Quic and HTTP3 by default

As of version 2.6, QUIC+HTTP3 is activated by default when running the Caddy server. The protocols can be tuned in the global options block:

1
2
3
4
5

{
    servers :443 {
            protocols h1 h2 h3
    }
}

Auto TLS certificates

No more managing Let’s encrypt certificates manually. Caddy does everything automatically from provisioning the certificates, to the renewing and revoking.

Built-in tooling

The Caddy binary comes with useful commands out of the box to do several tasks like:

  • format the configuration file(caddyfile):
1
2

# format and save file in place
caddy fmt --overwrite

  • Validating the config file with caddy validate

  • Generate hash passwords to be used in things like basic authentication, etc:

1

caddy hash-password

Dynamic templating

Caddy has a templating system that offers primitives to do things like: dynamically importing HTML pages, markdown rendering, JSON parsing, time and etc

PHP and FastCGI

We can render PHP files by passing it to the FastCGI server with:

1
2
3
4
5

asite.com {  
	root * /var/www/a-site
	php_fastcgi unix//run/php/php8.1-fpm.sock
	file_server
}

Securing server/paths with basic auth

We can quickly add basic auth by generating the password has with caddy hash-password and then adding the config to the server block with:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

asite.com {
	# for /login path or we can remove the path and have it applied for everything
 	basicauth /login {
		<username> <hashed-password>
	}

	handle {
	    reverse_proxy :8000
	}
}

Reverse-proxying

Doing reverse proxy is as simple as:

1
2
3

a-site {
    reverse_proxy :5031
}

Gotchas

  • As far as I know, you can’t define global headers, they need to be defined inside a server block