How To Install Caddy on Fedora 43

Caddy stands out as a modern web server that makes website deployment remarkably simple. Unlike traditional servers such as Apache or Nginx, Caddy automatically handles HTTPS certificates through Let’s Encrypt, eliminating hours of manual SSL configuration. Its straightforward syntax and built-in security features make it an excellent choice for developers and system administrators working with Fedora 43. This comprehensive guide walks you through multiple installation methods, configuration steps, and practical deployment scenarios to get your Caddy server running smoothly.

Prerequisites and System Requirements

Before diving into the installation process, ensure your Fedora 43 system meets the basic requirements. You’ll need root or sudo privileges to execute system-level commands. A fresh system update is recommended—run sudo dnf update -y to bring all packages current.

Basic command-line familiarity will help you navigate the installation smoothly. If you plan to serve public websites with automatic HTTPS, having a domain name pointed to your server is beneficial. Fedora 43 includes firewalld by default, which we’ll configure to allow web traffic.

Understanding Your Installation Options

Caddy offers three distinct installation methods on Fedora 43, each suited to different needs. The official Fedora repository provides the most straightforward approach with DNF package management, offering stability and automatic security updates through your regular system maintenance routine. This method works perfectly for most production environments.

The COPR (Cool Other Package Repo) community repository delivers the latest upstream Caddy releases. Choose this when you need cutting-edge features or the newest version immediately after release. The installation process remains simple, with standard DNF commands handling everything.

Binary installation gives you maximum control. Download the executable directly from GitHub, which proves useful for custom builds with specific plugins or testing pre-release versions. This method requires additional manual configuration but offers unmatched flexibility.

Installing Caddy from Fedora Official Repository

The simplest path to getting Caddy running starts with Fedora’s official repository. Open your terminal and execute:

sudo dnf install caddy -y

Fedora’s package manager handles all dependencies automatically. The installation completes in moments, placing Caddy binaries and configuration files in their proper locations. This method integrates seamlessly with your system’s update mechanism—future security patches arrive automatically when you run regular system updates.

Verify the installation succeeded by checking the version:

caddy version

You should see output displaying the Caddy version number and build information. This confirms the binary installed correctly and is accessible from your PATH.

Configuring the Systemd Service

Fedora 43 uses systemd for service management, and the DNF package includes a pre-configured service file at /usr/lib/systemd/system/caddy.service. Enable Caddy to start automatically on boot and launch it immediately with one command:

sudo systemctl enable caddy --now

Check the service status to ensure everything started properly:

systemctl status caddy

Look for “active (running)” in green text. This indicates Caddy is operational and listening for connections. The default configuration serves a simple welcome page.

Test your installation by opening a web browser and navigating to http://localhost or http://your-server-ip. You should see a welcome message confirming Caddy is serving requests.

Installing Caddy from COPR Repository

COPR repositories provide community-maintained packages, and the Caddy project maintains an official COPR repo with the latest releases. This approach delivers newer versions faster than the standard Fedora repositories while maintaining the convenience of package management.

First, enable the Caddy COPR repository:

sudo dnf copr enable @caddy/caddy

The system prompts you to confirm—type ‘y’ and press Enter. This adds the repository configuration to your system. Now install Caddy:

sudo dnf install caddy

If you already have Caddy installed from the Fedora repository, DNF upgrades it to the COPR version. Check your installed version with caddy version to confirm you’re running the latest release.

Future updates come through your normal system update process. Running sudo dnf upgrade keeps your Caddy installation current. The COPR method combines the latest features with hassle-free maintenance.

Enable and start the service using the same systemctl commands as the DNF method. The service configuration remains identical regardless of installation source.

Installing Caddy from Official Binary

Advanced users needing custom configurations can install Caddy from its official binary release. This method suits scenarios requiring specific versions, custom-built plugins, or testing pre-release code.

Visit the Caddy GitHub releases page or use wget to download the latest binary for your architecture. Extract the compressed archive:

tar -xzf caddy_*.tar.gz

Move the extracted binary to a directory in your system PATH:

sudo cp caddy /usr/local/bin/
sudo chmod +x /usr/local/bin/caddy

Confirm the installation with caddy version. The binary is now executable system-wide, but unlike package installations, you need to manually configure the systemd service.

Setting Up Systemd for Binary Installations

Create a dedicated user and group for Caddy to run under:

sudo groupadd --system caddy
sudo useradd --system --gid caddy --home-dir /var/lib/caddy --shell /usr/sbin/nologin caddy

Create necessary directories:

sudo mkdir -p /etc/caddy /var/lib/caddy
sudo chown caddy:caddy /var/lib/caddy

Create a systemd service file at /etc/systemd/system/caddy.service with your text editor. The service file should specify the caddy user, working directory, and proper startup commands.

After creating the service file, reload systemd to recognize the new service:

sudo systemctl daemon-reload
sudo systemctl enable caddy --now

This approach gives you complete control over your Caddy installation while maintaining proper system integration.

Configuring Firewall Access

Fedora 43 ships with firewalld active by default, blocking incoming connections except those explicitly allowed. Web servers need HTTP (port 80) and HTTPS (port 443) open to serve public traffic.

Allow HTTP traffic:

sudo firewall-cmd --permanent --add-service=http

Allow HTTPS traffic:

sudo firewall-cmd --permanent --add-service=https

The --permanent flag saves these rules across reboots. Reload firewalld to apply the changes immediately:

sudo firewall-cmd --reload

Verify your configuration:

sudo firewall-cmd --list-all

Look for “http” and “https” in the services section. Your server now accepts web connections from external sources.

If you need Caddy on custom ports, add them explicitly:

sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

Understanding Caddyfile Configuration

Caddy’s configuration file, called the Caddyfile, lives at /etc/caddy/Caddyfile. This file uses an intuitive syntax that reads almost like plain English compared to Apache’s complex directives or Nginx’s nested blocks.

A basic Caddyfile consists of site blocks defining how Caddy handles requests. Each block starts with an address (domain or IP) followed by directives in curly braces. The root directive specifies where your website files live, while file_server enables static file serving.

Caddy automatically enables HTTPS when you specify a domain name. No certificate configuration required—Caddy obtains, installs, and renews Let’s Encrypt certificates without intervention. This automatic HTTPS feature alone saves hours of setup time and eliminates certificate expiration headaches.

Creating Your First Static Website

Let’s build a simple static website to see Caddy in action. Create a directory structure for your site:

sudo mkdir -p /var/www/html/my-site
sudo mkdir -p /var/log/caddy

Set proper ownership so Caddy can access these directories:

sudo chown -R caddy:caddy /var/www/html/my-site
sudo chown caddy:caddy /var/log/caddy

Create a simple HTML file at /var/www/html/my-site/index.html. Add some basic HTML content to test your setup.

Edit your Caddyfile with a text editor:

sudo nano /etc/caddy/Caddyfile

For a local test server using your IP address, configure a simple static file server. Include the file_server directive to enable directory browsing and static file delivery. Add encode gzip to compress responses, reducing bandwidth and improving load times.

Caddy includes built-in configuration validation. Before restarting the server, check for syntax errors:

caddy validate --adapter caddyfile --config /etc/caddy/Caddyfile

If validation passes, restart Caddy to apply your changes:

sudo systemctl restart caddy

Visit your server’s IP address in a browser. Your HTML file appears, served fresh by Caddy.

Adding PHP Support

Many web applications require PHP processing. Fedora 43 makes PHP-FPM (FastCGI Process Manager) installation straightforward:

sudo dnf install php php-fpm -y

Configure PHP-FPM to work with Caddy by editing /etc/php-fpm.d/www.conf. Change the user and group settings to “caddy” so PHP-FPM runs under the same user as your web server. This prevents permission issues when PHP scripts access files.

Add “caddy” to the listen.acl_users directive in the same configuration file. Enable and start PHP-FPM:

sudo systemctl enable php-fpm --now

Update your Caddyfile to process PHP files. Add the php_fastcgi directive pointing to PHP-FPM’s socket. This tells Caddy to forward PHP requests to the FastCGI processor.

Restart Caddy after saving your Caddyfile changes. Create a test file at /var/www/html/my-site/info.php containing PHP info code. Access this file through your browser—if you see detailed PHP configuration information, everything works correctly.

Remember to delete test files like info.php from production servers. They expose potentially sensitive system information.

Managing Caddy Service

Systemd provides powerful service management commands for Caddy. Start the service with sudo systemctl start caddy. Stop it using sudo systemctl stop caddy. Restart completely with sudo systemctl restart caddy.

The reload command deserves special attention:

sudo systemctl reload caddy

Reloading applies configuration changes gracefully without dropping existing connections. Use reload instead of restart when updating your Caddyfile on production servers—it prevents service interruption.

Check service status anytime:

systemctl status caddy

Enable Caddy to start automatically at boot:

sudo systemctl enable caddy

Disable automatic startup with sudo systemctl disable caddy.

View real-time logs using journalctl:

journalctl -u caddy -f

This command follows the log output, showing new entries as they occur. Press Ctrl+C to exit. Logs help diagnose configuration issues and track access patterns.

Troubleshooting Common Issues

When Caddy refuses to start, configuration syntax errors are the usual suspect. Run the validation command to identify problems. Check service logs for detailed error messages:

journalctl -u caddy --no-pager | tail -50

Permission problems cause many headaches. Verify that the Caddy user owns all necessary directories and files. Website root directories need read access, while log directories require write access.

Firewall rules sometimes block access even after configuration. Double-check your firewalld settings with sudo firewall-cmd --list-all. Ensure both http and https services appear in the allowed list.

SELinux, Fedora’s security framework, occasionally prevents Caddy from functioning. Check SELinux status with sestatus. If enforcing mode is active and you suspect SELinux issues, examine the audit log:

sudo grep caddy /var/log/audit/audit.log

Restore correct file contexts:

sudo restorecon -Rv /var/www/

Enable Caddy to make network connections:

sudo setsebool -P httpd_can_network_connect 1

If another service already uses port 80 or 443, Caddy cannot bind to those ports. Identify the conflicting process and either stop it or configure Caddy to use alternative ports.

Security Best Practices

Caddy’s automatic HTTPS provides strong baseline security. Every connection encrypts by default when you use domain names. This protects your users’ data and improves search engine rankings—major search engines prefer HTTPS sites.

Add security headers to your Caddyfile for enhanced protection. HTTP Strict Transport Security (HSTS) forces browsers to use HTTPS exclusively. Content Security Policy (CSP) prevents cross-site scripting attacks.

Keep Caddy updated regularly:

sudo dnf update caddy

Security patches address newly discovered vulnerabilities. Automatic updates through dnf ensure you stay protected without manual intervention.

Restrict Caddyfile permissions since it may contain sensitive information:

sudo chmod 600 /etc/caddy/Caddyfile

The Caddy user runs with limited privileges by design. Never run Caddy as root—this principle of least privilege limits damage if an attacker exploits a vulnerability.

For sites with restricted access, implement basic authentication directly in your Caddyfile. Caddy supports various authentication schemes without additional modules.

Congratulations! You have successfully installed Caddy. Thanks for using this tutorial for installing the Caddy Web Server on Fedora 43 Linux system. For additional or useful information, we recommend you check the official Caddy website.