Caddy is the fastest way to setup a SSL reverse proxy with a free certificate from Let’s Encrypt.

While we will try to walk you through some installation steps it is highly suggested you follow Caddy’s Install options and Reverse Proxy Quickstart for more documentation, examples and detailed information. Caddy is a well documented quality piece of software that you should get familiar with if you need to run a SSL reverse proxy.

1. Make sure you don’t have other web servers running.

If you are running other pieces of web server software such as Apache or NGINX using port 80 or 443 then you won’t be able to continue with this Caddy install. Either remove the other pieces of software or read up on how to make them live in harmony.

2. Install Caddy

Depending on your system there may be different options on installing. Using APT is suggested if it’s supported on your machine.

Using APT (recommended)

Installing this package automatically starts and runs Caddy for you as a systemd service so it will automatically run Caddy each time you start your machine.

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf '' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf '' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

Read the Caddy install steps for using apt for more details.

Download manually
  1. Visit the releases page and expand the “assets” section.
  2. Find the version for your platform and operating system.
  3. Unarchive the file: tar -xvzf caddy_2.3.0_linux_amd64.tar.gz
  4. You’re likely to want to setup Caddy as a system service to auatomatically start in the background. Learn how to do this. Read the Caddy download page for more details.

3. Run Caddy as a reverse proxy

Single command line

It offers automatic configuration of HTTPS with a single command.

caddy reverse-proxy --from --to

Replace with the public hostname of your Owncast server like for example.

Read the Caddy reverse proxy documentation for more details.


The Caddyfile is Caddy’s config file.

Add to your Caddyfile: {
encode gzip

Replace with the public hostname of your Owncast server like for example.

If you specify without a protocol or a port, it will attempt to use the default http and https ports (80 and 443). Since these are privileged ports, you will need to run caddy with sudo or as root.

4. Run Owncast normally

Continue to run Owncast on port 8080.

5. Access Owncast through the proxy

You should now be able to access your Owncast server by visiting instead of

Replace with the public hostname of your Owncast server like for example.