Caddy newbie with some general questions: re mTLS, clarification on installation instructions, etc

Help
1

1. The problem I’m having:

Here are my questions:
I’m a software engineer and business owner who has recently taken over IT for my servers. I’ve been using NGINX successfully but am intrigued by Caddyserver and would like to use it on a new server system. I have a few questions I’d like to ask that I have not clear on;

  1. I’ve read that Caddy supports client side authentication. This have found this issue complex on NGINX and there are not any complete enough examples. It also does not make clear how to deal with client certs. In my case, I have some embedded controllers (ESP32) in my “remote” shop that monitor temperatures, for example. I want them to communicate after a mTLS (mutual) handshake. Server authentication is straightforward and requires that I flash the server certificate and all works well. However, for client authentication I need to obtain and store a client certificate. Question: How much of the process of obtaining client certs for multiple clients nodes is provided by caddy? Are there any articles or help in this process? Thanks
  2. I’ve been reading installation instructions for Caddy Here. I think it’s an excellent webpage. But when explaining setting up subdomains DNS records that need to be setup the text mentions “api.example.com” and “app.example.com”. Question: are these specific subdomain prefixes, with my domain replacing “example.com” to manage Caddyserver required or are these just examples public domain to access end servers on my network?
  3. I have seen several open source GUIs for Caddyserver. Are any of these recommended? Can I assume that if I install one of them that I’m still able to access and edit caddy related config files that it manages.
    Thanks

2. Error messages and/or full log output:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

3. Caddy version:

4. How I installed and ran Caddy:

a. System environment:

Ubuntu 24.04

b. Command:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

5. Links to relevant resources:

2

Client authentication is rather complex mainly because there are so many variables depending on the use case. So be aware that it’s infeasible to have good coverage from examples.

Caddy can act as your own CA, and other Caddy instances (or any ACME client, really) can get certificates from it. Again there are a lot of variables here.

In short, Caddy on both the CA/server side and the client side can automate all of the certificates, but you will have to manually configure trust or distribute the trust into each device/system. And decide on various configuration parameters that you tune to your needs.

I think you forgot a link. Which page?

But I think they’re strictly examples, not significant domain labels.

To be honest I have not used any of them other than playing around to check them out; I think they are mostly vibe-coded, so if you’re cool with that you can try. Here’s one I saw recently that looks more polished: CaddyUI v2.4.3 — dashboard polish, smarter health dots, multi-host fixes

And yes, you can always manually view and manage the Caddy config by using Caddy’s config API: API — Caddy Documentation

3

Thanks for you reply.

The link I thought I had added was Here