Why I Use Caddy
Simplicity
Caddy is by far one the easiest web servers I have every used, the syntax is easy to understand and the actual config itself is small. For example the following config is in fact the exact one used to run this exact website.
kilgore.dev, www.kilgore.dev {
realip cloudflare
push
root /var/www/kilgore.dev
gzip
fastcgi / /run/php/php7.2-fpm.sock php
rewrite {
if {path} not_match ^\/wp-admin
to {path} {path}/ /index.php?{query}
}
cache {
match_path /wp-content
status_header X-Cache-Status
default_max_age 30m
}
log /var/log/caddy/kilgore.log {
rotate_size 25
rotate_age 7
rotate_keep 4
rotate_compress
}
tls {
dns cloudflare
}
}
As you can see it’s really easy to read, view and edit. Even better is that super powerful with so little syntax. Some highlights include just the second line, that line converts the Cloudflare “Real-IP” header into something usable by web applications. The third line then automatically enables HTTP/2 server push so long as the web application sends the right headers. Adding the gzip parameter automatically enables compression for all of the major formats. Further down in the TLS block we see the “dns cloudflare” block. This block uses some environment variables I set for the caddy service and automatically performs the correct ACME authentication steps to enable HTTPS on my site.
Speed
Caddy is possibly the fastest web server I’ve ever used. Part of this is likely because it’s written in GO and has a very small code base. Even better is that it relies almost entirely on native GO libraries and does not require other 3rd party libraries like OpenSSL. Further this massive speed improvement is also tied to the fact the entire binary is a single file (reducing IOPs) and further that binary only includes plugins that I explicitly enabled.
Security
The security in Caddy far out exceeds anything else I’ve seen on the market so far. First it’s not vulnerable to attacks such as POODLE, Heartbleed, DROWN or BEAST because it does not use OpenSSL as the underlying encryption library. Further Caddy by default enables HTTPs with HTTPs redirects. Further that HTTPs connection is using secure protocols by default and does not require any form of tinkering.