There are a few web servers that have dominated the server world like Apache and Nginx apart from them the Lightweight LiteSpeed web server and Microsoft IIS are also present. However, these are undoubtedly the most popular, but there are new emerging open source projects such as Caddy web server.
Now what is Caddy?
It’s a alternative to a web server like Apache, Microsoft II and others. Yet unpopular, however, the developers are working on it. It was designed to support all popular platforms, which is why it is available for Windows, macOS, Linux, BSD, Android, Solaris, 32 bit, x64, ARM, mips64 and more … is therefore a multiplatform server. application that handles the HTTP / https request.
Caddy has a wide range of features:
- It comes in a single downloadable executable file, which means no external dependencies.
- No need to install anything, just start using it from the downloaded Caddy directory.
- After making changes to the Caddy web server, with just one command, it can be reloaded without any downtime.
- Cryptographically signed packets
- Can run on Docker images
- Easy upgrade without any server downtime
- The Caddy web server uses HTTPS by default.
- Caddy’s functionality can be extended with plugins.
- Available in Community and Enterprise editions.
- Supports multiple processor cores
- Virtual host support
- QUIC, proxy, FastCGI, reverse proxy support
- Encryption technologies including AES-GCM, ChaCha, and ECC by default.
- TLS 1.3 by default
- PCI-compliant load balancing; capable of proxy WebSocket connections, Gzip compression
- Scalable and more …
Tutorial to install the Caddy web server on CentOS 8
It doesn’t matter whether you are on Ubuntu, Debian, RedHat or CentOS 8 / Stream, the Caddy is available for all Linux platforms. Just download its executable package file and start developing your web app or website. The steps shown here will be similar for any type of Linux distribution. It could be CetnOS 7, Ubuntu 18.04 etc. However, here we are using CentOS 8
Step 1: Connect to the CentOS 8 Linux server
If you are using a graphical version, simply open your command terminal from the Activities GNOME GUI menu. After that log in as root or you should have a user with sudo rights. If you are logging in with a user from the sudoers group, you must use sudo with each command below.
Step 2: Download and install the Caddy web server
Here we are using the command line to download the Caddy server, however, users can access its Official page to download directly for Linux or other platforms such as Windows or Android.
Download the Caddy Web Server with a license to install for personal use
sudo curl https://getcaddy.com | bash -s personal or sudo wget -qO- https://getcaddy.com | bash -s personal
Download Caddy to install it for commercial use (optional)
sudo curl https://getcaddy.com | bash -s commercial
Output for personal download command:
[[email protected] caddy]# curl https://getcaddy.com | bash -s personal
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 7380 100 7380 0 0 3649 0 0:00:02 0:00:02 --:--:-- 3651
Downloading Caddy for linux/amd64 (personal license)…
Download verification OK
Extracting…
Putting caddy in /usr/local/bin (may require password)
Caddy v1.0.3 (h1:i9gRhBgvc5ifchwWtSe7pDpsdS9+Q0Rw9oYQmYUTw1w=)
Successfully installed
After the successful installation or placement of binaries, let’s see where they are, for that just use the command:
which caddy
And the output will be:
/usr/local/bin/caddy
Step 3: Change Caddy Ownership and Permissions
Assign the Caddy binary to the root user and to the group with restricted permissions for other users. This is because in the event that a Caddy process is compromised, it will not be able to take over its binary or main system files.
sudo chown root:root /usr/local/bin/caddy
The above command will give full read, write and execute access only to the root, while any other user will only read and execute it, but will not be able to modify or write anything to the Caddy directory or its file. main.
sudo chmod 755 /usr/local/bin/caddy
Step 4: Bind the Caddy Process to the Bottom Ports
Here we are using the setcap command which will help Caddy bind to privilege pots without giving him full privilege.
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
Step 5: Create a www-data user for Caddy
In Apache or Nginx, during their installation, a www-data user without root access is automatically created for him. However, this does not happen on the Caddy web server and we have to do it manually.
sudo adduser -r -d /var/www -s /sbin/nologin www-data sudo groupadd -g www-data
In the above command, we add a user named “www-dataYou can define something else. The default directory for the user will be / var / www, we did it because we are going to use it to install websites. As we do not want to give root access and want to prevent it from any type of connection to the system, we use / sbin / nologin in the above command.
Step 6: Create a directory for Caddy to serve websites
Now we need to create a directory that contains the Caddy file, it is a file that tells the Caddy web server what is the location of the files it should display in the browser. For example, if you want to install WordPress on Caddy, so you have to tell the caddy where the WordPress files are. For this we use Caddyfile to give the path to the WordPress installation files.
So here we create a directory under / etc.
sudo mkdir /etc/caddy
Now we’re going to keep ownership of this root directory while we add it to the www-data group. So our Caddy server can read the Caddyfile which will appear inside this directory.
sudo chown -R root:www-data /etc/caddy
To note: To replace www-data with your user created in the above or future commands, in case you created a different name.
Step 7: Directory for SSL
As Caddy supports https by default, so we need to create a directory in which Caddy will save its imported Let’s Encrypt certificates.
sudo mkdir /etc/ssl/caddy
Change owner and group
sudo chown -R root:www-data /etc/ssl/caddy
Above for security reasons, we have changed the authorization of the caddy directory which contains the SSL certificates, so only the root user will be able to have all the rights while the others will only be able to read it.
sudo chmod 0770 /etc/ssl/caddy
Step 8: Create a Caddy File
Now in the caddy directory create an empty file called Caddyfile which we will use in future commands to tell the Caddy web server where our website hosting files are located.
touch /etc/caddy/Caddyfile
Step 9: Directory of website files
Same as Apache or Nginx, we also create a directory for Caddy, i.e. / var / www. Where we save our website files for use with the web server.
mkdir /var/www
Change the property from above directly and completely to the Caddy user. In our case, it is’www-data‘and in your case that would be what you created in Step 3 of this article.
We give all ownership rights of the web directory to the user who will use it by Caddy.
sudo chown www-data:www-data /var/www
Step 10: Create a System Service for the Caddy Web Server
By default to run caddy every time we have to use its command i.e. caddy and after using it we can’t run another command in the same terminal. Thus, we will install a system service for the Caddy web server which will run in the background just like the Apache and Nginx services.
sudo curl -s https://raw.githubusercontent.com/mholt/caddy/master/dist/init/linux-systemd/caddy.service -o /etc/systemd/system/caddy.service
Step 11: Modified Caddy Service File Authorization
Here we are going to change the permission of the Caddy service and give it full root access only, while the rest of the users can only run or read it.
sudo chmod 644 /etc/systemd/system/caddy.service
Step 12: Start the Caddy Service
Reload System Services to let them know about our latest addition:
systemctl daemon-reload
Check its status:
systemctl status caddy.service
If you get the output as shown in the screenshot above, it means the Caddy service has been created successfully.
Step 13: Open ports 80 and 443 in the system firewall
To access the Caddy web server outside of the local system using a browser, we need to open the HTTP and https protocols for the public so that they can connect to it in order to access the hosted web pages.
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
If your firewall isn’t working, just type
systemctl enable firewall-cmd systemctl start firewall-cmd
Step 14: Create a demo webpage to test the Caddy web server
To see if the created web server is working correctly or not, here we create a test HTML web page:
sudo touch /var/www/index.html
sudo vi /var/www/index.html
hurry Insert keyboard button. Copy and paste or type the following lines …
Caddy has been installed succefully using h2smedia tutorial
To save it, press the key. ESC key then type : wq and hit the Enter button
Step 15: Edit the Caddy File
Now let’s show the path to our Caddy web server to find out where our web page is and which port to use.
sudo vi /etc/caddy/Caddyfile
:80 {
root /var/www
}Step 16: Activate and start the Caddy web service
Finally, everything is set up and it’s time to activate and run the Caddy service in the background.
The command below will enable the service so that it can be automatically started with system startup.
systemctl enable caddy.service
Start the service with this command:
sudo systemctl start caddy
Check the condition of the same
sudo systemctl status caddy
If you see the exit below, all is well!…
[[email protected] ~]# sudo systemctl state caddy ● caddy.service - Caddy HTTP / 2 Web Server Loaded: loaded (/etc/systemd/system/caddy.service; disabled; provider preset: disabled) Active: active (running) since Mar 2019-10- 01 17:42:31 IST; 5s ago Docs: https://caddyserver.com/docs Main PID: 3807 (caddy) CGroup: /system.slice/caddy.service └─3807 / usr / local / bin / caddy -log stdout -agree = true -conf = / etc / caddy / Caddyfile -root = / va… Oct 01 17:42:31 localhost.localdomain systemd[1]: [/etc/systemd/system/caddy.service:41] Unknown… this' Oct 01 17:42:31 localhost.localdomain systemd[1]: Starting the Caddy HTTP / 2 web server. Oct 01 17:42:31 localhost.localdomain caddy[3807]: Activation of privacy functions… finished. Oct 01 17:42:31 localhost.localdomain caddy[3807]: Serve HTTP on port 80 Oct 01 17:42:31 localhost.localdomain caddy[3807]: http: // 01 Oct 17:42:31 localhost.localdomain caddy[3807]: 01/10/2019 17:42:31 [INFO] Serving http: // Oct 01 17:42:31 localhost.localdomain caddy[3807]: 01/10/2019 17:42:31 [INFO][cache:0xc00008c5a0…ine Hint: Some lines were ellipsized, use -l to show in full.
Step 17: Now test the web page
If you are on a local server with GUI then you can simply type http://localhost:80 and for the remote server, use its http://ip-address:80 in the web browser.
Caddy Automatic TLS
As we know Caddy can provide SSL certificate automatically via Let’s Crypt using an email ID provided by the user. Thus, to set up that again edits CaddyFile.
sudo vi /etc/caddy/Caddyfile
And replace the port 80 with a domain name you want to use with your website. After that also mention your email ID which it will use to install SSL certificate.
h2sexample.com {
root /var/www
gzip
tls [email protected]
}
Replace the h2sexample.com with your domain name and [email protected] with your e-mail address. And then access it using https, if everything went well, you see the secure webpage.
Other articles:
Comments are closed.