Allow non-root process to bind to port 80 and 443

1
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/caddy

Redirect everything to a static HTTPS site

1
2
3
4
5
6
7
8
9
http://www.yannick.dev, http://yannick.dev, https://www.yannick.dev {
  redir https://yannick.dev{uri} permanent
}

https://yannick.dev {
  root * path_to_main_www
  encode zstd gzip
  file_server
}

Serve a path from a different folder

In Caddy v2 path matching is exact-match, so to serve the page /about/me you would need to use /about/*.

1
2
3
4
5
6
7
8
9
https://yannick.dev {
  root * path_to_main_www
  encode zstd gzip
  file_server

  handle_path /subpage/* {
    root * path_to_subpage
  }
}

Systemd Service for Caddy v2

/etc/systemd/system/caddy.service

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
[Unit]
Description=Caddy v2
Documentation=https://caddyserver.com/docs/
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service

[Service]
ExecStart=/usr/local/bin/caddy run
WorkingDirectory=/home/ubuntu/www
User=ubuntu
Restart=always
RestartSec=30
StandardOutput=syslog
StandardError=syslog
Restart=on-failure
LimitNOFILE=1048576
LimitNPROC=64

[Install]
WantedBy=multi-user.target

Common systemd commands:

1
2
3
sudo systemctl enable caddy.service
sudo systemctl start caddy.service
journalctl -u caddy -f