Overview: Caddy is a modern, extensible web server platform designed to serve HTTP/1.1, HTTP/2, and HTTP/3 with TLS enabled by default. Unlike traditional web servers that require manual certificate management, Caddy automatically obtains and renews SSL/TLS certificates from Let’s Encrypt and ZeroSSL for public domains, and provisions a local CA for internal services. Built in Go with no external dependencies (not even libc), it runs consistently across platforms and scales to hundreds of thousands of sites. Caddy’s architecture treats configuration as a unified JSON document, enabling dynamic changes via API and supporting multiple input formats including Caddyfile, YAML, TOML, and even NGINX config through adapters. It’s ideal for developers and DevOps teams seeking a secure, production-ready server with minimal operational overhead.
What You Get
- Automatic HTTPS - Caddy automatically provisions and renews TLS certificates using Let’s Encrypt or ZeroSSL for public domains, and sets up a local CA for internal hosts and IPs without manual intervention.
- Multi-protocol HTTP support - Native support for HTTP/1.1, HTTP/2, and HTTP/3 (including Encrypted ClientHello) with no additional configuration required.
- Dynamic configuration via API - Modify server behavior at runtime using the JSON API without restarting, enabling zero-downtime deployments and real-time adjustments.
- Caddyfile and config adapters - Configure Caddy using the simple, human-readable Caddyfile syntax or convert YAML, TOML, JSON5, or NGINX configs into native Caddy JSON via adapters.
- Extensible modular architecture - Add custom modules and plugins using Go imports; extend functionality for logging, storage, authentication, or routing without bloating the binary.
- No external dependencies - Compiled binaries are standalone, requiring no libc or system libraries, making them ideal for containers and minimal environments.
- High availability & resilience - Caddy continues serving requests during TLS/OCSP failures and supports multi-issuer fallback to avoid service outages due to certificate issues.
Common Use Cases
- Building a multi-tenant SaaS dashboard with TLS for every customer domain - Caddy automatically issues and renews certificates for each tenant’s custom domain using its built-in ACME client, eliminating the need for manual SSL management.
- Deploying microservices with internal TLS - Use Caddy’s local CA to issue certificates for internal services (e.g., gRPC, API gateways) on private IPs or hostnames without relying on external PKI.
- Problem: Managing SSL certs across 50+ domains → Solution: Caddy - Automate certificate issuance, renewal, and revocation for all domains with a single config file or API call instead of juggling certbot, cron jobs, and nginx reloads.
- DevOps teams managing hybrid cloud deployments - Deploy identical Caddy binaries on AWS, Azure, and bare metal with consistent config via JSON API or version-controlled Caddyfiles, reducing environment drift.
Under The Hood
Caddy is a modern, extensible HTTP server designed for ease of use and flexibility in web serving environments. It emphasizes a modular architecture that allows developers to configure and extend functionality with minimal complexity.
Architecture
Caddy’s architecture is built around a core engine that manages modules and supports flexible configuration through multiple formats.
- The system uses a plugin-like module structure that enables dynamic loading and composition of features
- Modules are organized by responsibility, such as HTTP handling, TLS, and configuration parsing, ensuring clear separation of concerns
- Design patterns like strategy and middleware are employed to manage request processing and configuration adapters
- A centralized registry and context-based injection facilitate component interaction and dependency management
Tech Stack
Caddy is implemented in Go, leveraging the language’s performance and concurrency model for efficient web serving.
- The project is built with idiomatic Go practices, utilizing standard library packages for networking and file handling
- Extensive use of integration and unit tests ensures robustness and maintainability across modules
- Go’s built-in testing frameworks and tooling support comprehensive test coverage and validation
- The architecture integrates with system-level tools for deployment, monitoring, and operational control
Code Quality
Caddy demonstrates a mature approach to code quality with strong testing practices and consistent conventions.
- Comprehensive test suites cover both unit and integration scenarios, ensuring reliability across components
- Error handling is consistently applied with clear patterns for managing exceptions and edge cases
- Code follows Go idioms and style guidelines, promoting readability and maintainability across the codebase
- Some technical debt remains in error wrapping and test organization, but overall consistency is strong
What Makes It Unique
Caddy distinguishes itself through its innovative approach to modular configuration and event-driven processing.
- The project introduces a powerful event system that enables deep integration without sacrificing encapsulation
- Caddyfile parsing and modular composition provide an intuitive yet powerful interface for configuration
- Its middleware-style architecture allows fine-grained control over request lifecycle without complex setup
- The extensibility model supports custom modules and plugins, making it highly adaptable to diverse deployment needs