life coded

a personal blog by Maximilian Ehlers

Deploying SSL secured website in 10 minutes

Caddy

Through a colleague I have recently stumbled upon caddy. It is a new Webserver written in Go.

You might think why not use nginx?, and this was exactly my question. The answer is best explained by the following config file for caddy:

ehlers.space

Yup, that is it. This will run this blog with SSL through Letsencrypt and keep it up to date. No need for manual certification extending or even using the auto-cert bot.

Setting it all up

Now you probably do not want to fiddle around with system services or running caddy inside of tmux/screen. How could we possibly make it easier? thats right!

Docker

The docker image https://github.com/abiosoft/caddy-docker can help you get up and running in minutes. If you already set up the basic security of your server and installed docker (use ansible or similar), just execute the following command which expects your website to lie at $HOME/website and your Caddyfile {containg the name of your Domain} at $HOME/caddy:

docker run -d \
    --name=caddy \
    -e "CADDYPATH=/etc/caddycerts" \
    -v $HOME/caddy/Caddyfile:/etc/Caddyfile \
    -v $HOME/caddy:/etc/caddycerts \
    -v $HOME/website:/srv \
    -p 80:80 -p 443:443 \
    abiosoft/caddy

Skip asking for email at startup

If you do not want to type out your Email when starting up caddy, which it does to let letsencrypt know where to contact you about your certificates, just append the following to your Caddyfile:

tls yourmail@yourmail.com

Other cool things with caddy

Reverse proxying if you want to use f.e. gogs is also super easy.
Assuming it is running on port 3000 you can just do

yourdomain.com
proxy / localhost:3000
tls yourmail

Conclusion

This has been by far the easiest and fastest I have ever set up a website. From the experience I have made so far, including a few more complex tasks, I can highly recommend it for beginners and more advanced users alike!
I was actually so happy with this that after setting it up, I went to the github repo and send in a PR for a feature request from the issues.
It was merged within 24 hours!!! Can you expect that from Nginx/Apache?

Try it out and if you run into problems feel free to drop me a mail :) I will try to answer asap (comments are disabled, so that I know that if you contact me you are serious).