Skip to main content

Every site on HTTPS

Caddy is an extensible server platform that uses TLS by default. Built with Go, it offers higher memory safety guarantees than other servers and runs anywhere with no external dependencies.

Quick Start

Get up and running with Caddy in minutes

Installation

Download and install Caddy on your platform

Configuration

Learn the Caddyfile syntax for easy configuration

API Reference

Explore Caddy’s powerful JSON API

Key Features

Automatic HTTPS by Default

Caddy automatically obtains and renews TLS certificates for your sites, with no configuration required.

Zero Config TLS

Caddy obtains certificates from ZeroSSL and Let’s Encrypt automatically. No manual certificate management needed.

Fully-Managed Local CA

Internal names and IPs get certificates from a local CA that Caddy manages for you.

Cluster Coordination

Multiple Caddy instances can coordinate certificate management in a cluster.

ECH Support

Encrypted ClientHello (ECH) support for enhanced privacy.

Production-Ready at Scale

Caddy has served trillions of requests and managed millions of TLS certificates in production environments.
Caddy scales to hundreds of thousands of sites as proven in production deployments worldwide.

Modern Protocol Support

  • HTTP/1.1, HTTP/2, and HTTP/3 all supported by default
  • No configuration needed to enable modern protocols
  • Automatic protocol negotiation

Highly Extensible Architecture

Caddy’s modular architecture allows it to do anything without bloat: 
// Example: Caddy apps are just Go programs implemented as modules
type App interface {
    Start() error
    Stop() error
}

// From cmd/main.go
func Main() {
    if len(os.Args) == 0 {
        fmt.Printf("[FATAL] no arguments provided by OS; args[0] must be command\n")
        os.Exit(caddy.ExitCodeFailedStartup)
    }

    if err := defaultFactory.Build().Execute(); err != nil {
        var exitError *exitError
        if errors.As(err, &exitError) {
            os.Exit(exitError.ExitCode)
        }
        os.Exit(1)
    }
}

Configuration Approaches

Caddy is unique in offering multiple ways to configure the same server:
1

Caddyfile (Recommended for most)

The Caddyfile is Caddy’s native configuration format - simple, human-readable, and powerful.
example.com {
    reverse_proxy localhost:9000
}
2

JSON (Native format)

JSON is Caddy’s native config language. The Caddyfile and other formats are adapted to JSON.
{
  "apps": {
    "http": {
      "servers": {
        "srv0": {
          "listen": [": 443"],
          "routes": [...]
        }
      }
    }
  }
}
3

JSON API (Dynamic configuration)

Caddy exposes a RESTful JSON API for dynamic, runtime configuration changes with zero downtime.
curl -X POST http://localhost:2019/load \
  -H "Content-Type: application/json" \
  -d @caddy.json
4

Config Adapters

Use config adapters to convert other formats (YAML, TOML, NGINX config) into Caddy JSON.

Why Caddy?

Stays Up When Others Go Down

Caddy continues serving even when other servers would crash due to TLS, OCSP, or certificate-related issues.

No External Dependencies

Caddy runs anywhere with no external dependencies - not even libc. Just download and run.

Memory Safety

Written in Go, a language with higher memory safety guarantees than C/C++ servers.

Actually Fun to Use

From the README:
Actually fun to use
The name “Caddy” is trademarked. Please call it “Caddy” or “the Caddy web server”, not “Caddy Server” or “CaddyServer”.

Architecture Overview

Caddy is built on a powerful plugin system: 
// From caddy.go - Config structure
type Config struct {
    Admin   *AdminConfig `json:"admin,omitempty"`
    Logging *Logging     `json:"logging,omitempty"`
    
    // StorageRaw is a storage module for assets like TLS certificates
    StorageRaw json.RawMessage `json:"storage,omitempty"`
    
    // AppsRaw are the apps that Caddy will load and run
    AppsRaw ModuleMap `json:"apps,omitempty"`
}

Core Apps

Two apps ship standard with Caddy:
  1. tls - Provides TLS facilities including certificate loading, management, and client auth
  2. http - Full-featured HTTP server with reverse proxy, file server, and more

Project Information

Caddy was created by Matthew Holt in 2014 while studying computer science at Brigham Young University. It became the first web server to use HTTPS automatically and by default.

Open Source & Community

  • License: Apache 2.0
  • Language: Go 1.25.0 or newer required
  • Community: Active forum at caddy.community
  • Sponsorship: Caddy is a project of ZeroSSL, an HID Global company

Powered by CertMagic

Caddy’s automatic HTTPS is powered by CertMagic, an open-source library that handles all the complexity of certificate management.

Next Steps

Get Started

Follow our quick start guide to serve your first site

Install Caddy

Choose your installation method and platform

Learn Caddyfile

Master Caddy’s configuration syntax

Explore Modules

Discover available modules and handlers

Build docs developers (and LLMs) love

Get started for freeTalk to us