Installing and Configuring Caddy on Ubuntu 20.04
Caddy is an open-source web server that supports both static and modern web applications and automatically enables HTTPS for all associated domain names. Developed in Go, Caddy offers easy-to-use configuration directives, allowing it to serve as a web server, reverse proxy, or load balancer to host web applications on your server.
This guide walks you through installing Caddy on Ubuntu 20.04 and securely serving your web applications.
Prerequisites
Before starting, ensure you have the following:
- An Ubuntu 20.04 server.
- A configured A record for your domain pointing to the server’s IP address.
- SSH access to the server as a non-root user with sudo privileges.
Install Caddy
Caddy is not part of the default Ubuntu 20.04 APT repositories. You can install it either from source or by adding the latest repository to your server. Follow these steps to add the repository and install the application:
Add the Caddy GPG key to your server
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
Add the Caddy repository to your APT sources
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
Update the package index
sudo apt update
Install Caddy
sudo apt install caddy
Check the installed Caddy version
caddy -v
Output:
v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=
Allow HTTP connections through the firewall
sudo ufw allow 80
Restart the firewall to apply changes
sudo ufw reload
Open your server’s IP address in a browser to confirm that the default Caddy page is displayed:
http://SERVER-IP
Manage the Caddy System Service
Enable Caddy to start at boot
sudo systemctl enable caddy
Start the Caddy web server
sudo systemctl start caddy
Check the Caddy system service status
sudo systemctl status caddy
Output:
● caddy.service - Caddy
Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2025-04-06 09:20:18 UTC; 4min 10s ago
Docs: https://caddyserver.com/docs/
Main PID: 3015 (caddy)
Tasks: 9 (limit: 9415)
Memory: 10.9M
CGroup: /system.slice/caddy.service
└─3015 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
Create a Caddy Virtual Host
Caddy stores configuration files in the /etc/caddy directory by default and supports Caddyfile configurations from any location. Follow these steps to set up a new virtual host to serve web application files from the /var/www/example.com directory.
Create the web application directory
sudo mkdir -p /var/www/example.com
Create a new HTML file index.html
sudo nano /var/www/example.com/index.html
Add the following code to the file
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Greetings from centron!</title>
</head>
<body>
<br><br><br>
<h1 style="text-align: center;">Hello World! Greetings from centron</h1>
</body>
</html>
Switch to the Caddy configuration directory
cd /etc/caddy/
Back up the default Caddyfile configuration
sudo mv Caddyfile Caddyfile.default
Create a new Caddyfile
sudo nano Caddyfile
Add the following configuration to the file
example.com {
tls admin@example.com
root * /var/www/example.com
file_server {
index index.html
}
log {
output file /var/log/caddy/example.log
format console
}
}
This configuration creates a virtual host for your domain example.com. Here is what each directive does:
- example.com: Defines a virtual host profile using your domain or IP address.
- tls: Links an email address to Let’s Encrypt for SSL certificate requests.
- root: Sets the directory containing the web application files.
- file_server: Enables the file server to serve web application files and sets the default file as
index.html. - log: Configures logging of access and error details to
/var/log/caddy/example.log.
Validate the Caddy configuration
sudo caddy validate
Output:
...........
2024/06/1 15:19:11.478 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0000e5300"}
2024/06/1 15:19:11.478 INFO tls.cache.maintenance stopped background certificate maintenance {"cache": "0xc0000e5300"}
Valid configuration
Reload Caddy to apply changes
sudo caddy reload
Secure the Caddy Web Server
Caddy automatically enables HTTPS to protect all connections using SSL certificates for virtual host profiles with valid domains. To secure your Caddy web server and prevent unauthorized changes, follow these steps to restrict access to the Caddyfile configurations.
Grant the Caddy user full privileges to the /etc/caddy directory
sudo chown -R caddy:caddy /etc/caddy
Grant the Caddy user read and write permissions to the Caddyfile and disable access for other users
sudo chmod 660 /etc/caddy/Caddyfile
Verify the permission changes in the /etc/caddy directory
ls -l /etc/caddy/
Output:
total 8 -rw-rw---- 1 caddy caddy 168 Jun 2 15:20 Caddyfile -rw-r--r-- 1 caddy caddy 769 Jun 2 12:07 Caddyfle.default
Set Up Firewall Rules
Caddy uses HTTP port 80 and HTTPS port 443, based on your Caddyfile configuration, to serve files on the server. Follow these steps to allow access to both Caddy ports through the firewall and enable network connections to the web server.
Check the UFW status and confirm that it is active
sudo ufw status
If inactive, allow SSH port 22 and enable UFW
sudo ufw allow 22 && sudo ufw enable
Allow incoming connections to the HTTPS port 443
sudo ufw allow 443
Reload the firewall to apply changes
sudo ufw reload
Open your domain in a browser such as Chrome to confirm that Caddy serves your virtual host web application files:
https://example.com
If you encounter a connection error, check the Caddy configuration logs to identify and resolve any issues.
Conclusion
You have successfully installed the Caddy web server on your Ubuntu 20.04 server and configured a virtual host profile to serve web application files.
