HTTPS quick-start
This guide will show you how to get up and running with fully-managed HTTPS in no time.
Caddy uses HTTPS for all sites by default, as long as a host name is provided in the config. This tutorial assumes you want to get a publicly-trusted site (i.e. not “localhost”) up over HTTPS, so we’ll be using a public domain name and external ports.
Prerequisites:
- Basic terminal / command line skills
- Basic understanding of DNS
- A registered public domain name
- External access to ports 80 and 443
caddy
andcurl
in your PATH
In this tutorial, replace example.com
with your actual domain name.
Set your domain’s A/AAAA records point to your server. You can do this by logging into your DNS provider and managing your domain name.
Before continuing, verify correct records with an authoritative lookup. Replace example.com
with your domain name, and if you are using IPv6 replace type=A
with type=AAAA
:
curl "https://cloudflare-dns.com/dns-query?name=example.com&type=A" \
-H "accept: application/dns-json"
Also make sure your server is externally reachable on ports 80 and 443 from a public interface.
If you’re on your home or other restricted network, you may need to forward ports or adjust firewall settings.
All we have to do is start Caddy with your domain name in the config. There are several ways to do this.
Caddyfile
This is the most common way to get HTTPS.
Create a file called Caddyfile
(no extension) where the first line is your domain name, for example:
example.com
respond "Hello, privacy!"
Then from the same directory, run:
caddy run
You will see Caddy provision a TLS certificate and serve your site over HTTPS. This was possible because your site’s address in the Caddyfile contained a domain name.
The file-server command
If all you need is serving static files over HTTPS, run this command (replacing your domain name):
caddy file-server --domain example.com
You will see Caddy provision a TLS certificate and serve your site over HTTPS.
The reverse-proxy command
If all you need is a simple reverse proxy over HTTPS (as a TLS terminator), run this command (replacing your domain name and actual backend address):
caddy reverse-proxy --from example.com --to localhost:9000
You will see Caddy provision a TLS certificate and serve your site over HTTPS.
JSON config
The general rule of thumb is that any host matcher will trigger automatic HTTPS.
Thus, a JSON config such as the following will enable production-ready automatic HTTPS:
{
"apps": {
"http": {
"servers": {
"hello": {
"listen": [":443"],
"routes": [
{
"match": [{
"host": ["example.com"]
}],
"handle": [{
"handler": "static_response",
"body": "Hello, privacy!"
}]
}
]
}
}
}
}
}