Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreieyzvt425lvucaeq5rycvyciuu25co5mnan5mmaskhrsrflikoevu",
    "uri": "at://did:plc:5sgu76a53rz3n6unbykmovqy/app.bsky.feed.post/3mm33jwdibo62"
  },
  "description": "A modern web server and reverse proxy written in Go that provisions and renews TLS certificates automatically — the simplest path to HTTPS for self-hosted services.",
  "path": "/engineering-glossary/caddy/",
  "publishedAt": "2026-05-17T19:21:06.000Z",
  "site": "https://sahilkapoor.com",
  "tags": [
    "Traefik",
    "Cloudflare Tunnel",
    "Docker",
    "Tailscale"
  ],
  "textContent": "Caddy is an open-source web server built with a single design priority: automatic HTTPS. By default, Caddy obtains TLS certificates from Let's Encrypt (or ZeroSSL), renews them automatically, and serves your content over HTTPS without any manual certificate management. Its configuration language (Caddyfile) is designed to be human-readable.\n\n## Caddyfile Syntax\n\n\n    example.com {\n        reverse_proxy localhost:3000\n    }\n\n    api.example.com {\n        reverse_proxy localhost:8080\n        rate_limit {\n            zone dynamic {\n                key {remote_host}\n                events 100\n                window 1m\n            }\n        }\n    }\n\nThis config: serves two hostnames, proxies to local services, enforces rate limiting, and handles TLS automatically. Caddy starts with this config and immediately requests certificates if they don't exist.\n\n## Key Features\n\n  * **Automatic HTTPS** , default for all sites with a public domain; handles ACME challenges, renewal, OCSP stapling\n  * **HTTP/2 and HTTP/3** , enabled by default\n  * **Caddyfile and JSON API** , simple declarative config or dynamic JSON API for programmatic control\n  * **Module system** , extend with plugins (DNS providers, middleware, auth)\n  * **Zero-downtime reloads** , `caddy reload` applies config changes without dropping connections\n\n\n\n## Caddy vs Nginx\n\n  * **TLS management** , Caddy automates it; Nginx requires certbot + cron\n  * **Config simplicity** , Caddyfile is concise; nginx.conf is verbose\n  * **Performance** , Nginx has higher raw throughput for static files at scale; Caddy is fast enough for most workloads\n  * **Ecosystem** , Nginx has decades of modules and guides; Caddy is newer but growing fast\n\n\n\n## Caddy vs Traefik\n\nTraefik is optimized for dynamic environments (Kubernetes, Docker Swarm) where services start and stop frequently. Caddy is optimized for static or semi-static deployments where you define services upfront. Caddy has a simpler mental model; Traefik has richer auto-discovery.\n\n## Docker Setup\n\n\n    version: \"3.9\"\n    services:\n      caddy:\n        image: caddy:latest\n        ports: [\"80:80\", \"443:443\"]\n        volumes:\n          - ./Caddyfile:/etc/caddy/Caddyfile\n          - caddy_data:/data\n\n## Related Terms\n\n  * Traefik, alternative with better Kubernetes/Docker dynamic discovery\n  * Cloudflare Tunnel, pair with Caddy for HTTPS without open ports\n  * Docker, standard deployment environment for Caddy\n  * Tailscale, Caddy serves the internal network that Tailscale creates\n\n",
  "title": "Caddy",
  "updatedAt": "2026-05-18T20:03:33.131Z"
}