Web server

How to Download and Use Caddy Web Server on CentOS 8 Linux -H2S Media

There are a few web servers that have dominated the server world like Apache and Nginx apart from them Lightweight LiteSpeed ​​web server and Microsoft IIS are also present. However, these are undoubtedly the most popular, but there are new emerging open source projects such as Caddy web server.

Now what is Caddy?

It’s a alternative to a web server like Apache, Microsoft II and others. Yet unpopular, however, the developers are working on it. It was designed to support all popular platforms, which is why it is available for Windows, macOS, Linux, BSD, Android, Solaris, 32 bit, x64, ARM, mips64 and more… It s’ is therefore a multiplatform server. application that handles the HTTP / https request.

Caddy has a wide range of features:

  1. It comes in a single downloadable executable file, which means no external dependencies.
  2. No need to install anything, just start using it from the downloaded Caddy directory.
  3. After making changes to the Caddy web server, with just one command, it can be reloaded without any downtime.
  4. Cryptographically signed packets
  5. Can run on Docker images
  6. Easy upgrade without any server downtime
  7. The Caddy web server uses HTTPS by default.
  8. Caddy’s functionality can be extended with plugins.
  9. Available in Community and Enterprise editions.
  10. Supports multiple processor cores
  11. Virtual host support
  12. QUIC, proxy, FastCGI, reverse proxy support
  13. Encryption technologies including AES-GCM, ChaCha, and ECC by default.
  14. TLS 1.3 by default
  15. PCI-compliant load balancing; capable of proxy WebSocket connections, Gzip compression
  16. Scalable and more …

Tutorial to install the Caddy web server on CentOS 8

It doesn’t matter whether you are on Ubuntu, Debian, RedHat or CentOS 8 / Stream, the Caddy is available for all Linux platforms. Just download its executable package file and start developing your web app or website. The steps shown here will be similar for any type of Linux distribution. It could be CetnOS 7, Ubuntu 18.04 etc. However, here we are using CentOS 8

Step 1: Connect to the CentOS 8 Linux server

If you are using a graphical version, simply open your command terminal from the Activities GNOME GUI menu. After that log in as root or you should have a user with sudo rights. If you are logging in with a user from the sudoers group, you must use sudo with each command below.

Step 2: Download and install the Caddy web server

Here we are using the command line to download the Caddy server, however, users can access its Official page to download directly for Linux or other platforms such as Windows or Android.

Download the Caddy Web Server with a license to install for personal use

sudo curl https://getcaddy.com | bash -s personal 

sudo wget -qO- https://getcaddy.com | bash -s personal 

Download Caddy to install it for commercial use (optional)

sudo curl https://getcaddy.com | bash -s commercial 

Output for personal download command:

[[email protected] caddy]# curl https://getcaddy.com | bash -s personal
   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                  Dload  Upload   Total   Spent    Left  Speed
 100  7380  100  7380    0     0   3649      0  0:00:02  0:00:02 --:--:--  3651
 Downloading Caddy for linux/amd64 (personal license)…
 Download verification OK
 Putting caddy in /usr/local/bin (may require password)
 Caddy v1.0.3 (h1:i9gRhBgvc5ifchwWtSe7pDpsdS9+Q0Rw9oYQmYUTw1w=)
 Successfully installed

After the successful installation or placement of binaries, let’s see where they are, for that just use the command:

which caddy

And the output will be:


Step 3: Change Caddy Ownership and Permissions

Assign the Caddy binary to the root user and to the group with restricted permissions for other users. This is because in the event that a Caddy process is compromised, it will not be able to support its binary or core system files.

sudo chown root:root /usr/local/bin/caddy 

The above command will give full read, write and execute access only to the root, while any other user will only read and execute it, but will not be able to modify or write anything in the Caddy directory or its file. main.

sudo chmod 755 /usr/local/bin/caddy

Step 4: Bind the Caddy Process to the Bottom Ports

Here we are using the setcap command which will help Caddy bind to privilege pots without giving him full privilege.

sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy

Step 5: Create a www-data user for Caddy

In Apache or Nginx, when they are installed, a www-data user without root access is automatically created for him. However, this does not happen on the Caddy web server and we have to do it manually.

sudo adduser -r -d /var/www -s /sbin/nologin www-data
sudo groupadd -g www-data 

In the above command, we add a user named “www-data“. You can define something else. The default directory for the user will be / var / www, we did it because we are going to use it to install websites. As we do not want to give root access and want to prevent it from any type of connection to the system, we use / sbin / nologin in the above command.

Step 6: Create a directory for Caddy to serve websites

Now we need to create a directory that contains the Caddy file, it is a file that tells the Caddy web server what is the location of the files it should display in the browser. For example, if you want to install WordPress on Caddy, so you have to tell the caddy where the WordPress files are. For this we use Caddyfile to give the path to the WordPress installation files.

So here we create a directory under / etc.

 sudo mkdir /etc/caddy 

Now we’re going to keep ownership of this root directory while we add it to the www-data group. So our Caddy server can read the Caddyfile which will appear inside this directory.

 sudo chown -R root:www-data /etc/caddy   

To note: To replace www-data with your user created in the above or future commands, in case you created a different name.

Step 7: Directory for SSL

As Caddy supports https by default, so we need to create a directory in which Caddy will save its imported Let’s Encrypt certificates.

sudo mkdir /etc/ssl/caddy 

Change owner and group

sudo chown -R root:www-data /etc/ssl/caddy

Above for security reasons, we have changed the authorization of the caddy directory which contains the SSL certificates, so only the root user will be able to have all the rights while the others will only be able to read it.

sudo chmod 0770 /etc/ssl/caddy

Step 8: Create a Caddy File

Now in the caddy directory create an empty file called Caddyfile which we will use in future commands to tell the Caddy web server where our website hosting files are located.

 touch /etc/caddy/Caddyfile 

Step 9: Directory of website files

Same as Apache or Nginx, we also create a directory for Caddy, i.e. / var / www. Where we save our website files for use with the web server.

mkdir /var/www

Change the property from above directly and completely to the Caddy user. In our case, it is’www-data‘and in your case that would be what you created in Step 3 of this article.

We give all ownership rights of the web directory to the user who will use it by Caddy.

  sudo chown www-data:www-data /var/www 

Step 10: Create a System Service for the Caddy Web Server

By default to run caddy every time we have to use its command i.e. caddy and after using it we can’t run another command in the same terminal. Thus, we will install a system service for the Caddy web server which will run in the background just like the Apache and Nginx services.

sudo curl -s https://raw.githubusercontent.com/mholt/caddy/master/dist/init/linux-systemd/caddy.service -o /etc/systemd/system/caddy.service

Step 11: Modified Caddy Service File Authorization

Here we are going to change the permission of the Caddy service and give it full root access only, while the rest of the users can only run or read it.

sudo chmod 644 /etc/systemd/system/caddy.service

Step 12: Start the Caddy Service

Reload System Services to let them know about our latest addition:

systemctl daemon-reload

Check its status:

systemctl status caddy.service
The-service-is-activated-and-caddy-is-running-in the background

If you get the output as shown in the screenshot above, it means the Caddy service has been created successfully.

Step 13: Open ports 80 and 443 in the system firewall

To access the Caddy web server outside of the local system using a browser, we need to open the HTTP and https protocols for the public so that they can connect to it in order to access the hosted web pages.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

If your firewall isn’t working, just type

systemctl enable firewall-cmd
systemctl start firewall-cmd 

Step 14: Create a demo webpage to test the Caddy web server

To see if the created web server is working correctly or not, here we create a test HTML web page:

sudo touch /var/www/index.html
sudo vi /var/www/index.html

hurry Insert keyboard button. Copy and paste or type the following lines …


Caddy has been installed succefully using h2smedia tutorial

To save it, press the key. ESC key then type : wq and hit the Enter button

Step 15: Edit the Caddy File

Now let’s show the path to our Caddy web server to find out where our web page is and which port to use.

sudo vi /etc/caddy/Caddyfile
:80 {
    root /var/www

Step 16: Activate and start the Caddy web service

Finally, everything is set up and it’s time to activate and run the Caddy service in the background.

The command below will enable the service so that it can be automatically started with system startup.

systemctl enable caddy.service 

Start the service with this command:

sudo systemctl start caddy

Check the condition of the same

sudo systemctl status caddy

If you see the exit below, all is well!…

[[email protected]    ~]# sudo systemctl state caddy
 ● caddy.service - Caddy HTTP / 2 Web Server Loaded: loaded (/etc/systemd/system/caddy.service; disabled; provider preset: disabled) Active: active (running) since Tue 2019-10 -01 17:42:31 IST;  5s ago Docs: https://caddyserver.com/docs Main PID: 3807 (caddy) CGroup: /system.slice/caddy.service └─3807 / usr / local / bin / caddy -log stdout -agree = true -conf = / etc / caddy / Caddyfile -root = / va… Oct 01 17:42:31 localhost.localdomain systemd[1]: [/etc/systemd/system/caddy.service:41] Unknown… this' Oct 01 17:42:31 localhost.localdomain systemd[1]: Starting the Caddy HTTP / 2 web server.  Oct 01 17:42:31 localhost.localdomain caddy[3807]: Activation of privacy functions… finished.  Oct 01 17:42:31 localhost.localdomain caddy[3807]: Serve HTTP on port 80 Oct 01 17:42:31 localhost.localdomain caddy[3807]: http: // 01 Oct 17:42:31 localhost.localdomain caddy[3807]: 01/10/2019 17:42:31 [INFO] Serving http: // Oct 01 17:42:31 localhost.localdomain caddy[3807]: 01/10/2019 17:42:31 [INFO][cache:0xc00008c5a0…ine
 Hint: Some lines were ellipsized, use -l to show in full.
Caddy web Server tutorial with Automatic HTTPS

Step 17: Now test the web page

If you are on a local server with GUI then you can simply type http://localhost:80 and for the remote server, use its http://ip-address:80 in the web browser.


Caddy Automatic TLS

As we know Caddy can provide SSL certificate automatically via Let’s Crypt using an email ID provided by the user. Thus, to set up that again edits CaddyFile.

sudo vi /etc/caddy/Caddyfile

And replace the port 80 with a domain name you want to use with your website. After that also mention your email ID which it will use to install SSL certificate.

h2sexample.com {
     root /var/www
     tls [email protected]

Replace the h2sexample.com with your domain name and [email protected] with your e-mail address. And then access it using https, if everything went well, you see the secure webpage.

Other articles:

Leave a Reply

Your email address will not be published.