caddy file-server --browse --listen :4040
-
have a non-root user (industy standard is to have a user called "app" to run your daemons
-
allow caddy to use privileged ports
sudo setcap cap_net_bind_service=+ep $(readlink -f $(command -v caddy)) -
use serviceman to create a systemd file
sudo env PATH="$PATH" \
serviceman add --system --username $(whoami) --name caddy -- \
caddy run --config ./Caddyfile
This will create /etc/systemd/system/caddy.service, which can be managed with systemctl. For example:
sudo systemctl restart caddy
run with caddy run --config ./caddyconfig
# redirect www to bare domain
www.example.com {
redir https://example.com{uri} permanent
}
example.com {
# log to stdout, which is captured by journalctl
log {
output stdout
format console
}
# turn on standard streaming compression
encode gzip zstd
# reverse proxy /api to :3000
reverse_proxy /api/* localhost:3000
# reverse proxy some "well known" APIs
reverse_proxy /.well-known/openid-configuration localhost:3000
reverse_proxy /.well-known/jwks.json localhost:3000
# serve static files from public folder, but not /api
@notApi {
file {
try_files {path} {path}/ {path}/index.html
}
not path /api/*
not path /.well-known/openid-configuration
not path /.well-known/jwks.json
}
route {
rewrite @notApi {http.matchers.file.relative}
}
root * /srv/example.com/public/
file_server
}