Switch from NGINX to Caddy

Simplify your reverse proxy setup

I switched the reverse proxy on my Ubuntu server from NGINX to Caddy and it really simplified things. Below are the steps I took:

Install Caddy

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

Check that the install worked

sudo service caddy status

If NGINX is installed, you’ll probably see an error that port 80 is already in use at first.

I replaced all the individual files in conf.d with a single Caddyfile. It’s also possible to use the sites-available / sites-enabled pattern, but I don’t see the benefit. I actually really like having all the config in one file. It’s very easy to work with.

Before

# root.conf

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        location / {
                return 404;
        }
}
# website1.conf

server {
    listen 80;
    listen [::]:80;
    server_name website1.com;

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_cache_bypass $http_upgrade;
    }

    location /api {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_cache_bypass $http_upgrade;
    }

    location /auth {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_cache_bypass $http_upgrade;
    }

}
# website2.conf

server {
    listen 80;
    listen [::]:80;
    server_name website2.com;

    location / {
        proxy_pass http://localhost:8081;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_cache_bypass $http_upgrade;
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }

    location /api {
        proxy_pass http://localhost:3001;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_cache_bypass $http_upgrade;
    }
}

After

sudo nano /etc/caddy/Caddyfile
# Caddyfile

rootdomain.com {
        respond 404
}

0.000.00.000:80 {
        redir https://rootdomain.com{uri}
}


# site 1

website1.com {
        reverse_proxy :8080
        reverse_proxy /api/* :3000
        reverse_proxy /auth/* :3000
}


# site 2

website2.com {
        reverse_proxy :8081
        reverse_proxy /api/* :3001
        basic_auth {
                username $hashed$.password4321
        }
}

Not bad, eh?

Restart Caddy

sudo systemctl reload caddy

Fix SSL Config

I’m using Cloudflare for DNS which turns on their proxy by default. After updating to Caddy with it’s built in SSL (an amazing feature btw), I got an ERR_TOO_MANY_REDIRECTS error in the browser. The solution was to change Cloudflare’s SSL Config to “Full (Strict)“. The problem seems to be fairly common and I found the answer here on the Caddy Community site.

Navigate to Websites in the sidebar > choose the site. Then choose SSL/TLS in the sidebar > click Configure. Under Custom SSL/TLS > select Full (Strict).

Cloudflare Dashboard SSL Config SSL/TLS Encryption Settings

Remove NGINX

sudo apt remove nginx
sudo apt-get remove --purge nginx*

# maybe
sudo rm -rf /etc/nginx
sudo rm -rf /etc/init.d/nginx
sudo rm -rf /var/log/nginx
sudo rm -rf /var/cache/nginx/
sudo rm -rf /usr/sbin/nginx

Thanks for reading! 👋