LIVEReading: Serve Any Site with Auto-HTTPS Using CaddyTotal time: 10 minSteps: 6Worked first time: 72% LIVEReading: Serve Any Site with Auto-HTTPS Using CaddyTotal time: 10 minSteps: 6Worked first time: 72%
CBW
Serve Any Site with Auto-HTTPS Using Caddy
Mediumgithub.com/caddyserver/caddy2026-06-14

Serve Any Site with Auto-HTTPS Using Caddy

Caddy is a web server that handles HTTPS certificates automatically — no Certbot, no manual renewal. This guide gets you serving files or proxying traffic in minutes.

// Build stats

  • Total time10 min
  • Number of steps6
  • DifficultyMedium
  • Worked first time72%
// Before you start

What you need

  • A computer running Windows, macOS, or Linux
  • A terminal / command prompt you can type into
  • A domain name pointed at your server's IP (only needed for real HTTPS; localhost works fine for testing)
  • Port 80 and 443 open in your firewall (for public HTTPS)
01
Step 1 of 6

Download the Caddy binary

3 min

Caddy ships as a single executable file — no installer, no dependencies. Go to the GitHub Releases page and grab the file that matches your OS and CPU. Rename it to 'caddy' (or 'caddy.exe' on Windows) and put it somewhere easy to find, like your home folder or Desktop. On macOS/Linux you also need to make it runnable.

Terminal · mac
$ # macOS (Apple Silicon) — adjust the filename for your OS/arch from https://github.com/caddyserver/caddy/releases
$ curl -L https://github.com/caddyserver/caddy/releases/latest/download/caddy_linux_amd64.tar.gz -o caddy.tar.gz
$ tar -xzf caddy.tar.gz caddy
$ chmod +x caddy
What you should see
No output after chmod. Running './caddy version' should print something like: v2.9.1 h1:...
This might happen

Wrong architecture downloaded (e.g. amd64 on an Apple Silicon Mac)

Check your CPU: on Mac run 'uname -m' — arm64 = Apple Silicon, x86_64 = Intel. Pick the matching file from the Releases page.

02
Step 2 of 6

Move Caddy into your system PATH

2 min

Putting Caddy in a folder your system already knows about means you can type 'caddy' from any directory instead of './caddy'. On Linux/macOS the standard spot is /usr/local/bin. On Windows, move caddy.exe to a folder listed in your PATH environment variable, or just run it from the current folder.

Terminal · mac
$ # Linux / macOS only
$ sudo mv caddy /usr/local/bin/
$ caddy version
What you should see
v2.9.1 h1:... (version number will vary)
This might happen

'sudo' asks for your password and you're not sure what to type

Type your normal login password. Nothing appears on screen while you type — that is normal. Press Enter when done.

03
Step 3 of 6

Create a simple Caddyfile config

3 min

A Caddyfile is a plain text file that tells Caddy what to serve and where. Open any text editor (Notepad, TextEdit, nano, etc.), paste the config below, and save it as a file literally named 'Caddyfile' (no extension) in the folder you want to work from. This example serves static files from a folder called 'public'. Change 'localhost' to your real domain when you're ready to go live.

Terminal · mac
$ # Create the Caddyfile (paste this into your text editor and save as 'Caddyfile')
$ # --- start of file ---
$ localhost
$
$ root * ./public
$ file_server
$ # --- end of file ---
$
$ # Also create a test page so there is something to serve
$ mkdir -p public
$ echo '<h1>Hello from Caddy</h1>' > public/index.html
What you should see
No output. You should now have a file called 'Caddyfile' and a folder called 'public' with index.html inside it.
This might happen

Text editor adds a .txt extension, saving it as 'Caddyfile.txt'

In the Save dialog, wrap the filename in quotes: "Caddyfile" — this forces most editors to use the exact name.

04
Step 4 of 6

Allow Caddy to use low-numbered ports (Linux only)

1 min

On Linux, only the root user can normally listen on ports 80 and 443. This one command grants Caddy that ability without running it as root. Skip this step on macOS or Windows.

Terminal · mac
$ sudo setcap cap_net_bind_service=+ep $(which caddy)
What you should see
No output means it worked.
This might happen

'setcap' command not found

Install it with: sudo apt install libcap2-bin (Debian/Ubuntu) or sudo yum install libcap (RHEL/CentOS)

05
Step 5 of 6

Start Caddy and open your site

2 min

Run this command from the same folder that contains your Caddyfile. Caddy reads the config, sets up a local HTTPS certificate automatically, and starts serving. Open your browser and go to https://localhost — you may see a browser security warning for localhost (that is normal; click 'Advanced' then 'Proceed'). When you use a real domain instead of localhost, Caddy fetches a trusted Let's Encrypt certificate automatically and the warning disappears.

Terminal · mac
$ caddy run
What you should see
Lines like: ... serving initial configuration ... INFO Then it stays running (no prompt returns). Open https://localhost in your browser to see 'Hello from Caddy'.
This might happen

Browser shows 'Your connection is not private' on localhost

This is expected for localhost. Click 'Advanced' then 'Proceed to localhost'. For a real domain with a real certificate this warning will not appear.

06
Step 6 of 6

Use Caddy as a reverse proxy (optional)

3 min

If you already have an app running on a local port (like a Node app on port 3000), Caddy can sit in front of it and add HTTPS automatically. Stop Caddy with Ctrl+C, edit your Caddyfile to replace the file_server lines with a single reverse_proxy line, then start Caddy again.

Terminal · mac
$ # Replace the contents of your Caddyfile with this (change the domain and port to match yours):
$ # --- start of file ---
$ yourdomain.com
$
$ reverse_proxy localhost:3000
$ # --- end of file ---
$
$ # Then restart Caddy:
$ caddy run
What you should see
Caddy starts and fetches a real TLS certificate for your domain within about 30 seconds. Your app is now reachable at https://yourdomain.com.
This might happen

Certificate fails to issue — Caddy logs 'no DNS A/AAAA records'

Your domain's DNS A record must point to this server's public IP. Check with your domain registrar and wait up to 30 minutes for DNS to propagate.

// Status

cooked. baked. worked.

A running web server that serves files or proxies traffic over HTTPS, with certificates managed automatically. No manual certificate renewal ever needed.

// the honest bit

The honest part

Caddy is production-grade software, but this guide only scratches the surface. Automatic HTTPS works only when your server is publicly reachable on ports 80 and 443 with a real domain — it will not work behind a home router NAT without extra port-forwarding setup. The Caddyfile format is easy to read but has many options; anything beyond basic file serving or proxying will require reading the official docs at caddyserver.com/docs. Caddy does not manage your firewall — you still need to open ports yourself.