

Show user-friendly error pages when things go wrong, or write the error details to the browser for dev environments.

Logging

Caddy takes copious notes according to your favorite log format. Log errors and requests to a file, stdout/stderr, or a local or remote system log.

Debugging

Peer inside Caddy with Go's pprof and expvar functions, which allow you to profile the process and see exported variables.

Static Compressed Assets

When serving static files to a client that supports compression, Caddy will prefer serving the compressed equivalent if it exists on disk.

Request Size Limits

You can limit the size of request bodies that go through Caddy to prevent abuse of your network bandwidth.

Timeouts

Enabling timeouts can be a good idea when your server may be prone to slowloris attacks or you want to free up resources from slow networks.

Request ID

Assign UUIDs to requests and optionally add them to header fields or log entries, etc.

Custom Indexes

Customize which file names are considered as index files.

Web Protocols

HTTP/2

It's time for a faster web. Caddy uses HTTP/2 right out of the box. No thought required. HTTP/1.1 is still used when clients don't support HTTP/2.

QUIC

Sites load faster with QUIC and connections aren't dropped when switching networks. Caddy's the first web server to offer this (experimentally).

WebSockets

Caddy supports making WebSocket connections directly to local programs' stdin/stdout streams that work a little bit like CGI.

IPv6

Caddy supports both IPv4 and IPv6. In fact, Caddy runs full well in an IPv6 environment without extra configuration.

FastCGI

Serve your PHP site behind Caddy securely with just one simple line of configuration. You can even specify multiple backends.

HTTP Spec

HTTP/2 Server Push

Server push is when the server sends resources to the client before being asked for it, and it speeds up page loading.

Basic Authentication

Protect areas of your site with HTTP basic auth. It's simple to use and secure over HTTPS for most purposes.

Redirects

Caddy can issue HTTP redirects with any 3xx status code, including redirects using <meta> tags if you prefer.

Headers

Customize the response headers so that some headers are removed or others are added.

Reverse Proxy

Basic Proxying

Caddy can act as a reverse proxy for HTTP requests. You can also proxy transparently (preserve the original Host header) with one line of config.

Load Balancing

Proxy to multiple backends using a load balancing policy of your choice: random, least connections, round robin, IP hash, or header.

SSL Termination

Caddy is frequently used as a TLS terminator because of its powerful TLS features.

WebSocket Proxy

Caddy's proxy middleware is capable of proxying websocket connections to backends as well.

Health Checks

Caddy marks backends in trouble as unhealthy, and you can configure health check paths, intervals, and timeouts for optimal performance.

Retries

When a request to a backend fails to connect, Caddy will try the request with other backends until one that is online accepts the connection.

Header Controls

By default, most headers will be carried through, but you can control which headers flow upstream and downstream.

Internal Requests

Caddy supports the X-Accel-Redirect (or X-Sendfile) header so you can protect resources from "external" requests.

Service Discovery

Proxy to backends dynamically using service discovery by DNS SRV records. Great for microservice architectures!

Proxy to QUIC

Caddy can reverse-proxy to QUIC backends, for end-to-end QUIC transmissions.

Amenities

Clean URIs

Elegantly serve files without needing the extension present in the URL. These look nicer to visitors and are easy to configure.

Rewrites

Caddy has powerful request URI rewriting capabilities that support regular expressions, conditionals, and dynamic values.

Response Status Codes

Send a certain status code for certain requests.

Define MIME Types

Caddy can usually detect the MIME type of content it's sending, but you can customize MIME types if you have special content.

Gzip

Compress content on-the-fly using Gzip, a fast compression technique that reduces bandwidth and is supported by all browsers.

Brotli

If the client supports it, Caddy will automatically prefer brotli-compressed static files if they are on disk with a .br extension.

Mouth watering yet? Stop looking at it and start using it!

Caddy binaries are free to download and use for all non-commercial purposes. Try it out, and tell people what you think!

Download

For commercial use of official Caddy distributions along with basic email support, please purchase a commercial license so we can better serve you.

See Licenses

Feel free to email sales@lightcodelabs.com or call +1-435-612-0494.