🟡 Caddy

Caddy is the simplest web server to configure — it automatically handles HTTPS with Let's Encrypt! If you want zero-hassle SSL, Caddy is a great choice.

---

📋 前提条件

• Caddy 2.x installed
• PHP-FPM installed and running

---

📦 Installing Caddy

# Ubuntu/Debian
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

---

📝 Caddyfile Configuration

Edit the Caddyfile:

sudo nano /etc/caddy/Caddyfile

Paste this:

your-domain.com {
    # Document root — MUST point to /public
    root * /var/www/monitron/public

    # Enable PHP
    php_fastcgi unix//var/run/php/php8.3-fpm.sock

    # URL rewriting for Laravel
    try_files {path} {path}/ /index.php?{query}

    # File server for static files
    file_server

    # Block access to sensitive files
    @blocked {
        path /.env
        path /.env.*
    }
    respond @blocked 404

    # Security headers
    header {
        X-Frame-Options "SAMEORIGIN"
        X-Content-Type-Options "nosniff"
        X-XSS-Protection "1; mode=block"
        Referrer-Policy "strict-origin-when-cross-origin"
        -Server
    }

    # Logging
    log {
        output file /var/log/caddy/monitron-access.log
    }

    # Upload size limit
    request_body {
        max_size 100MB
    }

    # Static file caching
    @static {
        path *.css *.js *.png *.jpg *.jpeg *.gif *.ico *.svg *.woff *.woff2
    }
    header @static Cache-Control "public, max-age=2592000"
}

That's it! No SSL configuration needed. Caddy automatically:

• Obtains a Let's Encrypt certificate
• Configures HTTPS
• Redirects HTTP → HTTPS
• Renews the certificate automatically

---

🔧 Setup Steps

1. Replace Placeholders

占位符	替换为
your-domain.com	Your actual domain
/var/www/monitron	Your installation path
php8.3-fpm.sock	Your PHP-FPM socket path

2. Verify and Restart

# Test the configuration
caddy validate --config /etc/caddy/Caddyfile

# Restart Caddy
sudo systemctl restart caddy

3. Verify HTTPS

Visit https://your-domain.com — Caddy should have automatically configured SSL!

---

💡 为什么选择 Caddy？

功能	优势
Automatic HTTPS	No manual SSL setup or renewal
Simple config	The entire config is ~30 lines
HTTP/2 + HTTP/3	Modern protocols out of the box
Zero downtime reloads	Config changes apply without dropping connections

---

🛠️ 故障排除

Caddy can't get SSL certificate

Make sure:

• Your domain's DNS A record points to your server
• Ports 80 and 443 are open in your firewall
• No other web server is running on port 80/443

# Check if ports are in use
sudo ss -tlnp | grep -E ':80|:443'