Setting Up a Secure Caddy Web Server on Ubuntu 24.04 with On-Demand SSL, DynamoDB, and Route53
In this article, I’ll walk you through the process of setting up a Caddy web server on Ubuntu 22.04, incorporating On-Demand SSL, DynamoDB, and Route53. This setup is particularly useful for dynamic SSL certificate provisioning and leveraging AWS services for storage and DNS management.
Prerequisites
Before we begin, ensure you have:
- An Ubuntu 24.04 server is up and running.
- Access to AWS for DynamoDB and Route53 services.
- Basic knowledge of Linux command-line operations.
Step 1: Install Go
First, we must install Go, which is necessary for building Caddy with custom plugins.
sudo wget --output-document /opt/go.tar.gz https://go.dev/dl/go1.23.4.linux-amd64.tar.gz
sudo tar --directory /usr/local --extract --gzip --file /opt/go.tar.gz && sudo rm /opt/go.tar.gz
echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc
source ~/.bashrc
go versionThis installs Go and update your PATH to include the Go binary.
Step 2: Install xcaddy
xcaddy is a tool that allows us to build Caddy with additional plugins easily.
curl -sS https://webi.sh/xcaddy | sh
source ~/.config/envman/PATH.envThis script downloads and sets up xcaddy for use.
Step 3: Build Caddy with Custom Plugins
Here, we specify the plugins for On-Demand SSL, DynamoDB storage, and Route53 DNS.
xcaddy build \
--with github.com/silinternational/certmagic-storage-dynamodb/v3 \
--with github.com/caddy-dns/route53
sudo mv caddy /usr/bin
caddy -v
caddy list-modulesThis command builds Caddy with the required modules and moves the binary /usr/bin for easy access.
Step 4: Configure and Secure Caddy
Next, we set up Caddy to run as a system service and ensure it has the correct permissions.
sudo groupadd --system caddy
sudo useradd --system \
--gid caddy \
--create-home \
--home-dir /var/lib/caddy \
--shell /usr/sbin/nologin \
--comment "Caddy web server" \
caddy
sudo chown root:root /usr/bin/caddy
sudo chmod 755 /usr/bin/caddy
sudo mkdir /etc/caddy
sudo chown -R root:caddy /etc/caddy
sudo mkdir /etc/ssl/caddy
sudo chown -R root:caddy /etc/ssl/caddy
sudo mkdir /var/www
sudo chown caddy:caddy /var/www
sudo mkdir -p /var/log/caddy
sudo chown caddy:caddy /var/log/caddy
sudo chmod 755 /var/log/caddyThese commands create a system user and group for Caddy, set appropriate permissions, and create necessary directories.
Step 5: Setup Caddy as a Service
To manage Caddy as a systemd service, we download the service file and enable the service.
sudo sh -c 'curl https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service > /etc/systemd/system/caddy.service'sudo systemctl daemon-reloadAfter creating a Caddyfile configuration, you can enable and start the service:
nano /etc/caddy/Caddyfile
sudo systemctl enable caddy
sudo systemctl start caddy
sudo systemctl status caddyEnsure your Caddyfile is correctly configured for your domain and services.
Conclusion
Following these steps, you've set up a secure, robust web server with Caddy on Ubuntu 22.04, equipped with On-Demand SSL, DynamoDB for certificate storage, and Route53 for DNS management. This setup simplifies SSL management and integrates smoothly with AWS infrastructure, providing scalability and reliability.
Check out the official Caddy documentation and community tutorials for more detailed instructions and configurations.
