Caddy's Automatic HTTPS Is Magic

· 1 min read
caddy homelab https devops

The Problem

Setting up HTTPS with Nginx meant:

  1. Generate certificates with certbot
  2. Configure renewal cron jobs
  3. Update Nginx config for SSL
  4. Debug when renewal fails at 3am

The Solution

app.example.com {
    reverse_proxy localhost:3000
}

api.example.com {
    reverse_proxy localhost:8080
}

That’s the entire Caddyfile. HTTPS just works.

Why It Works

Caddy automatically:

  • Obtains certificates from Let’s Encrypt (or ZeroSSL)
  • Renews them before expiry
  • Redirects HTTP to HTTPS
  • Uses modern TLS defaults

No certbot. No cron jobs. No manual config.

For local development with self-signed certs:

localhost {
    tls internal
    reverse_proxy localhost:3000
}

For internal services with your own CA:

internal.home {
    tls /path/to/cert.pem /path/to/key.pem
    reverse_proxy localhost:3000
}

I switched my entire homelab from Traefik to Caddy. Configuration went from 200 lines to 20. No regrets.

Related Posts

Comments