Replace Apache and/or HAProxy with Caddy?

Hello Caddyers?

I’m Loving Caddy’s simple but deep config possibilities and everything managed as a simple to use API that comes out of the box, and would like to start using it. However, I’m one of those, theory-first guys, so please help me understand what would happen when I start using Caddy.

I’m currently hosting multiple copies of a Symfony PHP app with Apache2, all behind an HAProxy reverse proxy.
Each copy of the stack lives inside a LXC container (The PHP App + MySQL + Apache + FPM and so on…)

I’m terminating SSL connections and hosting the certs at the HAProxy, so the connections from the Internet are SSL/443 to the HAProxy and from the HAP to each container it’s plain/80.
This is because I need to use layer 7 for the HAProxy to redirect to the proper container based on the domain using domain based ACLs.

What are you trying to do?

  • I would like to understand what specific configuration will I need to use if I want to swap Apache for Caddy in my current setup.
  • I would like to know what architectural changes to the current setup would be needed if configuration is not enough. Fort example, changing the HAProxy for a Reverse Proxy Caddy?
  • I am in fact quite curious about any major advantages or drawbacks in migrating from Reverse HAP to RP Caddy?

Hope it’s not too much of a noob question, I’ve watched a few videos and read a few blog posts but could not find specific answers to my questions…

1 Like

Can act as both a TLS terminating proxy and as an HTTP server serving PHP apps. So the answer is “yes”.

PHP example: Common Caddyfile Patterns — Caddy Documentation, you could just use :80 as your site address to listen for HTTP (non-HTTPS) connections.

And you can use reverse_proxy to load balance between multiple app instances.

You might want to consider using for your apps. It’s becoming the recommended way to run PHP for Symfony.

Sorry @francislavoie, I am certain that you want to help me, but I am now more lost than before asking.

  • So the answer is “yes”.
    The answer is “Yes” to what question?

  • PHP example: Common Caddyfile Patterns — Caddy Documentation
    I have read from top to bottom the page on the URL you gave me, 3 times, and I can’t find any configuration or any hint related to my setup.

  • you can use reverse_proxy to load balance between multiple app instances.
    I do not plan on load balancing, and I am already using a reverse proxy (HAP) to send traffic to my containers.

  • You might want to consider using
    I am considering Caddy at this point in time, what makes you think frankenphp will work better than Caddy for my use case?

FrankenPHP is Caddy – with a plugin, basically.

To “can I replace Apache and/or HAProxy with Caddy”. The answer is yes, Caddy can fulfill the purposes of both those servers.

I’m not sure how this doesn’t help you. There’s a config right at that link for serving a PHP app with Caddy, using php_fastcgi. That’s all you need for Caddy + PHP-FPM

What I’m saying is Caddy can replace HAProxy as your load balancer if you like. That’s a separate thing from running your individual apps.

Like Matt said, FrankenPHP is a distribution of Caddy which also includes a statically compiled build of PHP, so this one binary is both your PHP runtime and your webserver. One process, does both. Replaces your Apache + PHP-FPM setup with one container.

1 Like

Thanks for the tip @matt, I have taken a good look at the FrankenPHP site and I could not find:

  • Any link to a forum, slack or similar resource (other than GitHub).
  • Any mention, documentation or anything related to having an API.

Do you know if/where these are available? Thank you!

I see, thanks for the extra info @francislavoie

With Caddy, when working as a reverse proxy:

  • Can I programmatically configure the reverse proxy? I could not find that specific part of the API.
  • Can I create and configure new servers/sites/backends via the API? If yes, can you point me to the documentation?
  • Can I create a new acme SSL certificate for a server/domain via the API?
    Thank you!

Yes, the entire config is malleable via the API. You need to craft requests that point to the specific part of the config that you want to modify, or push a whole new config with only the part you want changed.

But if you’re using a Caddyfile, you should not use the API. It’s not compatible, because Caddyfile produces a JSON config, and the JSON config is what Caddy actually runs with. So if you try to use the API to manipulate your JSON config, you’ll never be able to reflect the changes back to your Caddyfile (it’s a one-way conversion) unless you change your Caddyfile yourself by hand (or with your own scripting) as well. And that’s not a rabbithole you should go down.

Again yes, same as above.


HOW? Where to find this in the documentation?

  • And one more question, How do you define ACL’s or how do you send the traffic to the specific server/container? Where to find this in the documentation?

I am not using a Caddyfile.

You’re better off starting with a Caddyfile IMO at least to get a sense of where things go in your JSON config. It produces relatively idiomatic JSON config, so it’s the easiest way to learn. Use the caddy adapt -p command to produce the JSON config.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.