Alex Spinov

Posted on Mar 29

Caddy Has a Free API — Heres How to Get Automatic HTTPS Without Configuration

#devops #webdev #opensource #tutorial

Caddy is the only web server that automatically provisions and renews TLS certificates. Zero config HTTPS, HTTP/3, reverse proxy — all through a simple JSON API.

Why Caddy?

Automatic HTTPS: TLS certificates from Let's Encrypt, zero config
HTTP/3: Built-in QUIC support
JSON API: Configure everything at runtime
Reverse proxy: Load balancing, health checks
Single binary: No dependencies
Caddyfile: Human-readable config option

Install

# Debian/Ubuntu
sudo apt install -y caddy

# macOS
brew install caddy

# Docker
docker run -p 80:80 -p 443:443 caddy

Caddyfile (Simple Config)

mysite.com {
  root * /var/www/html
  file_server
}

api.mysite.com {
  reverse_proxy localhost:3000
}

That's it. Caddy automatically gets HTTPS certificates for both domains.

Admin API: Get Config

curl http://localhost:2019/config/

Admin API: Set Config

curl -X POST http://localhost:2019/load \
  -H 'Content-Type: application/json' \
  -d '{
    "apps": {
      "http": {
        "servers": {
          "main": {
            "listen": [":443"],
            "routes": [{
              "match": [{"host": ["mysite.com"]}],
              "handle": [{
                "handler": "reverse_proxy",
                "upstreams": [{"dial": "localhost:3000"}]
              }]
            }]
          }
        }
      }
    }
  }'

Admin API: Add Route at Runtime

curl -X POST http://localhost:2019/config/apps/http/servers/main/routes \
  -H 'Content-Type: application/json' \
  -d '{
    "match": [{"host": ["newsite.com"]}],
    "handle": [{
      "handler": "file_server",
      "root": "/var/www/newsite"
    }]
  }'

Reverse Proxy with Load Balancing

api.mysite.com {
  reverse_proxy {
    to localhost:3001 localhost:3002 localhost:3003
    lb_policy round_robin
    health_uri /health
    health_interval 10s
  }
}

PHP with Caddy

mysite.com {
  root * /var/www/html
  php_fastcgi unix//run/php/php-fpm.sock
  file_server
}

SPA (React/Vue/Angular)

mysite.com {
  root * /var/www/app
  try_files {path} /index.html
  file_server
}

Real-World Use Case

A team replaced Nginx + Certbot + cron (150 lines of config + renewal scripts) with a 5-line Caddyfile. Certificate renewals never failed again — Caddy handles it automatically, including OCSP stapling.

Need to automate data collection? Check out my Apify actors for ready-made scrapers, or email spinov001@gmail.com for custom solutions.

DEV Community