Migrated from Nginx to Caddy
Migrated from Nginx to Caddy
When I first set up my web server I don't think Caddy was really a sensible choice. It was still immature (The big "version 2" rewrite was in beta). But it's about five years from when that happened, so I decided to give Caddy a try.
Wow! My config shrank to about 25% from what it was with Nginx. It's also a lot less stuff to deal with, especially from a personal hosting perspective. As much as I like self-hosting, I'm not like "into" configuring web servers. Caddy made this very easy.
I thought the automatic HTTPS feature was overrated until I used it. The fact is it works effortlessly. I do not need to add paths to certificate files in my config anymore. That's great. But what's even better is I do not need to bother with my server notes to once again figure out how to correctly use Certbot when I want to create new certs for subdomains, since Caddy will do it automatically.
I've been annoyed with my Nginx config for a while, and kept wishing to find the motivation to streamline it. It started simple, but as I added things to it over the years the complexity in the config file blossomed. But the thing that tipped me over to trying Caddy was seeing the difference between the Nginx and Caddy configurations necessary for Jellyfin. Seriously. Look at what's necessary for Nginx.
https://jellyfin.org/docs/general/networking/nginx/#https-config-example
In Caddy that became
jellyfin.example.com {
reverse_proxy internal.jellyfin.host:8096
}
I thought no way this would work. But it did. First try. So, consider this a field report from a happy Caddy convert, and if you're not using it yet for self-hosting maybe it can simplify things for you, too. It made me happy enough to write about it.
This sounds interesting. But in that case, how are headers set? From a security and even privacy standpoint the correct headers can be quite important. How do you enable/disable http2 and http3?
Caddy operates on the principle of sensible defaults. These defaults can be optionally configured further if you desire, but from what I've read Caddy just shifts the defaults to good modern options when it's ready to do so on newer releases.
But if you must override these choices or need to maintain compatibility with some other software, you can define them explicitly. Here's how you'd forcibly enable or disable http2/3 https://caddyserver.com/docs/caddyfile/options#protocols, for example.
Thanks for the response, this makes sense I suppose. I personally like being explicit and knowing-at-a-glance what is currently configured, but I can see some defaults being useful for many beginners for instance, and keeping config cleaner.
I'm too scared to swap away from SWAG. The combination of nginx proxy manager and LetsEncrypt helps me dumb ass a ton.
I just set up caddy a few weeks ago as my first foray into reverse proxies, and as you said it was an incredibly easy experience.
I specifically chose caddy for the simplicity of the Caddyfile and automatic certs/renewals when I was looking at which reverse proxy engine to set up.
10/10 would choose caddy again.
I've been using nginx proxy manager for years on my server, and it's great, but occasionally I give caddy the side eye and think about switching.
I very highly recommend that you take the time and just switch. Caddy is simply fabulous. It's designed to work (assuming it's compiled with the module) with containers and use docker networks for routing. It makes it easy to spin up containers and directly reference the container names instead of remembering IP addresses and particularly comes in handy when your entire environment is containerized.
You can pull the caddy image and run it in docker and as long as your environment is configured correctly you can simply
reverse_proxy @containerand you're done. Caddy pulls all the relevant port information directly from the container API.I get such a nerd boner thinking about it.
That's really nice. Dang. I'm going to take a serious look at caddy. NPM has been working without issues lately, but I'm not looking forward to the next time it breaks on me.
By reputation I know that Nginx proxy manager seems to work great if you're on the "happy path" but if you need anything out of the norm it supposedly is less great to use. In my case I do have a few quirks, primarily with fcgiwrap. But I can't say how it'd play, because I honestly never heard of NPM until yesterday when I was refreshing myself on web servers (and went with Caddy).
Agree. So far when I've had abnormal stuff it's been easy enough to add the custom config in NPM, but that super simple caddy config looks really nice
I used NPM as well, and eventually just got sick of various issues i'd had with it (probably all my fault, but...) so switched to Caddy and it was just so much easier and reliable for me. I'd heartily recommend it.
I think I'm gonna take a much more serious look at caddy.
You can also restrict the reverse proxy to specific adresses too like 192.168.1.0/24
I should look into that to see if I can restrict Vaultwarden, since I VPN into my home network anyway.
Soon I am hoping to migrate from Nginx to H2O