Why Migrate to Caddy?

Caddy is open source, and it provides automatic HTTPS and certificate renewal out of the box, removing the need for Certbot or cron jobs. It offers secure defaults, simpler configuration, which makes it a lightweight and low maintenance replacement for nginx

It acts as a reverse proxy, load balancer, and static file server out of the box, with secure defaults and minimal setup.

Note: Stakpak is open source, vendor neutral, and works with any model you choose.

Step by Step Guide

Architecture

Our current setup uses a single tier architecture on AWS to host a static HTML website. It runs on a t3.micro EC2 instance using nginx 1.28.0, serving files from /usr/share/nginx/html/. The instance is part of the default VPC and resides in a public subnet, allowing direct internet access.

Traffic is managed by a security group with inbound rules open to:

• SSH (port 22)

• HTTP (port 80)

• HTTPS (port 443)

DNS is handled through Amazon Route 53, where an A record points the domain migratingtocaddy.guku.io to the instance’s public IP. TLS certificates are issued by Let’s Encrypt and configured via Certbot with the nginx plugin, enabling automatic HTTPS redirection.

The problem with this architecture:

• Depends on manual Certbot setup (The renewal cron job can easily be forgotten)

• nginx configuration is unnecessarily complex

• No built in automation for TLS or reloads

• Higher maintenance for updates and security hardening

Let's see how we can fix these problems with caddy

Prerequisites

1. Install Stakpak

2. Open your terminal and type "stakpak"

3. You should configure your cloud credentials before opening stakpak, since Stakpak will use your existing machine setup to work

Guide

1. Then ask Stakpak to Migrate from NGINX to Caddy with 0 downtime on AWS

2. First Stakpak will check what is our current set up on AWS

1. Now, Stakpak recommended three zero down time strategies for the migration

1. Since we don't want downtime because of the DNS access and TLS let's choose the second option

1. Now that we have the ALB and target groups, Stakpak will install Caddy

2. After installing Caddy Stakpak will copy the website content

3. Now wait for the health checks so we make sure Caddy is working fine

1. Now Stakpak is updates the DNS to point to the ALB

2. Thats it, we are ready to redirect the traffic to Caddy, and since we are using ALB we will be able to roll back if needed

Now it's working🥳

ps: don't forget to check our new Slack Integration👀

Extra Resources:

References

• Install Stakpak

• EC2 Documentation

• VPC Documentation

• Application Load Balancer Documentation

• Route 53 Documentation

• NGINX Documentation

• Caddy Documentation