Caddy

Caddy is an open source web server and reverse proxy that solves one of the most frustrating parts of running a home server: getting HTTPS working without manual Certbot setup, cron jobs, and certificates that expire overnight. Written in Go with zero runtime dependencies, it automatically requests, installs, and renews TLS certificates from Let's Encrypt or ZeroSSL the moment you point a domain at it. You deploy it on your home server using Docker Compose, write a few lines of Caddyfile config, and your services are live behind valid HTTPS in minutes.

For homelab users, Caddy is most commonly run as a reverse proxy in front of every self-hosted service on the network. Instead of remembering that Jellyfin is on port 8096 and Nextcloud is on port 8080, you route all traffic through Caddy and access each service at a clean subdomain like jellyfin.yourdomain.com, each with its own valid SSL certificate. The Caddyfile format is dramatically simpler than Nginx or Apache configs, and Caddy also exposes a live JSON API so you can update routes and reload config without ever restarting the server.

Beyond basic proxying, Caddy handles more advanced homelab requirements cleanly. It supports HTTP/3 and QUIC out of the box, WebSocket proxying for apps like Home Assistant, wildcard TLS certificates for anyone managing a lot of subdomains, and an internal certificate authority for issuing HTTPS on local-only services that will never be publicly reachable. Because it is fully self-hosted and open source, there are no licensing costs, no cloud dependencies, and it runs comfortably on hardware as modest as a Raspberry Pi.

Key Features

• Automatic HTTPS with Let's Encrypt, ZeroSSL, and automatic TLS certificate renewal
• Reverse proxy with load balancing and zero-downtime config reloads via JSON API
• Caddyfile simple config syntax
• HTTP/3 and QUIC support
• WebSocket and gRPC proxying
• Wildcard TLS certificates via DNS challenge
• Internal TLS certificate authority for local HTTPS
• Docker and Docker Compose deployment with plugin and module system

Use Cases For Home

Use Caddy as the single reverse proxy in front of your entire Docker stack, routing nextcloud.yourdomain.com to your Nextcloud container and jellyfin.yourdomain.com to Jellyfin, all with auto-renewing HTTPS and zero manual certificate management. If you are running Home Assistant and need secure remote access, Caddy handles WebSocket proxying and HTTPS termination without the extra configuration that Nginx requires. For fully local homelab setups, Caddy's built-in internal CA can issue trusted HTTPS certificates for services like Proxmox, Grafana, or Portainer so your browser stops throwing certificate warnings on your own network.