HTTPS quick-start

    Caddy uses HTTPS for all sites by default, as long as a host name is provided in the config. This tutorial assumes you want to get a publicly-trusted site (i.e. not “localhost”) up over HTTPS, so we’ll be using a public domain name and external ports.

    Prerequisites:

    • Basic terminal / command line skills
    • Basic understanding of DNS
    • A registered public domain name
    • External access to ports 80 and 443
    • and curl in your PATH

    In this tutorial, replace example.com with your actual domain name.

    Set your domain’s A/AAAA records point to your server. You can do this by logging into your DNS provider and managing your domain name.

    Before continuing, verify correct records with an authoritative lookup. Replace example.com with your domain name, and if you are using IPv6 replace type=A with type=AAAA:

    If you’re on your home or other restricted network, you may need to forward ports or adjust firewall settings.

    All we have to do is start Caddy with your domain name in the config. There are several ways to do this.

    This is the most common way to get HTTPS.

    Create a file called Caddyfile (no extension) where the first line is your domain name, for example:

    1. example.com

    Then from the same directory, run:

    If all you need is serving static files over HTTPS, run this command (replacing your domain name):

    1. caddy file-server --domain example.com

    You will see Caddy provision a TLS certificate and serve your site over HTTPS.

    If all you need is a simple reverse proxy over HTTPS (as a TLS terminator), run this command (replacing your domain name and actual backend address):

    You will see Caddy provision a TLS certificate and serve your site over HTTPS.

    The general rule of thumb is that any host matcher will trigger automatic HTTPS.

    1. "apps": {
    2. "http": {
    3. "servers": {
    4. "hello": {
    5. "listen": [":443"],
    6. "routes": [
    7. {
    8. "match": [{
    9. "host": ["example.com"]
    10. "handler": "static_response",
    11. "body": "Hello, privacy!"
    12. }]
    13. }
    14. ]
    15. }
    16. }
    17. }
    18. }
    19. }