In this article, we will cover the steps to install Caddy Web server on Ubuntu 18.04 and how to secure it with Let’s Encrypt SSL certificates. Caddy is an open-source, production-ready that is build to be fast, easy to use, and makes you more productive. Caddy is available for Windows, Mac, Linux, BSD, Solaris, and Android.
Features of Caddy Web Server
- Easy configuration and management with the Caddyfile
- It is secure – Has automatic HTTPS on by default (via Let’s Encrypt)
- Cady uses HTTP/2 by default
- Support multiple sites hosting by using Virtual hosting
- TLS session ticket key rotation for more secure connections
- Its functionalities can be extended with plugins
- Works for both Dynamic and Static sites
- Caddy has zero-downtime reloads
- Caddy is written in Go and has no external dependencies – The binary is entirely self-contained and runs on every platform, including containers.
Install Caddy web server on an Ubuntu 18.04 LTS
You have two options to install Caddy Web server on Ubuntu 18.04 server.
- Download pre-built binary
- Build Caddy from source code
Installing Caddy web server on Ubuntu 18.04 from binary
The easiest method of installing Caddy web server on Ubuntu 18.04 is by downloading a ready binary file. Install caddy easily on Ubuntu 18,04 by running the command
curl https://getcaddy.com | sudo bash -s personal
-s personal is used to specify that you’re using a personal license, for commercial use commercial.
Sample Output:
Downloading Caddy for linux/amd64 (personal license)... Download verification OK Extracting... Putting caddy in /usr/local/bin (may require password) Caddy 0.11.0 (non-commercial use only) Successfully installed
Check binary location and version
# which caddy /usr/local/bin/caddy # caddy -version Caddy 0.11.0 (non-commercial use only)
Installing Caddy with Plugins
You can also install Caddy with Plugins you need, e.g to install the plugins:
- http.cache
- dns.cloudflare
- http.ratelimit
- http.git
- http.hugo
- http.upload
- http.prometheus
- http.filemanager
- http.geoip
- http.expires
You’ll run:
curl https://getcaddy.com | bash -s personal http.cache,http.expires,http.filemanager,http.geoip,http.git,http.hugo,http.prometheus,http.ratelimit,http.upload,http.webdav,net,tls.dns.cloudflare
You can check a full list of Caddy Plugins
Give the caddy binary the ability to bind to privileged ports (e.g. 80, 443) as a non-root user:
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
Set up the user, group, and directories that will be needed:
sudo groupadd -g 33 www-data sudo useradd \ -g www-data --no-user-group \ --home-dir /var/www --no-create-home \ --shell /usr/sbin/nologin \ --system --uid 33 www-data sudo mkdir /etc/caddy sudo chown -R root:root /etc/caddy sudo mkdir /etc/ssl/caddy sudo chown -R root:www-data /etc/ssl/caddy sudo chmod 0770 /etc/ssl/caddy
Create Caddy Systemd service unit
Install the systemd service unit configuration file, reload the systemd daemon.
wget https://raw.githubusercontent.com/mholt/caddy/master/dist/init/linux-systemd/caddy.service sudo cp caddy.service /etc/systemd/system/ sudo chown root:root /etc/systemd/system/caddy.service sudo chmod 644 /etc/systemd/system/caddy.service sudo systemctl daemon-reload
Using Caddy Web Server – Host WordPress Website
We will consider an example to host a WordPress powered website using Caddy web server on Ubuntu 18.04.
To run WordPress website, you need PHP, Web server, and Database server
sudo apt -y update sudo apt -y install php-fpm php-mysql php-curl php-gd php-mbstring php-common php-xml php-xmlrpc
Install and Configure MariaDB Database server
Install and configure MariaDB database server using:
Install MariaDB 10.x on Ubuntu 18.04 and CentOS 7
Once done, login as root user and create a database for WordPress
$ mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 520 Server version: 10.3.9-MariaDB-1:10.3.9+maria~bionic-log mariadb.org binary distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE wp_site; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON wp_site.* to 'wp_user'@'localhost' IDENTIFIED BY 'StrongPassword'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> quit Bye
Download WordPress and Install
Now download WordPress and untar the archive
wget http://wordpress.org/latest.tar.gz tar xvf latest.tar.gz
This will extract all content of the tarball to a folder named wordpress on your working directory.
Move the wordpress folder to /var/www directory
sudo mv wordpress /var/www
Change ownership permissions to userwww-data and group.
sudo chown -R www-data:www-data /var/www/wordpress
Configure WordPress database connection
mv /var/www/wordpress/wp-config-sample.php /var/www/wordpress/wp-config.php
Edit the file to configure
sudo vim /var/www/wordpress/wp-config.php
Set below variables
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'wp_site');
/** MySQL database username */
define('DB_USER', 'wp_user');
/** MySQL database password */
define('DB_PASSWORD', 'StrongPassword');
/** MySQL hostname */
define('DB_HOST', 'localhost');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
Configuring Caddy to Serve the WordPress Site
We have WordPress installation ready, we now need to configure Caddy Web server to serve our WordPress website. Start by creating a Caddy configuration file on /etc/caddy/Caddyfile
sudo vim /etc/caddy/Caddyfile
Add the content
example.com {
tls [email protected]
root /var/www/wordpress
gzip
fastcgi / /run/php/php7.2-fpm.sock php
rewrite {
if {path} not_match ^\/wp-admin
to {path} {path}/ /index.php?{query}
}
}
Replace example.com with your actual domain for WordPress website and [email protected] with an actual email address used to request Let’s Encrypt certificate. We’re using php-fpm via fastcgi to support php.
Start caddy service
sudo systemctl start caddy.service
If the start was successful, you should get a successful message:
# systemctl status caddy
● caddy.service - Caddy HTTP/2 web server
Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2018-09-02 14:34:26 EAT; 7s ago
Docs: https://caddyserver.com/docs
Main PID: 32443 (caddy)
Tasks: 12 (limit: 4704)
CGroup: /system.slice/caddy.service
└─32443 /usr/local/bin/caddy -log /var/log/caddy.log -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
Sep 02 14:34:26 wp.geeksforgeeks.org systemd[1]: Started Caddy HTTP/2 web server.
Sep 02 14:34:34 wp.geeksforgeeks.org caddy[32443]: Activating privacy features... done.
Sep 02 14:34:34 wp.geeksforgeeks.org caddy[32443]: https://wp.geeksforgeeks.org
Sep 02 14:34:34 wp.geeksforgeeks.org caddy[32443]: //wp.geeksforgeeks.org
Access the WordPress dashboard by visiting.https://example.com You should get initial wordpress setup page.
Provider username and password.
