logo
icon

Caddy

Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go.

template cover
Implementado353 veces
EditorzeaburZeabur
Creado2024-07-19
Servicios
service icon
Etiquetas
proxyhttp server

Features

  • Easy configuration with the Caddyfile
  • Powerful configuration with its native JSON config
  • Dynamic configuration with the JSON API
  • Config adapters if you don't like JSON
  • Automatic HTTPS by default
    • ZeroSSL and Let's Encrypt for public names
    • Fully-managed local CA for internal names & IPs
    • Can coordinate with other Caddy instances in a cluster
    • Multi-issuer fallback
  • Stays up when other servers go down due to TLS/OCSP/certificate-related issues
  • Production-ready after serving trillions of requests and managing millions of TLS certificates
  • Scales to hundreds of thousands of sites as proven in production
  • HTTP/1.1, HTTP/2, and HTTP/3 all supported by default
  • Highly extensible modular architecture lets Caddy do anything without bloat
  • Runs anywhere with no external dependencies (not even libc)
  • Written in Go, a language with higher memory safety guarantees than other servers
  • Actually fun to use
  • So much more to discover

Configuration

The default Caddyfile prints a welcome message, with request logging and compression (gzip and zstd) enabled.

You can configure the Caddyfile in the Config Editor and restart the service to apply the changes.

For more examples of Caddyfiles, please refer to the official documentation.

Trust Zeabur's ingress proxy

Zeabur's ingress proxy will add the X-Forwarded-For and X-Real-IP headers to the requests. You can trust these headers by adding the following configuration to the Caddyfile.

{
  servers {
    trusted_proxies static private_ranges
    trusted_proxies_strict
    client_ip_headers X-Forwarded-For X-Real-IP
  }
}

Example: Password-Protected site

Your website must be a containerized service. You can remove the public domain after binding your service to Caddy.

{
  servers {
    trusted_proxies static private_ranges
    trusted_proxies_strict
    client_ip_headers X-Forwarded-For X-Real-IP
  }
}

:80 {
  basic_auth {
    # username password
    # `password` must be bcrypt-hashed, use https://bcrypt-generator.com
    # to generate the hash
    # The default username and password are "zeabur" and "zeabur".
    zeabur $2a$12$6XKjSRketHN2qIzPHRLqC.FEpGxt/LJWVH2ZvWXAWF7H433YPQVKq
  }

  # Use [Networking] > [Private Network] to connect to your service.
  # This way, unauthenticated users cannot find any endpoints to
  # connect to your original service.
  reverse_proxy rsshub.zeabur.internal:1200

  # Remember to remove the public domain after binding your service to Caddy.
}