When I first set up my web server I don’t think Caddy was really a sensible choice. It was still immature (The big “version 2” rewrite was in beta). But it’s about five years from when that happened, so I decided to give Caddy a try.
Wow! My config shrank to about 25% from what it was with Nginx. It’s also a lot less stuff to deal with, especially from a personal hosting perspective. As much as I like self-hosting, I’m not like “into” configuring web servers. Caddy made this very easy.
I thought the automatic HTTPS feature was overrated until I used it. The fact is it works effortlessly. I do not need to add paths to certificate files in my config anymore. That’s great. But what’s even better is I do not need to bother with my server notes to once again figure out how to correctly use Certbot when I want to create new certs for subdomains, since Caddy will do it automatically.
I’ve been annoyed with my Nginx config for a while, and kept wishing to find the motivation to streamline it. It started simple, but as I added things to it over the years the complexity in the config file blossomed. But the thing that tipped me over to trying Caddy was seeing the difference between the Nginx and Caddy configurations necessary for Jellyfin. Seriously. Look at what’s necessary for Nginx.
https://jellyfin.org/docs/general/networking/nginx/#https-config-example
In Caddy that became
jellyfin.example.com {
reverse_proxy internal.jellyfin.host:8096
}
I thought no way this would work. But it did. First try. So, consider this a field report from a happy Caddy convert, and if you’re not using it yet for self-hosting maybe it can simplify things for you, too. It made me happy enough to write about it.
This sounds interesting. But in that case, how are headers set? From a security and even privacy standpoint the correct headers can be quite important. How do you enable/disable http2 and http3?
Caddy operates on the principle of sensible defaults. These defaults can be optionally configured further if you desire, but from what I’ve read Caddy just shifts the defaults to good modern options when it’s ready to do so on newer releases.
But if you must override these choices or need to maintain compatibility with some other software, you can define them explicitly. Here’s how you’d forcibly enable or disable http2/3 https://caddyserver.com/docs/caddyfile/options#protocols, for example.
I’m too scared to swap away from SWAG. The combination of nginx proxy manager and LetsEncrypt helps me dumb ass a ton.
I just set up caddy a few weeks ago as my first foray into reverse proxies, and as you said it was an incredibly easy experience.
I specifically chose caddy for the simplicity of the Caddyfile and automatic certs/renewals when I was looking at which reverse proxy engine to set up.
10/10 would choose caddy again.
You have already made your choice :) But Traefik is also a good alternative ! Specially if you work with a lot of docker containers !
Once you get how Traefik works, it just simple as adding a few lines into your yaml file and everything is handled by Traefik !
I’ve been using nginx proxy manager for years on my server, and it’s great, but occasionally I give caddy the side eye and think about switching.
I very highly recommend that you take the time and just switch. Caddy is simply fabulous. It’s designed to work (assuming it’s compiled with the module) with containers and use docker networks for routing. It makes it easy to spin up containers and directly reference the container names instead of remembering IP addresses and particularly comes in handy when your entire environment is containerized.
You can pull the caddy image and run it in docker and as long as your environment is configured correctly you can simply
reverse_proxy @containerand you’re done. Caddy pulls all the relevant port information directly from the container API.I get such a nerd boner thinking about it.
By reputation I know that Nginx proxy manager seems to work great if you’re on the “happy path” but if you need anything out of the norm it supposedly is less great to use. In my case I do have a few quirks, primarily with fcgiwrap. But I can’t say how it’d play, because I honestly never heard of NPM until yesterday when I was refreshing myself on web servers (and went with Caddy).
Agree. So far when I’ve had abnormal stuff it’s been easy enough to add the custom config in NPM, but that super simple caddy config looks really nice
I used NPM as well, and eventually just got sick of various issues i’d had with it (probably all my fault, but…) so switched to Caddy and it was just so much easier and reliable for me. I’d heartily recommend it.
Why
Why do I use NPM, or why do I consider switching to caddy?
Why would you consider switching? I find NPM to be the best :)
3 lines of text (which you can copy/paste from an existing entry) beats clicking around a web interface to set things up.
Plus you can do many more advanced things with Caddy which you can’t do in NPM. Caddy is just easier to use.
I like NPM, but on a few occasions over the years I’ve used it it has broken irreparably for no reason. There have been times where I couldn’t log in with my credentials, and times when I couldn’t generate SSL certs. Over the last year or so it’s been really solid but there were a couple times I was ready to chuck NPM out the window.
I had these sorts of issues too, always assumed it was something i’d goofed - but have never had similar with Caddy.
I can understand that! Portainer recently did the same log in thing to me and I wanted to go crazy.
You can also restrict the reverse proxy to specific adresses too like 192.168.1.0/24
I should look into that to see if I can restrict Vaultwarden, since I VPN into my home network anyway.
Soon I am hoping to migrate from Nginx to H2O
