Caddy Https Setup
Adding HTTPS with Caddy
Section titled “Adding HTTPS with Caddy”This guide shows how to add automatic HTTPS to your Faster Chat deployment using Caddy.
Why Caddy?
Section titled “Why Caddy?”- 13MB Docker image (Alpine-based)
- Automatic HTTPS with Let’s Encrypt (zero config)
- Auto-renewal of certificates
- HTTP/3 support built-in
- Perfect for one-click deployments
Quick Start
Section titled “Quick Start”Development/Localhost (HTTP)
Section titled “Development/Localhost (HTTP)”The included Caddyfile already works for localhost:
# Start with Caddydocker compose -f docker-compose.yml -f docker-compose.caddy.yml up -d
# Access athttp://localhostProduction (Automatic HTTPS)
Section titled “Production (Automatic HTTPS)”-
Point your domain to your server (DNS A record)
-
Edit
Caddyfile- uncomment and update the production block:
chat.yourdomain.com { reverse_proxy faster-chat:8787
# Security headers (already configured) header { Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" X-Content-Type-Options "nosniff" X-Frame-Options "DENY" Referrer-Policy "strict-origin-when-cross-origin" }
encode gzip zstd}- Launch with Caddy:
docker compose -f docker-compose.yml -f docker-compose.caddy.yml up -d- That’s it! Caddy automatically:
- Obtains SSL certificate from Let’s Encrypt
- Renews certificates before expiry
- Redirects HTTP → HTTPS
- Enables HTTP/2 and HTTP/3
Configuration Options
Section titled “Configuration Options”Custom Port
Section titled “Custom Port”If you need a different port for the app:
# Create .env fileecho "APP_PORT=9000" > .envecho "HOST_PORT=9000" >> .env
# Rebuilddocker compose up -d --buildMultiple Domains
Section titled “Multiple Domains”Add more blocks to Caddyfile:
app1.example.com { reverse_proxy faster-chat:8787}
app2.example.com { reverse_proxy faster-chat:8787}Local Development with HTTPS
Section titled “Local Development with HTTPS”For testing HTTPS locally:
chat.local { tls internal # Self-signed cert reverse_proxy faster-chat:8787}Add to /etc/hosts:
127.0.0.1 chat.localOne-Click Deploy Configuration
Section titled “One-Click Deploy Configuration”For platforms like Railway, Render, or DigitalOcean:
-
Set environment variable:
DOMAIN=your-app-url.railway.app -
Update Caddyfile to read from env:
{$DOMAIN} {reverse_proxy faster-chat:8787} -
Deploy! Caddy handles the rest.
Troubleshooting
Section titled “Troubleshooting”Port 80/443 Already in Use
Section titled “Port 80/443 Already in Use”Check what’s using them:
sudo lsof -i :80sudo lsof -i :443Stop conflicting services (nginx, apache):
sudo systemctl stop nginxsudo systemctl stop apache2Certificate Issues
Section titled “Certificate Issues”View Caddy logs:
docker compose logs caddyForce certificate renewal:
docker exec -it faster-chat-caddy-1 caddy reload --config /etc/caddy/CaddyfileFirewall
Section titled “Firewall”Ensure ports are open:
# Ubuntu/Debiansudo ufw allow 80/tcpsudo ufw allow 443/tcpsudo ufw allow 443/udp
# RHEL/CentOSsudo firewall-cmd --permanent --add-service=httpsudo firewall-cmd --permanent --add-service=httpssudo firewall-cmd --reloadImage Size Comparison
Section titled “Image Size Comparison”| Component | Size |
|---|---|
| Faster Chat App | ~428 MB |
| Caddy Alpine | ~13 MB |
| Total | ~441 MB |
Only 3% overhead for automatic HTTPS - totally worth it for production deployments!
Production Checklist
Section titled “Production Checklist”- Domain points to your server (DNS configured)
- Ports 80 and 443 are accessible (firewall configured)
-
Caddyfilehas your actual domain - Environment variables set (if using)
- Container started with Caddy compose file
- Test HTTPS access (should auto-redirect from HTTP)
- Check SSL rating: https://www.ssllabs.com/ssltest/