Getting Started with Caddy (v2) on Fedora

Carl George — Sat, 19 Sep 2020 06:37:50 +0000

Caddy is an open source web server that has built-in automatic HTTPS. I find it easier to use than other web servers where you have to set up HTTPS (automatic or otherwise) separately. I maintain the caddy package in Fedora to make it more accessible and easier to use. This guide will demonstrates how to use that package.

Note: Replace instances of example.com in this guide with the actual hostname you want to use.

Preparation

When you first start Caddy, it will attempt to provision Let’s Encrypt certificates for any configured hostnames. You need to ensure that the appropriate DNS records and network access are in place first so that Caddy can complete the ACME challenges.

DNS "A" record pointing to your public IPv4 address
DNS "AAAA" record pointing to your public IPv6 address
port 80 network access allowed
port 443 network access allowed

Fedora enables a software firewall by default. Configure it to allow the necessary access.

firewall-cmd --permanent --add-service http --add-service https
firewall-cmd --reload

Installation

Caddy v2 is available in the default package repositories for Fedora 33 and newer.

dnf install caddy

If you are using an older Fedora release, RHEL, CentOS, or OpenSUSE, the upstream project has a COPR repository available to get Caddy v2 packages.

Content

Add your own content in /var/www/example.com, or use this example index file to get started now and swap in your own content later.

mkdir -p /var/www/example.com
echo '<h1>Hello world!</h1>' > /var/www/example.com/index.html

Recursively restore the SELinux file context for your content.

restorecon -r /var/www

Configuration

The most common way to configure Caddy is with a Caddyfile. The Fedora package includes a Caddyfile as /etc/caddy/Caddyfile. The default block serves a welcome page over HTTP only. In this file, you will need to change the address and the site root. Aside from the comments, the default Caddyfile looks like this:

http:// {
    root * /usr/share/caddy
    file_server
}

You need to change it to look like this:

example.com {
    root * /var/www/example.com
    file_server
}

Using the bare hostname as the address (no protocol) will enable automatic HTTPS with HTTP to HTTPS redirection.

Service

Enable and start the Caddy daemon.

systemctl enable --now caddy

Conclusion

You should now be able to open https://example.com in your browser. With just that minimal configuration, you get:

automatic certificate provisioning and renewal
HTTP to HTTPS redirection
static content served from your content directory

You can learn more about Caddy by reading the documentation. You can also ask questions on the forum. Caddy is a pleasure to use, and I hope you find it as useful as I do.