Caddy

Caddy is a modern, production-grade web server and reverse proxy focused on secure defaults and operational simplicity. It is commonly used as an edge server in front of apps, APIs, and containers, with automatic HTTPS enabled by default.

Key Features

• Automatic HTTPS (ACME) with certificate issuance and renewal; supports on-demand TLS workflows
• Reverse proxy and layer-7 load balancing with health checks, retries, timeouts, and multiple upstream policies
• Native HTTP/2 and HTTP/3 (QUIC) support
• Flexible request handling pipeline with matchers, handlers, and rich routing
• Multiple configuration methods: Caddyfile (human-friendly) and JSON (full API-driven config)
• Dynamic configuration via admin API; hot reload without dropping connections
• Built-in observability: structured logs, access logs, metrics integrations via ecosystem modules
• Extensible module system (plugins) for auth, DNS providers for DNS-01 challenges, additional handlers, and storage backends

Use Cases

• Secure reverse proxy in front of web apps (Docker/Kubernetes or bare metal) with automatic TLS
• Edge gateway for APIs with routing, header manipulation, and rate/timeout controls
• Static site hosting with modern protocol support (HTTP/2/3) and straightforward TLS management

Limitations and Considerations

• Some advanced capabilities (e.g., specific auth methods, WAF features, DNS providers, metrics exporters) may require third-party modules and a custom build.

Caddy is well-suited for teams that want a secure-by-default web server with minimal TLS operational burden and a clean configuration model. Its extensibility and modern protocol support make it a strong choice for both simple deployments and complex edge routing setups.