Up until recently tnickel.de was served without encryption. Mainly I didn’t wanted to spend the extra 3€ and my provider 1and1 (in germany 1und1) is making it particular hard to use the certificates from ‘let`s encrypt’ and alike. First it was hard to install the certbot software, that is needed to complete a challenge and prove to be the owner of a domain, once I managed to build the certbot myself, the challenge always failed, guess the protocol was blocked. I guess with more effort I could have solved this problem as well, but,… well,… priorities,… I guess.
Well until yesterday! When I hear about the
caddy webserver by my friend Ru Singh who over the christmas holidays switched from nginx to caddy. Opening caddy website. It claimed to do the certificate management automatically, including the challenge. I also limed that it was made with golang, because that always means it is easy to install. The golang compiler build all dependencies into the single binary. That is very convenient. The other features and plugins are also cool, but not what I was looking for now.
In the evening when my daughter went to bed, I tried it out. Start my node.js server on a different port and caddy as
reverse proxy forwarding to node.js with the following command:
./caddy reverse-proxy --from tnickel.de --to localhost:9000
That was it, the about 20 lines of log on the console show the certificate challenge was success and the page served. Opening the browser and wow, I got automatically redirected to https. This is impressive and it feels like magic. It just seemed to easy. But chrome told me: The connection is secure.
I personally just added the server to run on
reboot via cronjob. You might want to use systemd or what ever solution your server os prefer. Maybe with docker. The choice is yours.
The download also has a very cool solution. At the download page, you can download the base version. Other than for example with apache or nginx, golang programs do not load dynamic linked libraries when you start the server. Extra modules need to be compiled into the single binary. Yes, when you compile it.
However, at the download page, you can select any of 36 available modules. And the website will compile a binary for you, with the chosen modules, for the needed architecture and operating system.
This way of providing very customized binaries for download, is ground breaking, and today probably only possible with golang projects.
Caddy can run just with the single command and no other configuration, you can provide a so called
Caddyfile. The Caddyfile is a simple file to make basic configuration easy. Or you can use a json configuration file. But the structure is more complex. The json configuration is good to be generated by other tools.
For my server, I now use a Caddyfile, because it is very simple and I need to configure multiple domains. The documentation for the configuration is very good on the website, including all available properties and useful examples.
Very useful, while configuring and testing the server, you can start the server using
caddy run --watch, with the watch option. When you save the configuration file, the server will load the new configuration, without restart. With this feature, you can quickly do some experiments.