DEV Community

Alex Spinov
Alex Spinov

Posted on

Caddy Has a Free API You've Never Heard Of

#caddy #webserver #https #devops

Caddy is a web server with automatic HTTPS. Unlike Nginx, it handles TLS certificates automatically and has a powerful REST API for dynamic configuration — no restarts needed.

What Makes Caddy Special?

  • Automatic HTTPS — Let's Encrypt certificates out of the box
  • REST API — modify configuration without restarts
  • Caddyfile — human-readable config format
  • Zero-downtime config — hot-reload via API
  • Single binary — no dependencies

The Hidden API: Dynamic Configuration

Caddy exposes a full REST API for live configuration:

# Get current config
curl localhost:2019/config/ | jq .

# Add a new site dynamically — no restart!
curl -X POST localhost:2019/config/apps/http/servers/srv0/routes \
  -H 'Content-Type: application/json' \
  -d '{
    "match": [{"host": ["api.example.com"]}],
    "handle": [{
      "handler": "reverse_proxy",
      "upstreams": [{"dial": "localhost:3000"}]
    }]
  }'

# Update upstream without downtime
curl -X PATCH localhost:2019/config/apps/http/servers/srv0/routes/0/handle/0/upstreams \
  -H 'Content-Type: application/json' \
  -d '[{"dial": "localhost:3001"}, {"dial": "localhost:3002"}]'

# Delete a route
curl -X DELETE localhost:2019/config/apps/http/servers/srv0/routes/0
Enter fullscreen mode Exit fullscreen mode

PKI API — Certificate Management 

# Issue certificates on demand
curl -X POST localhost:2019/pki/ca/local/certificates \
  -H 'Content-Type: application/json' \
  -d '{"subject": {"common_name": "internal.dev"}}'

# List managed certificates
curl localhost:2019/pki/ca/local/certificates | jq .
Enter fullscreen mode Exit fullscreen mode

Caddyfile — The Simple API 

# Caddyfile — entire config in ~10 lines
api.example.com {
    reverse_proxy localhost:3000
    encode gzip
    log {
        output file /var/log/caddy/api.log
    }
}

app.example.com {
    root * /var/www/app
    file_server
    try_files {path} /index.html
}

*.example.com {
    tls {
        dns cloudflare {env.CF_TOKEN}
    }
    respond "Wildcard works!"
}
Enter fullscreen mode Exit fullscreen mode

Quick Start 

brew install caddy
caddy reverse-proxy --from :443 --to :3000
# That's it — HTTPS is automatic
Enter fullscreen mode Exit fullscreen mode

Why DevOps Choose Caddy

A DevOps engineer shared: "We replaced our Nginx + certbot + cron setup (5 config files, a renewal script, and monthly cert failures) with a 12-line Caddyfile. Zero cert issues in 2 years. The admin API lets us add backends dynamically during blue-green deploys."

Need infrastructure automation? Email spinov001@gmail.com or check my tools.

Nginx or Caddy? What's your web server of choice?

Top comments (0)