Caddy is essentially a configuration management system that can run various apps like an HTTP server, TLS certificate manager, PKI facilities, and more. It can be extended with plugins known as config modules.
Caddy sports a flexible and powerful HTTP reverse proxy, on-line configuration API, and a robust, production-ready static file server, and serves all sites over HTTPS by default with automagic TLS certificates.
Language
The language choice is crucial for a web server. Most servers (NGINX, Apache, HAProxy, etc.) and their dependencies are written in C, which are vulnerable to catastrophic memory safety bugs like Heartbleed. Go programs like Caddy are impervious to a whole class of security vulnerabilities.
Go
Build artifacts
Caddy compiles directly to native CPU instructions. There is no interpreter required; and many instructions are architecture-optimized.
Platform-native static binary
Runtime dependencies
Caddy is statically compiled. Dynamically-linked applications can easily break in production and may be less secure as shared executable resources are loaded from various places around the system. Generally, Caddy binaries do not necessarily require external libraries — not even libc.
None
Compile time
On consumer hardware, standard Caddy builds compile in just a few seconds. This is crucial for rapid iteration, plugin development, and low-cost deployments.
5 seconds
Deployment environments
Caddy can go practically anywhere and be deployed a variety of ways. In general, upgrading is as simple as replacing the binary.
- Command line interface
- System service
- Containers
- Kubernetes
- Embedded
Supply chain and releases
Go modules verify the integrity of our dependencies and we cryptographically sign our release artifacts so you know what you can trust.
Cryptographically verified
Operating systems
Caddy runs on every major platform for which Go compiles.
- Linux
- Windows
- macOS
- FreeBSD
- OpenBSD
- NetBSD
- Android
Microarchitectures
Run Caddy with native code on numerous CPU platforms.
- x86 (i386, i686)
- x86-64 (AMD64)
- ARM
- ARM 64 (AArch64)
- MIPS
- MIPS64[LE]
- PPC64[LE]
- RISCV64
- S390X
- Apple Silicon (Apple ARM; M1, M2, etc.)
Regular expression engine
RE2
Concurrency model
Go's runtime optimizes scheduled CPU time in smarter ways than the operating system can using lightweight user-space threads called goroutines. Caddy easily handles hundreds of thousands of requests per second.
Goroutines (epoll + kqueue)
Plugin model
Caddy can be extended by compile-time plugins, which compile as native code, in a way that cannot be broken during deployments or by system upgrades. With no IPC or RPC calls, Caddy extensions perform equally well with native code.
Compile-time static
Configuration changes
With zero-downtime graceful reloads, Caddy's configuration can be changed while it is running. It's programmable/scriptable for powerful automation.
- RESTful HTTP API
- Config files
- Secure remote access
App modules
Top-level configuration structures are called app modules, or Caddy apps. They provide the bulk of Caddy's functionality. Anyone can write app modules, and Caddy comes with several standard apps built-in.
Logs
Caddy's logging can be configured as to format, verbosity, output, and more.
- Leveled
- Structured
- High efficiency, zero-allocation
Storage
Assets and state are stored in configurable storage modules. Third-party plugins add databases like Postgres and Redis, or orchestrators like Consul and Vault.
File system
Embedded (in-memory)