External Publication
Visit Post

Caddy

Sahil Kapoor's Playbook May 17, 2026
Source

Caddy is an open-source web server built with a single design priority: automatic HTTPS. By default, Caddy obtains TLS certificates from Let's Encrypt (or ZeroSSL), renews them automatically, and serves your content over HTTPS without any manual certificate management. Its configuration language (Caddyfile) is designed to be human-readable.

Caddyfile Syntax

example.com {
    reverse_proxy localhost:3000
}

api.example.com {
    reverse_proxy localhost:8080
    rate_limit {
        zone dynamic {
            key {remote_host}
            events 100
            window 1m
        }
    }
}

This config: serves two hostnames, proxies to local services, enforces rate limiting, and handles TLS automatically. Caddy starts with this config and immediately requests certificates if they don't exist.

Key Features

  • Automatic HTTPS , default for all sites with a public domain; handles ACME challenges, renewal, OCSP stapling
  • HTTP/2 and HTTP/3 , enabled by default
  • Caddyfile and JSON API , simple declarative config or dynamic JSON API for programmatic control
  • Module system , extend with plugins (DNS providers, middleware, auth)
  • Zero-downtime reloads , caddy reload applies config changes without dropping connections

Caddy vs Nginx

  • TLS management , Caddy automates it; Nginx requires certbot + cron
  • Config simplicity , Caddyfile is concise; nginx.conf is verbose
  • Performance , Nginx has higher raw throughput for static files at scale; Caddy is fast enough for most workloads
  • Ecosystem , Nginx has decades of modules and guides; Caddy is newer but growing fast

Caddy vs Traefik

Traefik is optimized for dynamic environments (Kubernetes, Docker Swarm) where services start and stop frequently. Caddy is optimized for static or semi-static deployments where you define services upfront. Caddy has a simpler mental model; Traefik has richer auto-discovery.

Docker Setup

version: "3.9"
services:
  caddy:
    image: caddy:latest
    ports: ["80:80", "443:443"]
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data

Related Terms

  • Traefik, alternative with better Kubernetes/Docker dynamic discovery
  • Cloudflare Tunnel, pair with Caddy for HTTPS without open ports
  • Docker, standard deployment environment for Caddy
  • Tailscale, Caddy serves the internal network that Tailscale creates

Discussion in the ATmosphere

Loading comments...