Skip to content

Instantly share code, notes, and snippets.

Last active January 27, 2024 14:47
Show Gist options
  • Save Jamesits/2a1e2677ddba31fae62d022ef8aa54dc to your computer and use it in GitHub Desktop.
Save Jamesits/2a1e2677ddba31fae62d022ef8aa54dc to your computer and use it in GitHub Desktop.
Install Caddy Server on Ubuntu with Systemd.
# Should work on all Debian based distros with systemd; tested on Ubuntu 16.04+.
# This will by default install all plugins; you can customize this behavior on line 6. Selecting too many plugins can cause issues when downloading.
# Run as root (or sudo before every line) please. Note this is not designed to be run automatically; I recommend executing this line by line.
apt install curl
curl | bash -s personal dns,docker,dyndns,hook.service,http.authz,http.awses,http.awslambda,http.cache,http.cgi,http.cors,http.datadog,http.expires,http.filemanager,http.filter,http.forwardproxy,http.geoip,http.git,http.gopkg,http.grpc,http.hugo,http.ipfilter,http.jekyll,http.jwt,http.locale,http.login,http.mailout,http.minify,http.nobots,http.prometheus,http.proxyprotocol,http.ratelimit,http.realip,http.reauth,http.restic,http.upload,http.webdav,net,tls.dns.auroradns,,tls.dns.cloudflare,tls.dns.cloudxns,tls.dns.digitalocean,tls.dns.dnsimple,tls.dns.dnsmadeeasy,tls.dns.dnspod,tls.dns.dyn,tls.dns.exoscale,tls.dns.gandi,tls.dns.gandiv5,,tls.dns.googlecloud,tls.dns.lightsail,tls.dns.linode,tls.dns.namecheap,tls.dns.ns1,tls.dns.otc,,tls.dns.powerdns,tls.dns.rackspace,tls.dns.rfc2136,tls.dns.route53,tls.dns.vultr
chown root:root /usr/local/bin/caddy
chmod 755 /usr/local/bin/caddy
setcap 'cap_net_bind_service=+eip' /usr/local/bin/caddy
mkdir -p /etc/caddy
chown -R root:www-data /etc/caddy
mkdir -p /etc/ssl/caddy
chown -R www-data:root /etc/ssl/caddy
chmod 770 /etc/ssl/caddy
touch /etc/caddy/Caddyfile
mkdir -p /var/www
chown www-data:www-data /var/www
chmod 755 /var/www
curl -L | sed "s/;CapabilityBoundingSet/CapabilityBoundingSet/" | sed "s/;AmbientCapabilities/AmbientCapabilities/" | sed "s/;NoNewPrivileges/NoNewPrivileges/" | tee /etc/systemd/system/caddy.service
chown root:root /etc/systemd/system/caddy.service
chmod 744 /etc/systemd/system/caddy.service
systemctl daemon-reload
systemctl enable caddy.service
# If you need caddy to be up now:
# systemctl start caddy.service
# if you need QUIC protocol:
# 1. edit /etc/systemd/system/caddy.service, write " -quic" (without quotes) to the end of the line ExecStart
# 2. systemctl daemon-reload
# 3. systemctl restart caddy
Copy link

vinniyo commented Mar 9, 2017

for line 15 I get malformed but I've setup the systemd service by getting the redirect and using vi to paste the contents of: in it.

Copy link

jancel commented Mar 11, 2017

ditto to the curl command. also, installed beginning as root user

Copy link

aw1n commented Mar 24, 2017

Try curl -o /etc/systemd/system/caddy.service

Copy link

slobo commented Mar 31, 2017

I think curl needs to be told to follow redirects too:

curl -L -o /etc/systemd/system/caddy.service

Copy link

Great script. Thank you!

One could also fix the version of the caddy.service by using the Git ID of the commit: Instead of curl -L
use curl -L This way one can be sure to always get the same script and not any malicious one (although this seems to be the official caddy repository).

Copy link

For central logging:

mkdir /var/log/caddy
chown -R www-data:root /var/log/caddy
chmod 770 /var/log/caddy

In your Caddyfile:

sub.domain.tld {
    log /var/log/caddy/sub.log

Copy link

To get rid of syslog warnings, I had to make a change:

chmod 644 /etc/systemd/system/caddy.service

Copy link

curl | bash is a horrible idea since it means you can't auto-update using your package manager, not sure if it's in a repository on Ubuntu
for Fedora and Redhat/CentOS, use epel.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment