Install Caddy Web Server on CentOS 7 - CentLinux

Latest

Saturday, 12 October 2019

Install Caddy Web Server on CentOS 7

Install Caddy Web Server on CentOS 7

Caddy web server is an open source, HTTP/2 enabled web server written in Go language. One of the most notable features of Caddy is automatic enabling TLS for hosted websites. Caddy automatically acquires and renew TLS certificates from Let's Encrypt. Caddy can also be configured as the reverse proxy server. Caddy is distributed under Apache 2 license.

In this article, we are installing Caddy web server on CentOS 7 and configure HTTP and HTTPS websites on Caddy.

 

This Article Provides:

     

    Features of Caddy Web Server:

    Some of the famous features of Caddy web server are:

    • HTTP/1.1 and HTTP/2
    • HTTPS with automatic TLS
    • Virtual Hosting
    • Native IPv4 and IPv6 support
    • Reverse Proxy
    • Load Balancing with Health checks
    • GZip compression

     

    Environment Specification:

    We have provisioned a CentOS 7 virtual machine with following specifications:

    • CPU - 3.4 Ghz (1 Core)
    • Memory - 1 GB
    • Storage - 20 GB
    • Operating System - CentOS 7.7
    • Hostname - caddy-01.example.com
    • IP Address - 192.168.116.206 /24

     

    Installing Caddy Web Server on CentOS 7:

    Connect with caddy-01.example.com using ssh as root user.

    Install latest stable release of Caddy web server using following command.

    [root@caddy-01 ~]# curl https://getcaddy.com | bash -s personal % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 7380 100 7380 0 0 4430 0 0:00:01 0:00:01 --:--:-- 4432 Downloading Caddy for linux/amd64 (personal license)... Download verification OK Extracting... Putting caddy in /usr/local/bin (may require password) Caddy v1.0.3 (h1:i9gRhBgvc5ifchwWtSe7pDpsdS9+Q0Rw9oYQmYUTw1w=) Successfully installed

    We are installing Caddy web server - Personal edition here.

    If you wish to download commercial version of Caddy web server then, you have to provide Account ID and API Key as describes at Caddy's download page.

    Locate installation directory of Caddy web server.

    [root@caddy-01 ~]# whereis caddy caddy: /usr/local/bin/caddy

    Unlike Apache and Nginx; Caddy web server does not create configuration files, systemd service and dedicated user to own Caddy service and files.

    Therefore, we have to manually create a user for Caddy web server.

    [root@caddy-01 ~]# adduser -r -s /sbin/nologin -d /var/www caddy

    Here, we are creating

    1. a system user using –r parameter
    2. with /sbin/nologin shell and
    3. the default home directory set to /var/www.

     

    Creating directory structure for Caddy Web Server:

    Caddy's installation process does not create necessary directories, therefore, we have to manually create these directories and set appropriate permissions.

    Create a configuration directory for Caddy web server.

    [root@caddy-01 ~]# mkdir /etc/caddy [root@caddy-01 ~]# chown -R root:caddy /etc/caddy [root@caddy-01 ~]# touch /etc/caddy/Caddyfile

    Caddy web server automatically obtains SSL certificate from Let's Encrypt, and it requires following directory to store that SSL certificate.

    [root@caddy-01 ~]# mkdir /etc/ssl/caddy [root@caddy-01 ~]# chown -R caddy:root /etc/ssl/caddy [root@caddy-01 ~]# chmod o-rwx /etc/ssl/caddy/

    Create the directory to host websites on Caddy web server.

    [root@caddy-01 ~]# mkdir /var/www [root@caddy-01 ~]# chown caddy:caddy /var/www

     

    Create Systemd service for Caddy on CentOS 7:

    As you have notice that the installation and configuration of Caddy web server on CentOS 7 is not an automated process and we are creating each file/directory and adjusting permissions for the same.

    Similarly, we are required to create a system service to automatically run Caddy web server in daemon mode.

    Luckily, official Caddy repository provide a Caddy system unit file, that we can use to create a systemd service on CentOS 7.

    Instead of using the actual file, we have derived a simpler version of our own.

    [root@caddy-01 ~]# vi /usr/lib/systemd/system/caddy.service

    and add following lines of code therein.

    [Unit] Description=Caddy HTTP/2 web server Documentation=https://caddyserver.com/docs After=network-online.target Wants=network-online.target systemd-networkd-wait-online.service [Service] Restart=on-abnormal StartLimitIntervalSec=14400 StartLimitBurst=10 User=caddy Group=caddy Environment=CADDYPATH=/etc/ssl/caddy ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp ExecReload=/bin/kill -USR1 $MAINPID KillMode=mixed KillSignal=SIGQUIT TimeoutStopSec=5s LimitNOFILE=1048576 LimitNPROC=512 PrivateTmp=true PrivateDevices=false ProtectHome=true ProtectSystem=full ReadWritePaths=/etc/ssl/caddy ReadWriteDirectories=/etc/ssl/caddy [Install] WantedBy=multi-user.target

     

    Create a Server Block in Caddyfile:

    Configure Caddyfile and create a simple server block.

    [root@caddy-01 ~]# vi /etc/caddy/Caddyfile

    Add following directives to add an HTTP server block.

    http:// { root /var/www gzip }

    Create an index page for our website.

    [root@caddy-01 ~]# vi /var/www/index.html

    add following code in this file.

    <html> <head><title>Hello World</title> <body><h1>Hello World</h1></body> </html>

    Enable and start caddy.service.

    [root@caddy-01 ~]# systemctl enable --now caddy.service Created symlink from /etc/systemd/system/multi-user.target.wants/caddy.service to /usr/lib/systemd/system/caddy.service.

    Allow http service in CentOS 7 firewall.

    [root@caddy-01 ~]# firewall-cmd --permanent --add-service=http success [root@caddy-01 ~]# firewall-cmd --reload success

    Browse URL http://caddy-01.example.com in a client's browser.

    If configurations are correct then it will display the 'Hello World' webpage.

     

    Configuring Automatic TLS on Caddy Web Server:

    Automatic TLS is the distinct feature of Caddy web server that distinguishes Caddy from other web servers.

    If automatic TLS is configured, then Caddy web server automatically request and renew the TLS certificates from Let's Encrypt (a free, automated and open certificate authority).

    Edit Caddyfile to configure automatic TLS.

    [root@caddy-01 ~]# vi /etc/caddy/Caddyfile

    and add another server block.

    caddy-01.example.com { root /var/www gzip tls ahmer@example.com }

    Here,

    1. caddy-01.example.com must be a registered domain and accessible over the Internet.
    2. tls directive will inform the Caddy service to acquire a TLS certificate from Let's Encrypt and start the service on default https port 443.

    Allow https service in CentOS 7 firewall.

    [root@caddy-01 ~]# firewall-cmd --permanent --add-service=https success [root@caddy-01 ~]# firewall-cmd --reload success

    Restart Caddy service to load changes.

    [root@caddy-01 ~]# systemctl restart caddy.service

    Browse the URL https://caddy-01.example.com in a browser.

    If configurations are correct then it will display the same  'Hello World' webpage but over https protocol this time.

    We have successfully installed Caddy web server on CentOS 7 and publish HTTP and HTTPS websites using Caddy.

    No comments:

    Post a comment