Setup Caddy Reverse Proxy on Ubuntu in Azure/AWS/GCP

Setup and install Caddy reverse proxy on Ubuntu 24.04 in Azure, AWS or Google GCP.  Caddy Reverse Proxy forwards client requests to backend servers, providing benefits like SSL termination, load balancing, and enhanced security. Designed for flexibility and performance, Caddy automates HTTPS setup, making it ideal for developers and organizations needing a reliable reverse proxy solution.  Deploy using our image from any of the cloud marketplaces, links below:

Caddy Reverse Proxy

Azure Caddy Reverse Proxy

Caddy Reverse Proxy Azure

Deploy Caddy Reverse Proxy on Ubuntu 24.04 in Azure

AWS Caddy Reverse Proxy

Coming Soon..

GCP Caddy Reverse Proxy

Coming Soon..

Getting Started with Caddy Reverse Proxy

Once your Caddy server has been deployed, the following links explain how to connect to a Linux VM:

 

 

Once connected and logged in, the following section explains how to start using Caddy as a reverse proxy.

Here’s a post-deployment guide to configure and use Caddy as a reverse proxy. This setup will guide you through creating a basic Caddy reverse proxy configuration, ensuring security, and testing the setup.

Step 1: Verify Caddy Installation

After deploying Caddy, confirm it’s installed correctly by running:

				
					caddy version

				
			

Confirm Caddy is active and running:

				
					sudo systemctl status caddy

				
			

Step 2: Set Up the Caddy Configuration File (Caddyfile)

Caddy’s configuration file, called Caddyfile, is where you’ll define your reverse proxy settings.

 

  1. Locate the Caddyfile:
      • The default Caddyfile is often located at /etc/caddy/Caddyfile (Linux).
      • If it’s missing, you can create it in that location.

 

2. Basic Reverse Proxy Setup:

      • Open the Caddyfile in a text editor:
				
					sudo nano /etc/caddy/Caddyfile

				
			

Define your domain and the target server (replace yourdomain.com and http://localhost:8080 with your actual domain and backend server):

				
					yourdomain.com {
    reverse_proxy http://localhost:8080
}

				
			

This configuration routes traffic from yourdomain.com to a backend server running on localhost at port 8080.

 

3. Save and Close the Caddyfile.

Step 3: Enable Automatic HTTPS

Caddy automatically enables HTTPS for your domain if the domain is publicly accessible. To ensure HTTPS:

 

  • Verify that your DNS records for yourdomain.com point to the server running Caddy.
  • Caddy will obtain an SSL certificate from Let’s Encrypt by default and handle certificate renewals.

Step 4: Restart Caddy to Apply Changes

After saving your configuration, restart Caddy to apply the changes:

				
					sudo systemctl reload caddy
				
			

Step 5: Test the Reverse Proxy

  • Open a web browser and navigate to https://yourdomain.com.
  • If configured correctly, you should see the content served by the backend server at localhost:8080.

Step 6: Customize with Additional Headers and Caching (Optional)

You can enhance Caddy’s reverse proxy functionality with custom headers or caching:

 

  • Add Headers (e.g., security headers):
				
					yourdomain.com {
    reverse_proxy http://localhost:8080
    header {
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        X-Content-Type-Options "nosniff"
    }
}

				
			
  • Enable Basic Caching :
				
					yourdomain.com {
    reverse_proxy http://localhost:8080
    cache
}

				
			

Step 7: Reload Caddy to Apply Changes

If you modify the Caddyfile, reload Caddy to apply changes:

				
					sudo systemctl reload caddy

				
			

Caddy Documentation / Support

For further details and documentation refer to the following:

 

https://caddyserver.com/docs/

 

Check Caddy logs (usually found in /var/log/caddy/) to check for any errors.

 

If you’re having any issues with deployment please contact us for support.

Firewall Ports

For a Caddy reverse proxy setup, these are the primary ports involved:

 

  1. Port 80 (HTTP): Used by Caddy to redirect HTTP requests to HTTPS automatically if HTTPS is enabled. Caddy listens on this port to manage and redirect incoming unsecured HTTP requests.

 

2. Port 443 (HTTPS): The default port for secure HTTPS traffic, which Caddy uses when it obtains an SSL certificate from Let’s Encrypt. This is where encrypted traffic is served to users.

 

3. Backend Server Port: The port number of the backend server (e.g., 8080 in the example above). This can be any port on which your backend application (such as a web server) is running. Caddy forwards incoming requests to this backend server port after receiving them on 80 or 443.

 

The links below explain how to modify / create firewall rules depending on which cloud platform you are using.

 

To setup AWS firewall rules refer to – AWS Security Groups

To setup Azure firewall rules refer to – Azure Network Security Groups

To setup Google GCP firewall rules refer to – Creating GCP Firewalls

Disclaimer: Caddy® is a registered trademark of Light Code Labs, LLC and is licensed under Apache License 2.0 license. The license comes with a “no warranty” clause, meaning the software is provided “as-is” without any guarantees or liability for issues that may arise.

Avatar for Andrew Fitzgerald
Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x