Caddy is a modern, open-source web server designed to be secure, reliable, and scalable by default. It is distinguished by its "batteries-included" approach, particularly regarding encryption and ease of use.

Here is a summary of its principal functionalities:

Automated HTTPS and TLS Management

• Automatic Certificates: By default, Caddy automatically obtains and renews TLS certificates for all configured sites. It is designed to manage certificates reliably even at a massive scale, supporting hundreds of thousands of sites.

• On-Demand TLS: A key feature for SaaS providers, Caddy can provision and maintain certificates on-the-fly during TLS handshakes for custom, customer-owned domains.

• Internal PKI: It includes a fully-featured suite for deploying private Certificate Authorities (CAs) and managing internal PKI across a fleet of servers.

• Secure Defaults: Its TLS configurations are secure by default and meet PCI, HIPAA, and NIST compliance requirements without manual tuning. It also handles advanced security tasks like OCSP stapling and automatic renewal of revoked certificates.

Advanced Reverse Proxy and Load Balancing

• Extensible Proxy: Caddy serves as a forward-thinking reverse proxy supporting HTTP, FastCGI, WebSockets, gRPC, and more.

• High Availability: It features a complete suite of high-availability tools, including active and passive health checks, load balancing policies (such as least connections), retries, and circuit breaking.

• Dynamic Backends: Instead of static lists, Caddy can be configured to retrieve backends dynamically during each request, making it ideal for rapidly changing cloud environments.

Production-Grade Static File Serving

• Robust File Server: It efficiently serves static files and supports modern features like Range requests and Etags.

• Modern Compression: Caddy can compress files on-the-fly and was the first web server to support Zstandard encoding.

• Virtual File Systems: You can serve sites from various sources beyond the local disk, including remote cloud storage, databases, or files embedded directly within the server binary.

Flexible Configuration and Extensibility

• Native JSON API: Caddy’s core configuration is a JSON document that can be manipulated in real-time via a RESTful admin API, allowing for dynamic changes without restarting the server.

• Caddyfile: For human users, it offers the Caddyfile, a highly simplified configuration format that is often significantly smaller than equivalent NGINX configurations.

• Config Adapters: Through adapters, Caddy can be configured using almost any format, including YAML, TOML, and even NGINX config files.

• Modular Architecture: It features a unique modular design where nearly every part of the server is a pluggable module. Users can compile a custom binary containing only the features they need for a leaner deployment.

High-Performance PHP Integration

• FrankenPHP: Through the FrankenPHP integration, Caddy can act as a PHP application server that is approximately 4x faster than traditional setups. It embeds the PHP interpreter directly, eliminating the need for separate services like php-fpm.

Caddy acts like a high-tech, self-maintaining smart home for your websites: while traditional servers require you to manually install the locks, renew the security contracts, and rewire the lights, Caddy comes with automated security that updates itself, a universal remote to control everything via an API, and the ability to expand your house by simply plugging in new rooms.