Caddy Configuration Examples

Welcome to the NovaNode documentation for Caddy Server configuration. This guide provides various examples of Caddy configurations that you can use with NovaNode's global load balancer platform.

Basic Configurations

Simple Website Reverse Proxy

# Route traffic for yourdomain.com to your application
yourdomain.com {
  reverse_proxy https://your-app-url.vercel.app {
    header_up Host {http.reverse_proxy.upstream.hostport}
  }
}

Multiple Domains

# Handle multiple domains with the same configuration
yourdomain.com, www.yourdomain.com {
  reverse_proxy https://your-app-url.vercel.app {
    header_up Host {http.reverse_proxy.upstream.hostport}
  }
}

Path-Based Routing

yourdomain.com {
  # Route /api to your API service
  handle_path /api/* {
    reverse_proxy https://api.yourservice.com
  }

  # Route /admin to your admin panel
  handle_path /admin/* {
    reverse_proxy https://admin.yourservice.com
  }

  # Route everything else to your main app
  handle {
    reverse_proxy https://your-app-url.vercel.app
  }
}

Advanced Configurations

Load Balancing Between Multiple Backends

yourdomain.com {
  reverse_proxy {
    # Balance requests between multiple backends
    to https://backend1.yourservice.com https://backend2.yourservice.com
    lb_policy round_robin
    health_timeout 10s
  }
}

Custom Error Pages

yourdomain.com {
  reverse_proxy https://your-app-url.vercel.app {
    header_up Host {http.reverse_proxy.upstream.hostport}
  }

  # Custom error pages
  handle_errors {
    respond "{http.error.status_code} {http.error.status_text}" {
      status {http.error.status_code}
    }
  }
}

Adding Headers for Security

yourdomain.com {
  # Add security headers to all responses
  header {
    # Add HSTS header
    Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    # Prevent MIME type sniffing
    X-Content-Type-Options "nosniff"
    # Prevent clickjacking
    X-Frame-Options "DENY"
    # Enable browser XSS protection
    X-XSS-Protection "1; mode=block"
    # Restrict referrer information
    Referrer-Policy "strict-origin-when-cross-origin"
  }

  reverse_proxy https://your-app-url.vercel.app {
    header_up Host {http.reverse_proxy.upstream.hostport}
  }
}

Performance Optimizations

Caching Static Content

yourdomain.com {
  # Cache static assets
  handle_path /static/* {
    root * /path/to/static/files
    file_server {
      # Enable asset caching
      precompressed br gzip
      # 7 days cache
      header Cache-Control "public, max-age=604800"
    }
  }

  # Route everything else to your app
  handle {
    reverse_proxy https://your-app-url.vercel.app
  }
}

Enabling Compression

yourdomain.com {
  # Enable Brotli and gzip compression
  encode {
    zstd
    gzip
  }

  reverse_proxy https://your-app-url.vercel.app
}

Authentication & Authorization

Basic Authentication

yourdomain.com {
  # Protect the entire site with basic auth
  basicauth {
    user1 JDJhJDEwJDFqZVozLkx6MFRTSmdPZzJaZDBYbC5veTZUQ3JrVDh1SzZwRTFsV0JDaC52eFZ5dGJXa2dH
    user2 JDJhJDEwJHdoLnNTMnlPMHkwTXpOdkVnZWdCRS5RU0VwWWxKYkpZZ2ZWWkMvTU5zaHR5cVdKUElBSi42
  }

  reverse_proxy https://your-app-url.vercel.app
}

JWT Authentication

yourdomain.com {
  # Validate JWT tokens for API routes
  handle_path /api/* {
    jwt {
      trusted_key_file /path/to/pubkey.pem
    }
    reverse_proxy https://api.yourservice.com
  }

  # Public routes
  handle {
    reverse_proxy https://your-app-url.vercel.app
  }
}

Real-world Examples

Next.js Application Deployment

nextjs-app.com {
  # Handle Next.js API routes
  handle_path /api/* {
    reverse_proxy https://nextjs-api.example.com
  }

  # Handle Next.js public folder assets
  handle_path /public/* {
    root * /path/to/next/public
    file_server {
      precompressed br gzip
    }
  }

  # Handle everything else, including dynamic routes
  handle {
    reverse_proxy https://nextjs-frontend.example.com
  }
}

WordPress Site with Cache

wordpress-site.com {
  # Cache static assets
  @static {
    path *.css *.js *.jpg *.jpeg *.png *.gif *.ico *.svg *.woff *.woff2
  }
  handle @static {
    header Cache-Control "public, max-age=604800"
  }

  # Don't cache admin or login pages
  @nocache {
    path /wp-admin/* /wp-login.php
  }
  handle @nocache {
    header Cache-Control "no-store, no-cache, must-revalidate, max-age=0"
  }

  # Proxy everything to WordPress
  handle {
    reverse_proxy https://wordpress-backend.example.com
  }
}

SPA with API Backend

spa-app.com {
  # Handle API requests
  handle_path /api/* {
    reverse_proxy https://api-server.example.com
  }

  # Serve SPA from a static host
  handle {
    root * /var/www/spa-app
    try_files {path} /index.html
    file_server
  }
}

Fly.io-specific Optimizations

Since NovaNode uses Fly.io infrastructure, these configurations are optimized for global deployment:

Cross-Region Load Balancing

global-app.com {
  reverse_proxy {
    to https://us-app.example.com https://eu-app.example.com https://asia-app.example.com
    lb_policy first
    health_path /health
    health_port 8080
  }
}

Geolocation-Based Routing

global-content.com {
  @europe {
    geo_ip Europe
  }
  handle @europe {
    reverse_proxy https://eu-content.example.com
  }

  @asia {
    geo_ip Asia
  }
  handle @asia {
    reverse_proxy https://asia-content.example.com
  }

  # Default for all other regions
  handle {
    reverse_proxy https://us-content.example.com
  }
}

Additional Resources

For more advanced Caddy configuration examples and documentation, visit:

• Official Caddy Documentation
• Caddy Community Forum
• NovaNode Support

Remember that NovaNode automatically handles SSL certificates and global deployment across Fly.io's network, so you don't need to configure these aspects in your Caddy configuration.