When I first set up my web server I don’t think Caddy was really a sensible choice. It was still immature (The big “version 2” rewrite was in beta). But it’s about five years from when that happened, so I decided to give Caddy a try.
Wow! My config shrank to about 25% from what it was with Nginx. It’s also a lot less stuff to deal with, especially from a personal hosting perspective. As much as I like self-hosting, I’m not like “into” configuring web servers. Caddy made this very easy.
I thought the automatic HTTPS feature was overrated until I used it. The fact is it works effortlessly. I do not need to add paths to certificate files in my config anymore. That’s great. But what’s even better is I do not need to bother with my server notes to once again figure out how to correctly use Certbot when I want to create new certs for subdomains, since Caddy will do it automatically.
I’ve been annoyed with my Nginx config for a while, and kept wishing to find the motivation to streamline it. It started simple, but as I added things to it over the years the complexity in the config file blossomed. But the thing that tipped me over to trying Caddy was seeing the difference between the Nginx and Caddy configurations necessary for Jellyfin. Seriously. Look at what’s necessary for Nginx.
https://jellyfin.org/docs/general/networking/nginx/#https-config-example
In Caddy that became
jellyfin.example.com {
reverse_proxy internal.jellyfin.host:8096
}
I thought no way this would work. But it did. First try. So, consider this a field report from a happy Caddy convert, and if you’re not using it yet for self-hosting maybe it can simplify things for you, too. It made me happy enough to write about it.
This sounds interesting. But in that case, how are headers set? From a security and even privacy standpoint the correct headers can be quite important. How do you enable/disable http2 and http3?
Caddy operates on the principle of sensible defaults. These defaults can be optionally configured further if you desire, but from what I’ve read Caddy just shifts the defaults to good modern options when it’s ready to do so on newer releases.
But if you must override these choices or need to maintain compatibility with some other software, you can define them explicitly. Here’s how you’d forcibly enable or disable http2/3 https://caddyserver.com/docs/caddyfile/options#protocols, for example.
I’m too scared to swap away from SWAG. The combination of nginx proxy manager and LetsEncrypt helps me dumb ass a ton.
I just set up caddy a few weeks ago as my first foray into reverse proxies, and as you said it was an incredibly easy experience.
I specifically chose caddy for the simplicity of the Caddyfile and automatic certs/renewals when I was looking at which reverse proxy engine to set up.
10/10 would choose caddy again.
You have already made your choice :) But Traefik is also a good alternative ! Specially if you work with a lot of docker containers !
Once you get how Traefik works, it just simple as adding a few lines into your yaml file and everything is handled by Traefik !
Is my understanding correct? Traefik itself isn’t a traditional web server. The primary thing I host is my blog, so I would need another web server to serve that content.
It’s primarily a reverse proxy! However you can host a nginx docker container and serve it this way.
I had no idea caddy is also a web server/reverse proxy? I though of caddy being more similar to Treafik than nginx. My bad :/
I’ve been using nginx proxy manager for years on my server, and it’s great, but occasionally I give caddy the side eye and think about switching.
I very highly recommend that you take the time and just switch. Caddy is simply fabulous. It’s designed to work (assuming it’s compiled with the module) with containers and use docker networks for routing. It makes it easy to spin up containers and directly reference the container names instead of remembering IP addresses and particularly comes in handy when your entire environment is containerized.
You can pull the caddy image and run it in docker and as long as your environment is configured correctly you can simply
reverse_proxy @containerand you’re done. Caddy pulls all the relevant port information directly from the container API.I get such a nerd boner thinking about it.
That’s really nice. Dang. I’m going to take a serious look at caddy. NPM has been working without issues lately, but I’m not looking forward to the next time it breaks on me.
By reputation I know that Nginx proxy manager seems to work great if you’re on the “happy path” but if you need anything out of the norm it supposedly is less great to use. In my case I do have a few quirks, primarily with fcgiwrap. But I can’t say how it’d play, because I honestly never heard of NPM until yesterday when I was refreshing myself on web servers (and went with Caddy).
Agree. So far when I’ve had abnormal stuff it’s been easy enough to add the custom config in NPM, but that super simple caddy config looks really nice
I used NPM as well, and eventually just got sick of various issues i’d had with it (probably all my fault, but…) so switched to Caddy and it was just so much easier and reliable for me. I’d heartily recommend it.
I think I’m gonna take a much more serious look at caddy.
Why
Why do I use NPM, or why do I consider switching to caddy?
Why would you consider switching? I find NPM to be the best :)
3 lines of text (which you can copy/paste from an existing entry) beats clicking around a web interface to set things up.
Plus you can do many more advanced things with Caddy which you can’t do in NPM. Caddy is just easier to use.
I like NPM, but on a few occasions over the years I’ve used it it has broken irreparably for no reason. There have been times where I couldn’t log in with my credentials, and times when I couldn’t generate SSL certs. Over the last year or so it’s been really solid but there were a couple times I was ready to chuck NPM out the window.
This is why I switched also. More and more reports of NPM just breaking out of the blue.
Probably going to make this a weekend project soon.
I had these sorts of issues too, always assumed it was something i’d goofed - but have never had similar with Caddy.
Yeah, in the past it’s been really frustrating. There was one time I couldn’t log in no matter what I tried. I hadn’t updated the NPM container or anything. It just shit the bed. At the time I wasn’t confident enough to switch away from NPM. I had to completely rebuild my proxy setup. Deleted the NPM container and persistent data, spun up a brand new container, then set back up all of my reverse proxies.
That was the last time I’ve had a problem with NPM, but I also don’t really trust it anymore. I’ve stuck with it due to momentum, but I’m always worried about it breaking for no reason.
I can understand that! Portainer recently did the same log in thing to me and I wanted to go crazy.
You can also restrict the reverse proxy to specific adresses too like 192.168.1.0/24
I should look into that to see if I can restrict Vaultwarden, since I VPN into my home network anyway.
Soon I am hoping to migrate from Nginx to H2O
