How to migrate to Caddy in baby steps?

Hiya, I have a question for the CaddyZen’ers here.

I currently have a couple of sites, behind a firewall and nginx, with nextcloud and some more stuff running in production. Nginx currently proxies as needed, and has some SSL certificates via a manually-configued LetsEncrypt setup.

I’d like to try out Caddy with a new subdomain, so that I don’t have to break the current setup. That means I can’t drop nginx just yet, or re-route outside ports 80+443 to Caddy, other than through nginx.

Is it possible to route internet => firewall => nginx => caddy for that test domain with Caddy doing the SSL stuff, or is nginx the one which has to deal with this new SSL certificate? I’m getting errors from Caddy while setting it up, with nginx reporting other certificates instead.


I can understand wanting to take an incremental approach. If you just want to reverse-proxy to a Caddy instance, you can write a Caddyfile like this:


(assuming nginx is on the same machine) and Caddy will work just fine on plain HTTP, while you continue to let nginx do the fronting and SSL stuff. Eventually you will feel comfortable enough to put Caddy in front and reverse-proxy to nginx (if even necessary at all), letting Caddy handle SSL certificates.

Thx - yes, I understand. But it’s not so much about comfort: the test server (a different machine, BTW) is still being built up and may have to be restarted while I progress on all the configs. I’d rather mess with the server without the risk of disrupting the main sites. Then again, I guess I could quickly switch the firewall routing around if that’s an issue. The simplicity of the Caddyfile and quick live config reloads is definitely something I’m looking forward to. Maybe I’ll just take the plunge then…

1 Like

Ok, Caddy works in front of nginx now. Apart from some https tweaks (since it’s all coming in on port 80 as far as nginx can tell), it all worked like a charm. The https issues have been resolved (nothing to do with Caddy).

Now I can start moving stuff over in small steps. Caddy’s config reload on “kill -SIGUSR1 ...” is very convenient, and so is the fact that it’ll get any further certificates on the fly. Many thanks!

1 Like

Glad it’s working for you!

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.