Caddyfile Advanced Setup
Our Caddy Setup Guide can be found here:
CyberHost
What will be covered?
- HTTP Headers
- Custom Certificates
- Using an alternative ACME Certificate Autority (ZeroSSL)
- File Server
Headers
What are headers?
HTTP headers are name or value pairs that are displayed in the request and response messages within the message header for HTTP. These Headers can be to inform the browser of the data it is receiving such as a PNG or HTML content. Headers can also be sent to increase the security and privacy for your website visitors.
Recomended HTTP Security Headers
Caddyfile Header Example:
example.com {
reverse_proxy localhost:8080
header {
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff;
X-XSS-Protection "1; mode=block;"
X-Robots-Tag none;
X-Frame-Options SAMEORIGIN;
Referrer-Policy no-referrer;
}
}
Want to remove a header such as server: Caddy?
example.com {
reverse_proxy localhost:8080
header {
-server
}
}
Place - infront of the header to strip it.
Custom SSL Certificates
If you have a Custom Certificate it can be added with the following syntax.
tls <PEM File Path> <Private Key File Path>
Caddyfile Custom Certificate Example:
example.com {
reverse_proxy localhost:8080
tls /file/path/certificate.pem /file/path/certificate.key
}
ZeroSSL ACME Setup
If you would rather use ZeroSSL instead of Let's Encrypt to issue SSL certificates for your website, it can be configured as follows.
Caddyfile Custom ACME Example:
example.com {
reverse_proxy localhost:8080
tls [email protected] {
ca https://acme.zerossl.com/v2/DV90
}
}
File Server
Caddy comes with a built in file browser. Simple just set the directory you want to serve and Caddy handles the rest.
Views:
Caddyfile File Server Example:
example.com {
root * /file/path/content
file_server browse
}
You can hide files with the following syntax:
example.com {
root * /file/path/content
hide homework.jpeg
file_server browse
}
Our other Caddy Guides:
CyberHost
Cover Image Credit: https://unsplash.com/@ibecomecommunication
