self-host-101/caddy/readme.md

# Caddy Web Server and Reverse Proxy

**Caddy** is a web server that:
* Serves websites and web applications
* Can act as a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy)

## Installation

Follow the official [Caddy Installation guide](https://caddyserver.com/docs/install#debian-ubuntu-raspbian) to install it.

To check if Caddy is installed and running

```bash
sudo service caddy status
# You should see something like 
# active (running)
```

Caddy is now running! By default, it listens on port 80 (HTTP). Visit your domain name in a browser - you should see Caddy's default welcome page.

Caddy's main config file is usually at `/etc/caddy/Caddyfile`. This is where we will configure the Caddy web server.

## Setting up HTTPS for Secure Connection

Before starting, make sure your domain's DNS A record points to your VPS IP address. If you haven't done this yet, go back to the [VPS setup guide](../setup-vps.md) and complete the domain name section.


```bash
sudo vim /etc/caddy/Caddyfile
```

You'll see something like

```Caddyfile
:80 {
    root * /var/www/html
    file_server
}
```

Replace `:80` with your domain name:

```Caddyfile
domain.com {
    root * /var/www/html    # website files to serve
    file_server             # enable static file server
}
```

Caddy will automatically get a TLS certificate for `domain.com`. You don't need to worry about provisioning certificates or renewing them - Caddy handles all of that automatically!

After making changes, reload Caddy

```bash
sudo systemctl reload caddy
```

Now visit `https://domain.com` (notice the `https`). Your HTTP traffic is now secure and encrypted!

## Redirects

You probably want to redirect a few things:
* Visitors using `www.domain.com` → redirect to `domain.com`
* Visitors using your server's IP address (`192.168.1.1`) → redirect to `domain.com`

Add this block to your Caddyfile:

```Caddyfile
192.168.1.1,
www.domain.com {
    redir https://domain.com{uri}
}
```

This config sets up the redirects as mentioned. You can list multiple domains/addresses separated by commas or spaces. All visitors will end up at `https://domain.com`, which keeps things clean and consistent!

After making changes, reload Caddy

```bash
sudo systemctl reload caddy
```

## Organizing Configuration

As we add more services, the Caddyfile can get long and bloated. Caddy lets you split your configuration across multiple files!

### 1. Create the Config Directory

```bash
sudo mkdir -p /etc/caddy/conf.d
```

This directory will hold service-specific config files, one file per service (e.g., `pokemon-api.Caddyfile`).

### 2. Update Main Caddyfile

Add this line to the main Caddyfile

```Caddyfile
import conf.d/*.Caddyfile
```

It will load all `.Caddyfile` files from the `conf.d` directory. We can put each service's config in its own file!

Right now we don't have any specific service, but soon we will have.

## Custom Error Page

When something goes wrong, we can show a nice custom error page instead of Caddy's default.

### 1. The Error Page

There's a custom error page you can use: [error.html](./error.html). It uses Caddy placeholders to show the error code and message.

Save it inside the `/var/www` directory.

### 2. Configure Error Handling

In your Caddyfile, add `handle_errors` inside your domain block:

```Caddyfile
domain.com {
    root * /var/www/html
    file_server

    handle_errors {
        root * /var/www
        rewrite * /error.html
        templates
        file_server
    }
}
```

* `handle_errors` - Catches all error responses
* `root * /var/www` - Specifies where to find the error.html file
* `rewrite * /error.html` - Shows error.html for all errors
* `templates` - Enables Caddy's templating

**Reference:** Check out [error handling](https://caddyserver.com/docs/caddyfile/directives/handle_errors) and [templates](https://caddyserver.com/docs/caddyfile/directives/templates) documentation.

After making changes, reload Caddy

```bash
sudo systemctl reload caddy
```

## Reverse Proxy

Reverse proxy makes it easier to run multiple services on one server without exposing multiple ports. We can have different subdomains for each service, and the reverse proxy will handle the routing. When someone visits `pokemon.domain.com`, the reverse proxy looks at the request and forwards it to the correct service running on the server.

Let's say we have a pokemon API running on port 8080, and it should be accessible at `pokemon.domain.com`.

### 1. Set Up DNS

In your domain's DNS settings, create an A record
* **Name**: `pokemon` (for `pokemon.domain.com`)
* **Value**: Server's IP address

Wait for a few minutes for DNS to propagate.

### 2. Create the Reverse Proxy Config

Create a new config file for the pokemon API

```bash
sudo vim /etc/caddy/conf.d/pokemon.Caddyfile
```

Add this block of configuration

```Caddyfile
pokemon.domain.com {
    reverse_proxy :8080
}
```

After creating the config file, reload Caddy:

```bash
sudo systemctl reload caddy
```

Now visit `https://pokemon.domain.com` - Caddy will forward all traffic to your service and automatically get an HTTPS certificate for this domain!

I've included a template for reverse proxy block with error handling and redirects for `www` subdomain. Check out the [`pokemon.Caddyfile`](./pokemon.Caddyfile) file. You can use it as a template for setting up reverse proxies.

**Reference:** Check out [reverse proxy](https://caddyserver.com/docs/quick-starts/reverse-proxy) documentation.