99 available plugins
http.reverse_proxy.transport.scgi facilitates SCGI communication.
http.handlers.authelia implements a plugin for securing routes with authentication
http.handlers.rate_limit implements a handler for rate-limiting.
http.handlers.request_body_var implements an HTTP handler that replaces {http.request.body.*} with the value of the given field from request body, if any.
http.handlers.webhook is the module configuration.
exec is top level module that runs shell commands.
http.handlers.hmac implements an HTTP handler that validates request body with hmac.
http.handlers.json_parse implements an HTTP handler that parses json body as placeholders.
dns.providers.alidns wraps the provider implementation as a Caddy module.
dns.providers.azure wraps the provider implementation as a Caddy module.
dns.providers.cloudflare wraps the provider implementation as a Caddy module.
dns.providers.digitalocean wraps the provider implementation as a Caddy module.
dns.providers.dnspod wraps the provider implementation as a Caddy module.
dns.providers.duckdns wraps the provider implementation as a Caddy module.
dns.providers.gandi wraps the provider implementation as a Caddy module.
dns.providers.godaddy wraps the provider implementation as a Caddy module.
dns.providers.googleclouddns lets Caddy read and manipulate DNS records hosted by this DNS provider.
dns.providers.hetzner wraps the provider implementation as a Caddy module.
dns.providers.lego_deprecated is a shim module that allows any and all of the DNS providers in go-acme/lego to be used with Caddy. They must be configured via environment variables, they do not support cancellation in the case of frequent config changes. Even though this module is in the dns.providers namespace, it is only a special case for solving ACME challenges, intended to replace the modules that used to be in the now-defunct tls.dns namespace. Using it in other places of the Caddy config will result in errors. This module will eventually go away in favor of the modules that make use of the libdns APIs: https://github.com/libdns
dns.providers.metaname wraps the provider implementation as a Caddy module.
dns.providers.netcup lets Caddy read and manipulate DNS records hosted by this DNS provider.
dns.providers.netlify wraps the provider implementation as a Caddy module.
dns.providers.openstack-designate wraps the provider implementation as a Caddy module.
dns.providers.route53 wraps the provider implementation as a Caddy module.
dns.providers.vultr wraps the provider implementation as a Caddy module.
http.handlers.cache declaration.
http.reverse_proxy.transport.http_ntlm proxies HTTP with NTLM authentication. It basically wraps HTTPTransport so that it is compatible with NTLM's HTTP-hostile requirements. Specifically, it will use HTTPTransport's single, default *http.Transport for all requests (unless the client's connection is already mapped to a different transport) until a request comes in with an Authorization header that has "NTLM" or "Negotiate"; when that happens, NTLMTransport maps the client's connection (by its address, req.RemoteAddr) to a new transport that is used only by that downstream conn. When the upstream connection is closed, the mapping is deleted. This preserves NTLM authentication contexts by ensuring that client connections use the same upstream connection. It does hurt performance a bit, but that's NTLM for you. This transport also forces HTTP/1.1 and Keep-Alives in order for NTLM to succeed. It is basically the same thing as [nginx's paid ntlm directive](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#ntlm) (but is free in Caddy!).
http.handlers.replace_response manipulates response bodies by performing substring or regex replacements.
http.handlers.geofence implements IP geofencing functionality. https://github.com/circa10a/caddy-geofence
http.handlers.ct allows to transpile YAML based configuration into a JSON ignition to be used with Flatcar or Fedora CoreOS.
http.handlers.quantity_limiter limits the number of successful requests for a token and allows the counter to be reset.
http.handlers.cache development repository of the cache handler, allows the user to set up an HTTP cache system, RFC-7234 compliant and supports the tag based cache purge, distributed and not-distributed storage, key generation tweaking.
http.handlers.mercure implements a Mercure hub as a Caddy module. Mercure is a protocol allowing to push data updates to web browsers and other HTTP clients in a convenient, fast, reliable and battery-efficient way.
caddy.storage.redis contain Redis client, and plugin option
http.authentication.providers.jwt facilitates JWT (JSON Web Token) authentication.
Middleware implements an HTTP handler that writes the uploaded file to a file on the disk.
http.handlers.git implements git repository manager.
http.authentication.providers.authorizer authorizes access to endpoints based on the presense and content of JWT token.
http.handlers.trace is a middleware which displays the content of the request it handles. It helps troubleshooting web requests by exposing headers (e.g. cookies), URL parameters, etc.
http.handlers.teapot implements a static "418 I'm a teapot" response to all requests on the route
crowdsec is a Caddy App that functions as a CrowdSec bouncer. It acts as a CrowdSec API client as well as a local cache for CrowdSec decisions, which can be used by the HTTP handler and Layer4 matcher to decide if a request or connection is allowed or not.
http.handlers.openapi_validator is used to validate OpenAPI requests and responses against an OpenAPI specification
admin.api.trojan is ...
http.handlers.s3proxy implements a proxy to return, set, delete or browse objects from S3
http.handlers.request_id implements an HTTP handler that writes a unique request ID to response headers.
dynamic_dns is a Caddy app that keeps your DNS records updated with the public IP address of your instance. It updates A and AAAA records.
layer4 is a Caddy app that operates closest to layer 4 of the OSI model.
http.handlers.rate_limit implements rate limiting functionality. If a rate limit is exceeded, an HTTP error with status 429 will be returned. This error can be handled using the conventional error handling routes in your config. An additional placeholder is made available, called `{http.rate_limit.exceeded.name}`, which you can use for logging or handling; it contains the name of the rate limit zone which limit was exceeded.
http.handlers.webdav implements an HTTP handler for responding to WebDAV clients.
ssh is the app providing ssh services
http.matchers.conneg matches requests by comparing results of a content negotiation process to a (list of) value(s). Lists of media types, languages, charsets, and encodings to match the request against can be given - and at least one of them MUST be specified. OPTIONAL parameters are strings for identifying URL query string parameter keys that allow requests to override/skip the connection negotiation process and force a media type, a language, a charset or an encoding. Some shorthand values for query string parameters translating to full media types (languages, encodings, etc.) are hardcoded in a variable called `aliases`: They presently cover `htm` and `html` for `text/html`, `rdf` for `application/rdf+xml`, `tei` and `xml` for `application/tei+xml`, and `pdf` for `application/pdf`. For instance, if `force_type_query_string` is set to `format`, a request uri ending in `foo.com?format=tei` will result in content type `application/tei+xml` and then succeed or not based on whether that content type is listed in `match_types`. COMPATIBILITY NOTE: This module is still experimental and is not subject to Caddy's compatibility guarantee.
http.matchers.remote_host matches based on the remote IP of the connection. A host name can be specified, whose A and AAAA DNS records will be resolved to a corresponding IP for matching. Note that IPs can sometimes be spoofed, so do not rely on this as a replacement for actual authentication.
Allows to filter requests based on source IP country.
caddy.storage.consul allows to store certificates and other TLS resources in a shared cluster environment using Consul's key/value-store. It uses distributed locks to ensure consistency.
Allows looking up the Country Code of an IP address based on the Maxmind database
caddy.storage.dynamodb implements certmagic.Storage to facilitate storage of certificates in DynamoDB for a clustered environment. Also implements certmagic.Locker to facilitate locking and unlocking of cert data during storage
admin.api.purge is a module that provides the /purge endpoint as the admin api.
http.handlers.filter implements an HTTP handler that writes the visitor's IP address to a file or stream.
dns.providers.linode wraps the provider implementation as a Caddy module.
http.encoders.br can create brotli encoders.
caddy.logging.encoders.filter.tls_cipher is Caddy log field filter that replaces the numeric TLS cipher_suite value with the string representation.
gopkg latest caddy
http.handlers.gopkg implements vanity go package import paths. Vanity go package import paths give a cleaner appearance to go projects by separating the source code location from the import path. It also gives flexibility to developers by allowing them to change a project's source code hosting platform without requiring the project to be renamed. Finally, it allows projects hosted on various platforms to be grouped under a common import path.
Enable requests served by caddy for distributed tracing via The OpenTracing Project.
access ftp through caddy
Caddy module to transform images from the file system in various ways.
:wrench: Caddy anonymous cache plugin for MediaWiki
Caddy module: dns.providers.loopia
Authorization Plugin for Caddy v2 (JWT/PASETO)
Authentication Plugin for Caddy v2 implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA with App Authenticators and Yubico.
Git module for Caddy v2