DEV Community

Alex Spinov
Alex Spinov

Posted on

Caddy Has a Free Reverse Proxy That Gets HTTPS Certificates Automatically — Zero Config TLS

#selfhosted #opensource #devops #webdev

Caddy Gets HTTPS Certificates Automatically — Zero Config

Nginx needs certbot, cron jobs, and manual renewal. Caddy gets HTTPS certificates automatically from Let's Encrypt on first request. Zero config.

What Makes Caddy Special

Caddy is a production-ready web server written in Go:

  • Automatic HTTPS — gets and renews TLS certificates automatically
  • HTTP/3 — QUIC support out of the box
  • Reverse proxy — load balancing, health checks, retries
  • Single binary — no dependencies, runs anywhere
  • Caddyfile — simple, readable configuration
  • API-driven — configure everything via REST API

Caddyfile Examples 

# Reverse proxy with auto-HTTPS
example.com {
  reverse_proxy localhost:3000
}

# Multiple services
api.example.com {
  reverse_proxy localhost:8080
}

app.example.com {
  reverse_proxy localhost:3000
}

# With load balancing
example.com {
  reverse_proxy localhost:3001 localhost:3002 localhost:3003 {
    lb_policy round_robin
    health_uri /health
    health_interval 10s
  }
}

# Static files + SPA
example.com {
  root * /srv/app
  try_files {path} /index.html
  file_server
  encode gzip zstd
}
Enter fullscreen mode Exit fullscreen mode

Caddy vs Nginx

Feature Caddy Nginx
Auto HTTPS ✅ Built-in ❌ Needs certbot
Config syntax Simple Complex
HTTP/3 ✅ Default Experimental
Hot reload ✅ API ❌ Signal
Single binary
Memory usage Higher Lower

Quick Start 

# Install
curl -fsSL https://caddyserver.com/api/download | sudo bash

# Or Docker
docker run -p 80:80 -p 443:443 \
  -v caddy_data:/data \
  -v ./Caddyfile:/etc/caddy/Caddyfile \
  caddy

# Serve current directory
caddy file-server --browse

# Reverse proxy in one command
caddy reverse-proxy --from example.com --to localhost:3000
Enter fullscreen mode Exit fullscreen mode

Why Choose Caddy

  1. HTTPS just works — no scripts, no cron, no expiry panic
  2. Simple config — Caddyfile is readable by humans
  3. API config — change routing without restart
  4. Extensible — plugins for auth, rate limiting, etc.
  5. Modern defaults — HTTP/3, HSTS, OCSP stapling automatic

Need help with web server architecture? I help teams migrate from Nginx to Caddy with zero-downtime HTTPS.

📧 spinov001@gmail.com — Infrastructure consulting

Follow for more DevOps tool reviews.

Top comments (0)