Other web servers and scripted certificate tools fall over with hundreds of thousands of sites or thousands of instances. Caddy is designed to manage certificates reliably at this scale.
Caddy is free software and relies on sponsorships to survive. Not just donations: sponsorships ensure ongoing development and provide your business with tangible benefits.
Caddy's TLS defaults are secure and pass PCI, HIPAA, and NIST compliance requirements. Yes, defaults: no hassle required.
</p>
</div>
<divclass="col">
<h3class="purple">HTTPS for localhost 🏠</h3>
<p>
We mean it when we say Caddy serves every site on HTTPS. Even localhost and internal IPs are served with TLS using the intermediate of a fully-automated, self-managed CA that is automatically installed into most local trust stores.
</p>
</div>
<divclass="col">
<h3class="green">Cluster coordination 🌐</h3>
<p>
Simply configure multiple Caddy instances with the same storage, and they will automatically coordinate certificate management and share resources such as keys and OCSP staples!
Caddy 2 is a <ahref="/docs/extending-caddy">highly extensible</a>, self-hosted platform on which you can build, configure, and deploy long-running services ("apps").
Caddy ships with apps for an <ahref="/docs/modules/http">HTTPS server</a> (static files, reverse proxying, load balancing, etc.), <ahref="/docs/modules/tls">TLS certificate manager</a>, and <ahref="/docs/modules/pki">fully-managed internal PKI</a>. Caddy apps collaborate to make complex infrastructure just work with fewer moving parts.
Providing a unified configuration, on-line <ahref="/docs/api">config API</a>, and <ahref="/docs/json/">automatic documentation</a> for all apps, Caddy is nearly infinitely extensible. Thanks to its unique <ahref="/docs/architecture">modular architecture</a>, we can offer unlimited features without bloating the code base.
</p>
</div>
<div>
<divclass="display right">
<codeclass="light">{
"apps": {
"tls": {
"certificates": {
"automate": [
"example.com",
"sub.example.com",
"example.net"
]
}
}
}
}</code></div>
</div>
</div>
</div>
</section>
<sectionclass="diagonal down dark feature">
<divclass="wrapper">
<h2>
A forward-thinking reverse proxy
</h2>
<p>
Caddy's proxy was designed to be as forward-compatible as possible and has major batteries included: load balancing, active and passive health checks, dynamic upstreams, retries, pluggable transports, and of course, best-in-class TLS security.
</p>
<divclass="asides asides-40-60">
<divclass="spacing">
<divclass="rollover"data-rollover="rollover-php">
<h3class="green">Proxy HTTP, FastCGI, WebSockets, and more</h3>
<p>
Capable of proxying HTTP and HTTPS, but also WebSockets, gRPC, FastCGI (usually PHP), and more! The underlying transport module is extensible for any custom way to generate an HTTP response.
Provide Caddy with a static list of backends or enable a module to retrieve backends dynamically during each request: ideal for rapidly changing environments. Caddy flows with your infrastructure!
</p>
</div>
<divclass="rollover"data-rollover="rollover-ha">
<h3class="blue">High availability</h3>
<p>
Caddy comes with a whole suite of high availability (HA) features: advanced health checking, graceful (hitless) config changes, circuit breaking, load limiting, on-line retries, and more. The best part? It's all free. No enterprise-level paywalls.
Without sponsorships, Caddy could stop being developed at any time.
With sponsorships, you gain peace of mind knowing that the project will continue to be developed, along with tangible benefits like private support and training.
Serving static files is a tried-and-true method of delivering sites to numerous clients efficiently. Caddy has a robust file server that can be combined with other middleware features for the ultimate effortless website.
Caddy can compress files on-the-fly or serve precompressed files for extra performance. Caddy is also the first web server to support Zstandard encoding.
</p>
</div>
<divclass="rollover"data-rollover="rollover-vfs">
<h3class="green">Virtual file systems</h3>
<p>
Serve your static site from anything: the local file system, remote cloud storage, a database, or even embedded in the server binary!
<h3class="yellow">Range requests, Etags, and more</h3>
<p>
Unlike many ad-hoc file servers intended for temporary local development, Caddy fully supports Range requests, Etags, and a full production feature set.
If a directory without an index file is requested, Caddy can show an elegant file browser with breadcrumb nav, file size visualizations, filetype icons, and a grid view.
Configure your server your way. Caddy's native configuration format is JSON, but with Caddy's config adapters, you can use any config format you prefer. All configuration is posted through a RESTful admin API, and Caddy's CLI helps you work with config files easily.
Caddy's native config format is JSON, giving you incredible power and flexibility for automated, large-scale deployments.
<p>
Make dynamic config changes through an <ahref="/docs/api">intuitive, programmable REST API</a> that offers ACID guarantees. It is also <b>safely scoped</b>, meaning that the URI path restricts changes, making it impossible to accidentally alter other parts of your config.
</p>
<!-- <ul>
<li><b>Atomic:</b> Multiple changes in a single request are treated as a single unit; any failed change aborts all the other changes.</li>
<li><b>Consistent:</b> No invalid configurations can be loaded; your server will never break if a problem is detected at config load.</li>
<li><b>Isolated:</b> No config changes rely on another. (It helps that HTTP is a stateless protocol!)</li>
<li><b>Durable:</b> Caddy automatically persists the current, valid configuration to disk and can safely resume it after a power cycle if the <code>--resume</code> flag is used.</li>
Most people prefer to use a <ahref="/docs/caddyfile">Caddyfile</a> because it lets you get a production-ready site up and running in just a few hand-written lines. It's not uncommon for Caddyfiles to be just <ahref="https://twitter.com/yakczar/status/713712646147743744">~15% the size of a less-capable nginx config</a>!
</p>
</div>
<div>
<divclass="display right">
<codeclass="light">caddyserver.com
root * src
file_server
templates
encode zstd gzip
redir /docs/json /docs/json/
rewrite /docs/json/* /docs/json/index.html
rewrite /docs/* /docs/index.html
reverse_proxy /api/* localhost:9002</code>
<divclass="caption">Actual config used by this site.</div>
</div>
</div>
</div>
<divclass="asides">
<div>
<divclass="display left">
<codeclass="dark">$ caddy run \
--config nginx.conf \
--adapter nginx<divclass="blinking"></div></code>
</div>
</div>
<div>
<h3>Config adapters</h3>
<p>
Power Caddy with anything, even NGINX config files!
</p>
<p>
With first-class support for <ahref="/docs/config-adapters">config adaptation</a>, you can configure your web server with your favorite format: YAML, TOML, CUE, NGINX, HCL, Dhall, JSON with comments, or even a MySQL database. The Caddyfile is a built-in config adapter.
</p>
<!-- <p>
Fewer moving parts means fewer failures, lower costs, and less sunk time.
Caddy is the only server in the world with its novel, modular architecture. At its core, Caddy is a configuration manager that runs apps like an HTTP server, internal certificate authority, TLS certificate manager, process supervisor, and more.
No RPC calls or flimsy dependency management. Plugins are compiled into the static binary, making successful deployments certain and runtimes blazing fast.
