Skip to content

Instantly share code, notes, and snippets.

@razhangwei

razhangwei/caddyfile.md

Created January 21, 2025 05:02
Show Gist options
  • Save razhangwei/902207a6ff128b2dc8597877f83c38d2 to your computer and use it in GitHub Desktop.
Save razhangwei/902207a6ff128b2dc8597877f83c38d2 to your computer and use it in GitHub Desktop.
Download ZIP
Caddy config cheatsheet
Raw
caddyfile.md

Caddy Configuration Cheat Sheet

Basic Site Configuration

# Simple static site
example.com {
    root * /var/www/html
    file_server
}

# PHP site
example.com {
    root * /var/www/html
    php_fastcgi unix//run/php/php-fpm.sock
    file_server
}

Reverse Proxy Configurations

# Basic reverse proxy
example.com {
    reverse_proxy localhost:8080
}

# Proxy with headers
example.com {
    reverse_proxy localhost:8080 {
        header_up Host {host}
        header_up X-Real-IP {remote_host}
        header_up X-Forwarded-For {remote_host}
        header_up X-Forwarded-Proto {scheme}
    }
}

# Load balancing
example.com {
    reverse_proxy {
        to localhost:8080 localhost:8081
        lb_policy round_robin
    }
}

HTTPS & TLS

# Force HTTPS
example.com {
    redir https://{host}{uri} permanent
}

# Custom TLS
example.com {
    tls your@email.com
}

# Self-signed certificate
example.com {
    tls internal
}

# Custom certificate files
example.com {
    tls /path/to/cert.pem /path/to/key.pem
}

Security Headers

example.com {
    header {
        # Security headers
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
        Referrer-Policy "no-referrer-when-downgrade"
        X-XSS-Protection "1; mode=block"
        # CORS
        Access-Control-Allow-Origin "*"
    }
}

Compression & Performance

example.com {
    encode gzip zstd
    file_server {
        precompressed br gzip
    }
}

Common Snippets

# Basic authentication
example.com {
    basicauth {
        user JDJhJDE0JE91S2l4dFVWckN2RzlwZXZzLnpPNE8vNmY3L2V6MkV1bnZxUjhNWnhVZEtVZC5URXNPMVVX
    }
}

# Rate limiting
example.com {
    rate_limit {
        zone dynamic {
            key {remote_host}
            events 10
            window 10s
        }
    }
}

# Path-specific rules
example.com {
    handle /api/* {
        reverse_proxy localhost:3000
    }
    handle /static/* {
        root * /var/www/static
        file_server
    }
}

Logging

example.com {
    log {
        output file /var/log/caddy/access.log
        format json
        level INFO
    }
}

Environment Variables

{
    env SITE_ROOT
}
example.com {
    root * {$SITE_ROOT}
    file_server
}

Common Matchers

# Path matching
handle /api/* {
    respond "API endpoint"
}

# Method matching
@post method POST
handle @post {
    respond "POST request"
}

# Host matching
@host host example.com
handle @host {
    respond "Specific host"
}

# File matching
@images path *.jpg *.png *.gif
handle @images {
    header Cache-Control "max-age=31536000"
}

Quick Tips

  1. Test configuration:

    caddy validate

  2. Reload configuration:

    caddy reload

  3. Format Caddyfile:

    caddy fmt

  4. View current config:

    caddy adapt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment