Caddy cheatsheet
Service and config
| Command | Description |
|---|---|
systemctl status caddy | Service status |
systemctl reload caddy | Reload config (graceful) |
caddy validate --config /etc/caddy/Caddyfile | Test config syntax |
caddy fmt --overwrite /etc/caddy/Caddyfile | Format Caddyfile |
caddy run --config /etc/caddy/Caddyfile | Run in foreground (debug) |
caddy reload --config /etc/caddy/Caddyfile | Reload without systemd |
Logs and inspection
| Command | Description |
|---|---|
journalctl -u caddy -f | Follow Caddy logs |
journalctl -u caddy -n 100 --no-pager | Last 100 log lines |
ss -tlnp | grep caddy | Check listening ports |
curl -vI https://example.com | Test HTTPS response |
curl -v http://127.0.0.1:8080 | Test upstream directly |
TLS and certificates
| Command / path | Description |
|---|---|
ls /var/lib/caddy/.local/share/caddy/certificates/ | Stored ACME certs (default data dir) |
openssl s_client -connect example.com:443 | Inspect TLS cert from client |
dig +short example.com | Confirm DNS points to server |
Reverse proxy site block
api.example.com {
reverse_proxy 127.0.0.1:8000
encode gzip
}
Static files with path routing
example.com {
root * /var/www/example
route /api/* {
reverse_proxy 127.0.0.1:8000
}
file_server
}
Disable automatic HTTPS (internal / dev)
http://internal.local {
tls internal
reverse_proxy 127.0.0.1:3000
}
Pro tips
- Always
caddy validatebeforereload— bad config can stop the server - Test upstreams directly with
curlbefore blaming Caddy for 502 errors - Automatic HTTPS needs public DNS — use
http://ortls internalfor local dev - Use
caddy fmtto catch indentation and brace errors early
Practice scenarios
Hands-on Caddy scenarios on live Linux VMs: caddy