Automatic HTTPS is the main reason many admins install Caddy on Fedora, but the appeal is broader than certificates alone. Caddy can serve static files, reverse proxy local apps, and handle PHP with a much smaller config surface than the usual Nginx or Apache starting point.
Fedora ships a working Caddy package in the default repositories, and the upstream-managed COPR repo moves faster when you want the latest release. The same commands work on Workstation, Server, and minimal Fedora installs, then the rest of the setup comes down to service management, firewall rules, and a small Caddyfile.
Install Caddy on Fedora
Refresh DNF metadata first so the package and repository checks below use the latest Fedora 43 state.
sudo dnf upgrade --refresh -yThe -y flag accepts the package transaction without a second prompt, which makes the command easier to paste in one shot.
These commands use
sudofor package and service changes. If your account does not have sudo access yet, follow the guide to add a user to sudoers on Fedora before continuing.
Fedora’s repo is the shorter path, while the official COPR repo is the faster-moving option.
| Method | Source | Fedora 43 version | Updates | Best fit |
|---|---|---|---|---|
| DNF package | Fedora repositories | 2.10.2 | sudo dnf upgrade --refresh | Most systems |
| COPR package | @caddy/caddy COPR | 2.11.2 | sudo dnf upgrade --refresh | Readers who want the newer upstream build sooner |
Start with the Fedora package unless you specifically need the newer COPR build.
Install Caddy from Fedora Repositories
The Fedora package keeps the setup short and integrates cleanly with normal DNF maintenance.
sudo dnf install -y caddyVerify that the package is installed and that the Caddy binary is on your PATH.
rpm -q caddy
caddy versioncaddy-2.10.2-1.fc43.x86_64 v2.10.2
Install the Latest Caddy Build from COPR
The official Caddy COPR is maintained by the upstream project and currently carries Caddy 2.11.2 for Fedora 43. Treat it as a third-party repository even though the package comes from the Caddy team.
Enable the COPR repo first, then import its OpenPGP key up front so the first package install stays non-interactive.
sudo dnf copr enable @caddy/caddy -y
sudo rpm --import https://download.copr.fedorainfracloud.org/results/@caddy/caddy/pubkey.gpgIf Caddy is not installed yet, install it from COPR with the normal DNF command.
sudo dnf install -y caddyIf you already installed the Fedora package and want to switch to the COPR build, upgrade it after enabling the repo.
sudo dnf upgrade -y caddyCheck the new version and confirm the package source.
caddy version
dnf info --installed caddyRelevant output includes:
v2.11.2 h1:iOlpsSiSKqEW+SIXrcZsZ/NO74SzB/ycqqvAIEfIm64= Version : 2.11.2 Release : 1.fc43 From repository : copr:copr.fedorainfracloud.org:group_caddy:caddy
Start and Verify Caddy on Fedora
Fedora 43 leaves the Caddy service disabled after installation, so enable it explicitly before you expect it to listen on port 80.
Start the Caddy Service on Fedora
Enable the unit and start it immediately in one command.
sudo systemctl enable --now caddyConfirm that Fedora now shows the service as both active and enabled.
systemctl is-active caddy
systemctl is-enabled caddyactive enabled
Check the Local Caddy Response on Fedora
Confirm the local HTTP response before you open the server to remote traffic. If you want a broader refresher on header checks, see how to use the curl command in Linux.
curl -fsSI http://127.0.0.1Relevant output includes:
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Caddy
The default package serves a simple site from /usr/share/caddy, so a browser visit to http://server-ip should show the welcome page until you replace it with your own content.
Manage the Caddy Service on Fedora
Use the systemd commands below when you need to stop, reload, or inspect the service later.
| Action | Command |
|---|---|
| Start Caddy | sudo systemctl start caddy |
| Stop Caddy | sudo systemctl stop caddy |
| Reload the Caddyfile | sudo systemctl reload caddy |
| Restart Caddy | sudo systemctl restart caddy |
| Check service status | systemctl status caddy |
Prefer reload when you only changed the Caddyfile and want to avoid dropping active connections.
Open Firewall Rules for Caddy on Fedora
Open the standard web services in Firewalld before you expect remote traffic to reach the host. If Firewalld is not installed or not running on this system yet, follow the guide to install Firewalld on Fedora Linux first.
Allow HTTP and HTTPS for Caddy on Fedora
Add the standard web services and reload the active firewall rules.
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reloadQuery each service directly so the final check stays short and obvious.
sudo firewall-cmd --query-service=http
sudo firewall-cmd --query-service=httpsyes yes
Allow a Custom Caddy Port on Fedora
Use the same pattern for a non-standard listener such as port 8080.
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reloadVerify the custom rule directly so you do not need to scan a full zone dump.
sudo firewall-cmd --query-port=8080/tcpyes
Work with the Caddyfile on Fedora
Fedora stores the main Caddyfile at /etc/caddy/Caddyfile. Use a real domain name in the site address when you want automatic HTTPS, because :80 or an explicit http:// prefix keeps the site on plain HTTP for local testing.
Serve a Static Site with Caddy on Fedora
Create a small document root under /var/www. The install -d command creates the directory and sets its mode in one step.
sudo install -d -m 0755 /var/www/example.com
printf '%s\n' '<h1>Hello from Caddy</h1>' | sudo tee /var/www/example.com/index.html > /dev/nullPoint a site block at that directory, then replace example.com with your real domain when you are ready for automatic HTTPS.
example.com {
root * /var/www/example.com
file_server
}Reverse Proxy a Local App with Caddy on Fedora
Use a reverse proxy block when your application already listens on localhost and you want Caddy to handle the frontend HTTP or HTTPS traffic.
example.com {
reverse_proxy 127.0.0.1:3000
}Swap in your application’s local address and port. If SELinux blocks the backend connection, the troubleshooting section below shows the one boolean that usually needs to change.
Serve PHP Applications with Caddy on Fedora
Fedora’s php-fpm package listens on /run/php-fpm/www.sock by default, and the default pool only grants socket access to apache and nginx. Add caddy to that ACL before you point Caddy at the socket. If PHP is not installed yet, start with the guide to install PHP on Fedora Linux.
sudo dnf install -y php php-fpm
sudo sed -i 's/^listen\.acl_users =.*/listen.acl_users = apache,nginx,caddy/' /etc/php-fpm.d/www.conf
sudo systemctl enable --now php-fpmVerify that the PHP-FPM service is active before you add the Caddy site block.
systemctl is-active php-fpmactive
Use the default Fedora socket in your Caddyfile, then replace the document root with your own application path if you are not testing from /usr/share/caddy.
example.com {
root * /usr/share/caddy
php_fastcgi unix//run/php-fpm/www.sock
file_server
}Create a small PHP test file and confirm that Caddy can hand the request off to PHP-FPM.
printf '%s\n' '<?php echo "caddy-php-ok";' | sudo tee /usr/share/caddy/info.php > /dev/null
curl -fsS http://127.0.0.1/info.phpcaddy-php-ok
Delete
/usr/share/caddy/info.phpafter the test. Leaving a PHP info page exposed reveals module, path, and environment details that do not belong on a public site.
Validate and Reload the Caddyfile on Fedora
Check the syntax before every reload so you catch Caddyfile mistakes while the current service is still running.
sudo caddy validate --adapter caddyfile --config /etc/caddy/CaddyfileValid configuration
If the validator also prints Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies, the syntax is still fine. It just means the file needs Caddy’s formatter before you move on.
sudo caddy fmt --overwrite /etc/caddy/Caddyfile
sudo systemctl reload caddy
systemctl is-active caddyactive
Troubleshoot Caddy on Fedora
Most early Caddy problems on Fedora come down to a busy web port or SELinux blocking a backend connection.
Fix Caddy When Port 80 or 443 Is Already in Use on Fedora
If systemctl status caddy reports bind: address already in use, find the service that already owns the web port. If you want a refresher on the filter syntax, see how to use the grep command in Linux.
sudo ss -tulpn | grep -E ':(80|443) 'tcp LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=2875,fd=8),("nginx",pid=2874,fd=8),("nginx",pid=2873,fd=8),("nginx",pid=2872,fd=8),("nginx",pid=2871,fd=8))
tcp LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=2875,fd=9),("nginx",pid=2874,fd=9),("nginx",pid=2873,fd=9),("nginx",pid=2872,fd=9),("nginx",pid=2871,fd=9))
Stop or reconfigure the conflicting service, then start Caddy again.
sudo systemctl restart caddy
systemctl is-active caddyactive
Fix SELinux Reverse-Proxy Blocks for Caddy on Fedora
If Caddy can serve local files but reverse-proxy requests fail against another local service, enable the SELinux boolean that allows web daemons to open network connections.
sudo setsebool -P httpd_can_network_connect 1
getsebool httpd_can_network_connecthttpd_can_network_connect --> on
Remove Caddy from Fedora
Stop the service first, then remove the package.
sudo systemctl disable --now caddy
sudo dnf remove -y caddyIf you enabled the upstream COPR repo for this article, remove that repository as well so future DNF runs only use Fedora’s default sources.
sudo dnf copr remove @caddy/caddy -yConfirm that the COPR repo is gone before you leave the cleanup section. The grep filter looks for any enabled Caddy-related repo, and the fallback echo prints a clear success line when nothing matches.
dnf repo list --enabled | grep -i caddy || echo no-caddy-copr-enabledno-caddy-copr-enabled
Fedora removes /etc/caddy and /usr/share/caddy with the package, but Fedora 43 leaves /var/lib/caddy behind. Remove that state directory only if you do not need cached certificates or the example site directory created above.
The next command permanently deletes cached Caddy state and the example document root from this article.
sudo rm -rf /var/lib/caddy /var/www/example.comVerify that Fedora no longer has the package installed.
rpm -q caddypackage caddy is not installed
Caddy on Fedora FAQ
Yes. Fedora 43 ships caddy in the default repositories, and the package validated here was 2.10.2. The optional COPR repo is only for readers who want the newer 2.11.x build sooner.
Run systemctl is-active caddy. An active result means the service is up, while failed or inactive means you should inspect systemctl status caddy for the reason.
Automatic HTTPS starts when the site block uses a real domain name that already points at the server. Addresses such as :80 or an explicit http:// prefix are useful for local tests, but they keep the site on plain HTTP.
Yes. Fedora’s default php-fpm pool uses the socket /run/php-fpm/www.sock. Add caddy to listen.acl_users, start php-fpm, and then point php_fastcgi at that socket in the Caddyfile.
Conclusion
Caddy is ready on Fedora for static sites, reverse proxies, and PHP front ends, so the routine setup work is out of the way. If this host will face the internet, install Fail2ban with Firewalld on Fedora Linux next, then use the Caddy documentation when you want to expand the directive set.
Formatting tips for your comment
You can use basic HTML to format your comment. Useful tags currently allowed in published comments:
<code>command</code>command<strong>bold</strong><em>italic</em><blockquote>quote</blockquote>