One of the most anxiety-inducing parts of self-hosting for me is ensuring that everything is as locked-down security-wise as possible. That's become even more critical as I increase my footprint, adding my own domain and subdomains that point to each service. I'm also a little particular, and while I could use a self-signed TLS certificate to ensure HTTPS for the services that need it, the reminder that it hasn't been done "properly" every time I access those services irks me.

And while there's any number of reverse proxies that I could use to access those services, few are as easy to set up and use as Caddy. //

Officially, Caddy is an open-source web server that can be used for many things. But because it's so easy to set up and includes built-in automatic HTTPS with TLS certificate management, it's often used as a reverse proxy for the home lab. That's because every domain, IP address, and even localhost are served over HTTPS, thanks to the fully automated, self-managed certificate authority.

The entire server is controlled by a single configuration file, the "Caddyfile," which is human-readable, and most tasks are handled with a few simple lines of text.