How Caddy Simplifies Infrastructure With Its Open-Source Web Server and Auto HTTPS

TL; DR: Caddy is an open-source web server that automatically uses HTTPS. The latest version, Caddy 2, is written in Go and designed for seamless use anywhere. Caddy servers provide robust solutions for individuals, SMBs, or enterprises — and everything in between. The next step for Caddy includes encouraging more participants in the open-source community to contribute plug-ins and further modules to improve its capabilities.

When Matt Holt wrote the first version of Caddy, an open-source web server, he was an undergraduate in college. It was just the first step in his quest to build what he called “The Ultimate Server,” and today, Caddy is the only web server that automatically uses HTTPS.

After seeing success with Caddy, Matt designed the next version, Caddy 2, to integrate with existing advanced systems.

“With Caddy 2, we made a lot of things possible that were impossible with Caddy,” Matt said. “Everything in Caddy 2 is a plugin or a module to the HTTP server, so you have infinite extensibility.”

Caddy is a server built with enough flexibility that a wide variety of individual and business users can leverage it to meet their unique needs.

“Caddy 2 is a powerful, extensible platform to serve your sites, services, and apps, written in Go,” according to the company’s website.

It’s the type of project that takes years of hard work and collaboration to come to fruition, which is exactly what Matt and his team have put into the solution. And, because it is open-source, Caddy also benefits from an active and knowledgeable community that works on the platform and shares new tasks the product can help accomplish.

According to Matt, growing Caddy to its current level has been quite a journey. It began with a link to Go, a popular open-source programming language for software development.

“We approached Ardan Labs, a Go expertise company, with Bill Kennedy in 2019, and he decided to hire us and fund the project,” Matt said.

Inspired by Ardan Labs and its experience with Go, the Caddy team decided to make its solution open-source to facilitate more widespread adoption. Caddy has robust documentation, forum, and GitHub sections on its website that show how beneficial that open-source approach is.

After seeing successful initial adoption and growth, its next step with Caddy 2 seemed risky for an organization just getting off the ground. Not many companies would start at the ground floor with an update to a popular server product, but Caddy did.

“We decided to rebuild it from the ground up with an empty Go file,” Matt said. “We wrote Caddy 2 in 2019 and 2020.”

The team spent 14 months redesigning the solution in an entirely new architecture, using what it had learned from five years of experience and feedback about the first version.

The end product was a sleeker Caddy 2 that boasts fewer moving parts. That saves users money and reduces developer and user headaches.

“Caddy 2 is completely new architecture. When you use it, you configure it through an API, so it’s programmable and automatable. That was the priority so users could integrate it with other existing advanced systems. It uses a rest API configuration, and it’s JSON (JavaScript Object Notation) at its core, which is super flexible and expressive.”

Stack Holdings GmbH acquired the project, and ZeroSSL GmbH is currently its executive sponsor. Matt’s passion for the Caddy server comes across when he explains the details of its structure and use cases.

“You can write your config in any format. You don’t have to use JSON. Everything can be converted to JSON using a config adapter, which lets you power Caddy on any config language you prefer,” he said.

The website’s documentation section has a helpful breakdown of tutorials, reference materials, and articles about using the “ultimate server” for those looking to get involved.

“Most people use Caddy as a web server or proxy, but at its core, Caddy is a server of servers,” it says on the website. “With the requisite modules, it can take on the role of any long-running process!”

One of the most significant perks of Caddy products is that they aren’t limited to just a handful of use cases.

“I wanted to make Caddy 2 up to the challenge of staying competitive in the demanding development space,” Matt said. “We call it ‘The Ultimate Server’ on the website because it’s the only server capable of doing anything you need it to. If you have a lot of moving parts, Caddy will consolidate those, simplify your deployments, and remain more reliable.”

The team is already seeing broad adoption of its latest solution.

“Everyone is using it. I use it for my personal projects, but we have other companies with thousands of customers using it and even enterprises,” Matt said.

Matt said the Caddy team is also pushing memory safety. He said using a program written in a memory-safe language can eliminate a whole class of vulnerabilities that classic web servers are subject to. And the company ensures it stays ahead of the curve when it comes to certificates.

“We now support multiple certificate authorities,” Matt said. “Any certificate source can be used, and redundancy is built-in. So, by default, Caddy will automatically try to get certificatesfrom another CA if the first one is unavailable.”

The future is bright for Caddy as its community of users and open-source contributors grows. Matt said the team looks forward to building on what they’ve already accomplished.

“We’re gonna keep it open-source and stay sponsor-funded,” he said. “Our executive sponsor is ZeroSSL, and we have a contract with them through 2023 to continue development on Caddy. We also have sponsors through GitHub.”

In addition to building on its strong foundation, Caddy has a few exciting advances planned for the next year or two.

“I started work on remote admin for UI,” Matt said. “As time permits, I’ll keep working on that. Caddy 2 is getting quite mature, so it’s up to the community to write plugins, apps, and modules for it. I want people to get involved in the forums. That may encourage companies to sponsor.”

Caddy continues to build a reputation with individual consumers, and it yields significant advantages for small businesses or large enterprises. It can help keep them safe automatically while also saving them time and money over the long term.

“One of the biggest hidden features is that if you’re serving custom domains for customers, Caddy is the ultimate solution because it can obtain certificates on demand and manage them,” Matt said. “And that scales to tens of thousands of certificates we’ve seen. That can save companies thousands of dollars a year.”