Servers 101: caddy - Lightweight Web Server

in #tutorial8 years ago

So far we've setup a server, learned how to login and manage it using a few commands. We also added some basic security. But what if we only need a simple web server, without much stuff to bloat it? For example, we have a low-end VPS, with not much RAM, and we want to serve static pages only. That's what we'll do today!

Other stuff in the Server 101 series:

For this tutorial, we will be using caddy, a lightweight web server created to be easy to use. Caddy is easy to configure and use, supports HTTP/2, automatic TLS (via Let's Encrypt), and already has various plugins (like ratelimit, webdav, nobots, you can even use PHP if you want to)

Installing caddy

Caddy is not installable in the sense of apt-get. We will download the getcaddy script provided by the caddy development team, which in turn will do the download. First, we need to make sure we have administrator privileges, otherwise the installation will fail. Run a command using sudo infront, such as ifconfig. (sudo ifconfig). If you get "username is not in the sudoers file. This incident will be reported.", then you don't have administrator privileges. You can login as root user and give yourself sudo access.

Then we run this:

curl -s https://getcaddy.com | bash

Within a few seconds, caddy will be installed, and you will get this output:

Downloading Caddy for linux/amd64...
https://caddyserver.com/download/linux/amd64?plugins=
Extracting...
Putting caddy in /usr/local/bin (may require password)
Caddy 0.10.4
Successfully installed

To confirm installation, we can run caddy --version. You will get something like this:

Caddy 0.10.4

Or you can run which caddy. If you get no answer, caddy was not installed properly. Otherwise you will get a path (usually /usr/local/bin/caddy).

Post-installation and Preconfiguration

Caddy needs a config file. It is named "caddyfile". We will take care of it soon. First we need to take care of some initial directory caddy expects to find (an example is the auto-TLS functionality). We will create a bunch of directories and give them proper permissions and owners:

sudo mkdir /etc/caddy
sudo chown -R root:www-data /etc/caddy

This will create the default config file directory. We should also create an empty caddyfile:

sudo touch /etc/caddy/Caddyfile

All systems already have an SSL folder (located at /etc/ssl/) which stores certificates and private keys. We will make a subdirectory for caddy to store its certificates:

sudo mkdir /etc/ssl/caddy
sudo chown -R www-data:root /etc/ssl/caddy
sudo chmod 0770 /etc/ssl/caddy

I hear you asking... Why /etc/caddy has root as owner and www-data as group, while /etc/ssl/caddy has them reverse? It's simple: in the first case, caddy will only have to read from the /etc/caddy folder. root should be the owner. In /etc/ssl/caddy we have the reverse situation. We need caddy to write to /etc/ssl/caddy.

We also give /etc/ssl/caddy 770 permissions, so noone else apart from www-data & root users will be able to view our certificates.

Then we will create the /var/www directory. If you already have one, you can skip this step.

sudo mkdir /var/www
sudo chown www-data:www-data /var/www

We will now make caddy a system service, in order to be able to start on system boot.

Caddy service!

While Caddy does not install itself as a service, the developers of the project provide an official systemd unit file. This file assumes the directory structure we set up in the previous step, so make sure your configuration matches.

We will download the file from the official Caddy repository, make sure our systemd knows that a new service is available and enable the new service to allow caddy start at boot. The additional -o parameter to the curl command will save the file in the /etc/systemd/system/ directory and make it visible to systemd.

sudo curl -s https://raw.githubusercontent.com/mholt/caddy/master/dist/init/linux-systemd/caddy.service -o /etc/systemd/system/caddy.service
sudo systemctl daemon-reload
sudo systemctl enable caddy.service



If you want to make sure this was done correctly you can use this command: sudo systemctl status caddy.service. The output should be similar to this:

Caddy service status output
  caddy.service - Caddy HTTP/2 web server
   Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: https://caddyserver.com/docs



The service is loaded and enabled, but not running. We will not start the service yet, as we have to configure it first. Make sure you've added the correct DNS records to your domain.

Creating a test page

We must have some sort of page in order to test our configuration when time comes. We will use the cat command from our previous tutorials. Please, give it a shot and do it on your one. If you fail, you can always use my instructions, but without trying it, you will not learn!

The file we will create will be "index.html" inside "/var/www" folder.

sudo cat >>> /var/www/index.html

Now copy and paste this:

<h1>HEY!</h1>
Page is under construction! Sorry for this!

and press Control+D to save and exit.

Creating a caddyfile

Caddyfile is pretty simple and powerful. We won't be learning everything there is for caddyfiles, but you can always have a look at the official documentation

We will open /etc/caddy/Caddyfile for editing, and add our first block:

sudo nano /etc/caddy/Caddyfile

Paste this inside:

mydomain.com {
    root /var/www
    gzip
    tls [email protected]
}

Make sure you change the "mydomain.com" in the first line with your domain, and also change "[email protected]" with your own email address. This will take care of automatic integration with Let's Encrypt.

For this to succeed, caddy also needs to be able to bind itself on port 443, and you must have a valid hostname on the config above (not an IP, nor a localhost).

We have also enabled gzip which will compress the site files while sending them to you (so you'll save time and bandwidth)

Save and exit (Control+X, Y, Enter)

Starting and testing caddy

To start caddy for the first time, you have to execute this:

sudo systemctl start caddy



Go to https://mydomain.com (obviously you'll have to change mydomain.com to your domain). If caddy didn't have the time to get the certificate, you'll have to wait a few seconds.

The end

Caddy is now ready and happy to serve you your website over TLS connections. The certificate will be auto-renewed when needed, and you'll be using HTTP/2 for serving. You can take caddy to the next level by reading the official documentation

If you need a place to host your servers consider Vultr, Digital Ocean and BuyVM.

These are affiliate links. If you sign up through them, you support me and I will have more free time to write more content like this.

Also If you signup for Digital Ocean through my affiliate link, you will get $10 to try them out. Note: to battle abusers of this offer, you'll have to make a $5 deposit via Paypal or add your credit/debit card, so they can confirm that you are a new user. I did a deposit via Paypal to test them out, and then I added my credit card so I won't have to deposit money manually every now and then.

Also, I am running a witness server.

Please consider voting me, dimitrisp, for a witness if you find what I post helpful and add value to the network

You can read my witness declaration here

#linux #howto #servers #webserver
8 years ago in #tutorial by
$23.34
  • Promotion Cost $0.37
  • Past Payouts $23.34
  • - Author $17.51
  • - Curators $5.82
13 votes
Reply 1
Sort:  
  • Trending
    • [-]
     8 years ago 

    Thanks for sharing

    $0.00
      Reply

      Coin Marketplace

      STEEM 0.13
      TRX 0.34
      JST 0.034
      BTC 114413.35
      ETH 4404.36
      SBD 0.87