Web server that provisions and renews TLS certificates for you, then reverse-proxies and load-balances
- Stars73.3k
- Forks4.8k
- Open Issues246
Apache-2.0
- Go
- HTML
- Shell
About Caddy
Most servers treat HTTPS as something you bolt on. Caddy inverts that: it obtains and renews TLS certificates automatically over ACME, so a single hostname in your config is enough to serve real traffic over a trusted certificate. Public names use public CAs; internal names and IPs get a managed local CA, with multi-issuer fallback if one provider stalls.
The same binary reverse-proxies to backends and load-balances across them, speaking HTTP/1.1, HTTP/2, and HTTP/3 by default. You drive it with a readable Caddyfile or native JSON, push live updates through a JSON API, and pull in other formats via config adapters. A plugin system lets modules extend the core without forking it.
Caddy is written in Go, ships as one dependency-free binary, and is maintained by Matthew Holt with hundreds of contributors. Install from GitHub Releases and self-host on Windows, macOS, or Linux. Licensed Apache-2.0.
Key features
- Automatic HTTPS over ACME with public and local CA support
- Reverse proxy and load balancing across backends
- HTTP/1.1, HTTP/2, and HTTP/3 by default
- Caddyfile, native JSON, and live JSON API config
- Plugin system for extending the core with Go modules
Details
- First released
- 2015
- Platforms
- Windows · macOS · Linux
- Deployment
- Self-hostable
- Language
- Go
- Layer
- L7
- Protocols
- HTTP/1.1 · HTTP/2 · HTTP/3