Install Caddy Web Server on Rocky / AlmaLinux 9|8

Caddy is a powerful, user-friendly and open source web platform used to serve websites, applications, and services. Caddy is written in Go programming language making it one of the fastest web servers in the open source market. It focuses on security, performance, and ease of use and it can be used for simple projects like simple static sites or to host more complex web applications.

Why use Caddy Web Server

• Automatic HTTPS: Caddy does the automation generation, and renewal of SSL/TLS certificates for your websites.
• Its Simplicity: Caddy is designed around the principle of make it simple. It uses a single, and simple human-readable configuration file called Caddyfile
• Super Performance: Caddy is designed to use minimal hardware resources while being fast and efficient
• Modular architecture: You can extend the functionalities of Caddy web server using plugins and extensions
• Multi-platform support: Caddy can run on Linux, Windows, macOS, or insider containers such as Docker / Podman
• Large community: Caddy enjoys an active and supportive community that is available to help you as you get started.

In the next sections we look at how you can install, configure and use Caddy web server in Rocky Linux / AlmaLinux or CentOS Stream Linux systems. To make this tutorial practical and dynamic, we shall host WordPress website with MariaDB database. For this tutorial we’re using the domain blog.cloudlabske.com.

Install Caddy web server

To install Caddy web server on Rocky / AlmaLinux / CentOS Steam Linux machine, we need to install copr in our system:

sudo dnf -y install 'dnf-command(copr)'

Enable caddy repository using copr:

sudo dnf copr enable @caddy/caddy

Hit the y key in your keyboard when prompted:

Enabling a Copr repository. Please note that this repository is not part
of the main distribution, and quality may vary.

The Fedora Project does not exercise any power over the contents of
this repository beyond the rules outlined in the Copr FAQ at
<https://docs.pagure.org/copr.copr/user_documentation.html#what-i-can-build-in-copr>,
and packages are not held to any quality or security level.

Please do not file bug reports about these packages in Fedora
Bugzilla. In case of problems, contact the owner of this repository.

Do you really want to enable copr.fedorainfracloud.org/@caddy/caddy? [y/N]: y
Repository successfully enabled.

Once the repository has been enabled, install Caddy web server in your system:

sudo dnf -y install caddy

You can get extra details package using rpm or dnf

sudo dnf info caddy
# OR
rpm -qi caddy

The default Caddy server configuration file is located in /etc/caddy/Caddyfile. You can check the contents:

cat /etc/caddy/Caddyfile

To start the service use systemctl command:

sudo systemctl start caddy

Enable service to start at system boot.

sudo systemctl enable caddy

Checking service status:

$ systemctl status caddy
● caddy.service - Caddy
   Loaded: loaded (/usr/lib/systemd/system/caddy.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2024-08-02 17:43:26 UTC; 39s ago
     Docs: https://caddyserver.com/docs/
 Main PID: 42001 (caddy)
    Tasks: 7 (limit: 48750)
   Memory: 20.0M
   CGroup: /system.slice/caddy.service
           └─42001 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

Aug 02 17:43:26 rocky8.computingforgeeks.com caddy[42001]: {"level":"info","ts":1722620606.719293,"msg":"adapted config to JSON","adapter":"caddyfile"}
Aug 02 17:43:26 rocky8.computingforgeeks.com caddy[42001]: {"level":"info","ts":1722620606.7204406,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019",">
Aug 02 17:43:26 rocky8.computingforgeeks.com caddy[42001]: {"level":"warn","ts":1722620606.7205217,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server>
Aug 02 17:43:26 rocky8.computingforgeeks.com caddy[42001]: {"level":"info","ts":1722620606.7206764,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Aug 02 17:43:26 rocky8.computingforgeeks.com caddy[42001]: {"level":"info","ts":1722620606.7208471,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Aug 02 17:43:26 rocky8.computingforgeeks.com caddy[42001]: {"level":"info","ts":1722620606.7209103,"msg":"serving initial configuration"}
Aug 02 17:43:26 rocky8.computingforgeeks.com caddy[42001]: {"level":"info","ts":1722620606.7212656,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000488e00"}
Aug 02 17:43:26 rocky8.computingforgeeks.com systemd[1]: Started Caddy.
Aug 02 17:43:26 rocky8.computingforgeeks.com caddy[42001]: {"level":"info","ts":1722620606.7246072,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Aug 02 17:43:26 rocky8.computingforgeeks.com caddy[42001]: {"level":"info","ts":1722620606.7248337,"logger":"tls","msg":"finished cleaning storage units"}

Hosting WordPress using Caddy Web Server

Let’s install PHP in your system.

sudo dnf -y install @php

Also install other necessary PHP extensions.

sudo dnf install php-{cli,fpm,mysqlnd,zip,gd,mbstring,curl,xml,pear,bcmath,json}

Set caddy user as the owner of FPM socket.

$ sudo vim /etc/php-fpm.d/www.conf
user = caddy
group = caddy
listen = /run/php-fpm/www.sock
listen.owner = caddy
listen.group = caddy
listen.mode = 0660
listen.acl_users = apache,nginx,caddy

Start and enable PHP FPM service.

sudo systemctl enable --now php-fpm

Install MariaDB database server.

sudo dnf -y install @mariadb
sudo systemctl enable --now mariadb
sudo mysql -u root

Create database for your wordpress website:

CREATE DATABASE wp_db;
GRANT ALL PRIVILEGES ON wp_db.* to 'wp_user'@'localhost' IDENTIFIED BY 'DBStr%ngPassw0rd';
FLUSH PRIVILEGES;
EXIT

Download wordpress, extract, and move wordpress folder to /var/www

wget wordpress.org/latest.tar.gz
tar xvf latest.tar.gz
sudo mv wordpress /var/www
sudo cp  /var/www/wordpress/wp-config-sample.php  /var/www/wordpress/wp-config.php 

Configure wordpress database connection

$ sudo vim /var/www/wordpress/wp-config.php
// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'wp_db' );

/** Database username */
define( 'DB_USER', 'wp_user' );

/** Database password */
define( 'DB_PASSWORD', 'DBStr%ngPassw0rd' );

/** Database hostname */
define( 'DB_HOST', 'localhost' );

Set permissions for the directory to caddy user:

sudo chown -R caddy:caddy /var/www/wordpress/

Configure Caddy for WordPress

Open Caddy configuration file for editing

sudo vim /etc/caddy/Caddyfile

Modify the configurations below to suit your environment. Change the domain blog.cloudlabske.com, admin user name

blog.cloudlabske.com {
	tls [email protected]
	log {
		output file /var/log/caddy/wordpress.log
		format console
	}

	root * /var/www/wordpress
	encode gzip
	file_server
	php_fastcgi unix//run/php-fpm/www.sock

	@disallowed {
		path /xmlrpc.php
		path *.sql
		path /wp-content/uploads/*.php
	}

	rewrite @disallowed '/index.php'
}

Create log directory.

sudo mkdir /var/log/caddy/
sudo chown -R caddy:caddy  /var/log/caddy/

Confirm that your configurations syntax is valid:

$ sudo caddy validate --config /etc/caddy/Caddyfile
2024/08/03 07:25:16.349	INFO	using config from file	{"file": "/etc/caddy/Caddyfile"}
2024/08/03 07:25:16.351	INFO	adapted config to JSON	{"adapter": "caddyfile"}
2024/08/03 07:25:16.351	INFO	http.auto_https	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "srv0", "https_port": 443}
2024/08/03 07:25:16.351	INFO	http.auto_https	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2024/08/03 07:25:16.351	WARN	http.auto_https	server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server	{"server_name": "srv1", "http_port": 80}
2024/08/03 07:25:16.351	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0xc000157680"}
2024/08/03 07:25:16.352	INFO	tls.cache.maintenance	stopped background certificate maintenance	{"cache": "0xc000157680"}

Restart Caddy web server once you’ve confirmed configuration to be okay.

sudo systemctl restart caddy

Check Caddy services status and look for SSL generation lines. Be keen on successful Let’s Encrypt generation:

$ systemctl status caddy
● caddy.service - Caddy
   Loaded: loaded (/usr/lib/systemd/system/caddy.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2024-08-03 07:23:34 UTC; 5s ago
     Docs: https://caddyserver.com/docs/
 Main PID: 45140 (caddy)
    Tasks: 7 (limit: 48750)
   Memory: 19.6M
   CGroup: /system.slice/caddy.service
           └─45140 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

Aug 03 07:23:36 rocky8.cloudspinx.com caddy[45140]: {"level":"info","ts":1722669816.0895815,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"blog.cloudlabske.com","challenge":"http-01","remote">
Aug 03 07:23:36 rocky8.cloudspinx.com caddy[45140]: {"level":"info","ts":1722669816.2393315,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"blog.cloudlabske.com","challenge":"http-01","remote">
Aug 03 07:23:36 rocky8.cloudspinx.com caddy[45140]: {"level":"info","ts":1722669816.3801627,"logger":"tls.issuance.acme","msg":"served key authentication","identifier":"blog.cloudlabske.com","challenge":"http-01","remote">
Aug 03 07:23:36 rocky8.cloudspinx.com caddy[45140]: {"level":"info","ts":1722669816.7106369,"logger":"tls.issuance.acme.acme_client","msg":"authorization finalized","identifier":"blog.cloudlabske.com","authz_status":"vali>
Aug 03 07:23:36 rocky8.cloudspinx.com caddy[45140]: {"level":"info","ts":1722669816.7106667,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-v02.api.letsencryp>
Aug 03 07:23:37 rocky8.cloudspinx.com caddy[45140]: {"level":"info","ts":1722669817.3649049,"logger":"tls.issuance.acme.acme_client","msg":"got renewal info","names":["blog.cloudlabske.com"],"window_start":1727765075,"win>
Aug 03 07:23:37 rocky8.cloudspinx.com caddy[45140]: {"level":"info","ts":1722669817.666609,"logger":"tls.issuance.acme.acme_client","msg":"got renewal info","names":["blog.cloudlabske.com"],"window_start":1727765075,"wind>
Aug 03 07:23:37 rocky8.cloudspinx.com caddy[45140]: {"level":"info","ts":1722669817.6666691,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":2,"first_url":"http>
Aug 03 07:23:37 rocky8.cloudspinx.com caddy[45140]: {"level":"info","ts":1722669817.6672106,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"blog.cloudlabske.com","issuer":"acme-v02.api.letsen>
Aug 03 07:23:37 rocky8.cloudspinx.com caddy[45140]: {"level":"info","ts":1722669817.6673443,"logger":"tls.obtain","msg":"releasing lock","identifier":"blog.cloudlabske.com"}

Access WordPress website at http://yourdomain and it should automatically redirect to https://yourdomain

Learn more from Getting Started official guide page.