Here is a detailed guide on how to set up and install Caddy as a reverse proxy on Ubuntu and secure it with Let’s Encrypt. Please ensure you have sudo or root privileges when implementing these steps.

Step 1: Update your System

First, update your system packages to the latest versions. You can do this by running the following commands:

sudo apt update
sudo apt upgrade

Step 2: Install Caddy

After updating your system, you can install Caddy. Run this command to install Caddy:

curl -o- | bash -s personal

This command will install the latest version of Caddy. The “personal” argument is a licensing option that specifies you’re using Caddy for personal use.

Step 3: Set Up the Caddyfile

Caddy’s main configuration file is known as a Caddyfile. By default, it is located at /etc/caddy/Caddyfile.

You can use nano or any text editor to edit the Caddyfile. Here’s a basic example of a Caddyfile that sets up a reverse proxy for a website:

sudo nano /etc/caddy/Caddyfile

And insert the following: {
    reverse_proxy /

In this example, replace"" with your actual domain, and “” with the address and port of the server that Caddy should reverse-proxy requests to.

Step 4: Run Caddy

After setting up the Caddyfile, you can start Caddy:

sudo caddy run

Step 5: Setting up HTTPS with Let’s Encrypt

One of the great things about Caddy is that it can automatically obtain and renew SSL/TLS certificates from Let’s Encrypt for your sites.

In the Caddyfile, you can instruct Caddy to use Let’s Encrypt by specifying an email address to use for certificate management: {
    tls [email protected]
    reverse_proxy /

Replace “[email protected]” with your actual email address.

By default, Caddy uses the HTTP challenge to validate your control over the domain. However, if your ISP blocks port 80 (required for the HTTP challenge), you can instruct Caddy to use the DNS challenge instead if Caddy supports your DNS provider. The DNS challenge does not need any ports to be open.

Step 6: Enable Caddy at System Startup

To ensure Caddy runs when your system boots, you should enable it as a systemd service. First, create a service file:

sudo nano /etc/systemd/system/caddy.service

Insert the following configuration:

Description=Caddy HTTP/2 web server

ExecStart=/usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile


This will create a new systemd service named caddy.

You can then start the service with this command:

sudo systemctl start caddy

And enable it to start at boot with this command:

sudo systemctl enable caddy

Step 7: Open Necessary Ports

Remember to open ports 80 and 443 in your firewall if they aren’t already open. These ports are needed for HTTP and HTTPS communication, respectively. If you’re using UFW to manage your firewall, you can do this with these commands:

sudo ufw allow 80
sudo ufw allow 443

That’s it! You should now have a working Caddy server that automatically obtains and renews SSL/TLS certificates from Let’s Encrypt.