QFlowLearn: QTI 3.0 authoring
Migrating from Nginx to Caddy
April 23, 2025 Open Source

Migrating from Nginx to Caddy

Caddy can make reverse proxy and Tomcat load-balancing setups shorter, easier to maintain, and secure by default.

Why Consider Caddy Over Nginx?

  • Simpler Configuration: Caddy uses a declarative Caddyfile, which often means less nesting than an Nginx config.
  • Single Binary Deployment: Caddy ships as one executable, so deployments do not need separate modules or runtime dependencies.
  • Automatic HTTPS by Default: Caddy handles TLS setup, obtains Let’s Encrypt certificates, and enables OCSP stapling, HSTS, and HTTP/2 without extra configuration.

From Boilerplate to Brevity: An Example

Let’s compare a basic load-balancing setup.

Nginx Example

http {
  upstream tomcats {
    server tomcat1:8080;
    server tomcat2:8080;
  }

  server {
    listen 80;
    server_name example.com;
    location / {
      proxy_pass http://tomcats;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
  }
}

Caddyfile Equivalent

example.com {
  reverse_proxy tomcat1:8080 tomcat2:8080
}

Notice the lack of http {} blocks or explicit listen directives. Caddy infers much of the setup from the domain and backend targets.

The Benefits of Go

  • Performance: Go’s goroutines and native HTTP/2 support help Caddy handle concurrent connections efficiently.
  • Extensibility: Go plugins can add custom authentication, rate-limiting, caching, and other server behavior.

A Responsive Open-Source Community

  • Active Development: Caddy sees frequent releases with updates and security patches.
  • Engaged Forums & GitHub: Discussions and contributions are actively reviewed.
  • Rich Ecosystem: A growing number of community plugins integrate Caddy with tools like JWT, Datadog, Prometheus, and more.

Our Contributions

We’ve also contributed back to the Caddy project:

  • Enhanced Health Checks: We helped add configurable pass/fail thresholds for active health checks, which gives operators better control over backend availability (#6154).
  • Improved Cookie Security: We helped Caddy set Secure and SameSite=None on reverse proxy cookies when TLS is used (#6115).

Strong Security Defaults

Caddy’s default TLS configuration aims for current best practices. Sites typically achieve a high score on SSL Labs tests out-of-the-box, without needing manual cipher suite adjustments.

Load-Balancing Tomcats Example

example.com {
  reverse_proxy {
    to tomcat-app-{1..3}:8080
    lb_policy round_robin
    health_interval 10s
    health_timeout 2s
  }
}
  • Automatic Health Checks: Caddy can automatically detect and route around unresponsive Tomcat nodes.
  • Load Balancing Policies: Options include round-robin, least connections, random weighted, and others.

Migrating to Caddy can shorten reverse-proxy configuration and keep strong security defaults. It is worth evaluating when you choose a load balancer or reverse proxy.

Related Articles

Sakai 25 Patch Highlights: February 2026
February 27, 2026 Sakai

Sakai 25 Patch Highlights: February 2026

February’s Sakai patches focus on grading edge cases, more dependable quiz behavior, and a round of smaller usability fixes that make the platform feel steadier day to day.

A Native TypeScript QTI 3 Player
May 20, 2026 Open Source

A Native TypeScript QTI 3 Player

A strict TypeScript QTI 3 runtime and native Web Component player with typed models, response processing, scoring, saved state, fixtures, and Playwright-tested rendering.

Work with Longsight

Bring us the problems that cross your LMS, identity, and compliance systems.

We can host the service, help you run it on campus, answer security review, integrate with your LMS, and work through accessibility requirements.