Caddy

Features

• Easy configuration with the Caddyfile
• Powerful configuration with its native JSON config
• Dynamic configuration with the JSON API
• Config adapters if you don't like JSON
• Automatic HTTPS by default
  • ZeroSSL and Let's Encrypt for public names
  • Fully-managed local CA for internal names & IPs
  • Can coordinate with other Caddy instances in a cluster
  • Multi-issuer fallback
• Stays up when other servers go down due to TLS/OCSP/certificate-related issues
• Production-ready after serving trillions of requests and managing millions of TLS certificates
• Scales to hundreds of thousands of sites as proven in production
• HTTP/1.1, HTTP/2, and HTTP/3 all supported by default
• Highly extensible modular architecture lets Caddy do anything without bloat
• Runs anywhere with no external dependencies (not even libc)
• Written in Go, a language with higher memory safety guarantees than other servers
• Actually fun to use
• So much more to discover

Example: Password-Protected site

Your website must be a containerized service. You can remove the public domain after binding your service to Caddy.

:80 {
  basic_auth {
    # username password
    # password must be bcrypt-hashed, use https://bcrypt-generator.com
    # to generate the hash
    zeabur $2a$12$89ILyolZKkRvNug1DlHrjunBLVjgjDn73GW/7spsDGsIjzZVZflgO
  }

  # Use networking > private network to connect to your service.
  # This way, unauthenticated users cannot find any endpoints to
  # connect to your original service.
  reverse_proxy rsshub.zeabur.internal:1200

  # Remember to remove the public domain after binding your service to Caddy.
}