Caddy, sometimes clarified as the Caddy web server, is an open source, HTTP/2-enabled web server written in Go. It uses the Go standard library for its HTTP functionality - wikipedia 
YOUTUBE DCRedMpF1zU Let's Encrypt with Digital Ocean & Caddy
One of Caddy's most notable features is enabling HTTPS by default. It is the first general-purpose web server to do so without requiring extra configuration - caddyserver.com
The author, Matt Holt, began developing Caddy in December 2014 and released it in April of 2015. In the year following its release, it was downloaded over 20,000 times and received 4,500 stars on GitHub.
Caddy supports a variety of Web technologies and is available as statically-compiled binaries for Windows, Mac, Linux, Android, and BSD operating systems on i386, amd64, and ARM architectures.
# Capabilities
A variety of web site technologies can be served by Caddy, which can also act as a reverse proxy and load balancer. Most of Caddy's features are implemented as middleware and exposed through directives in the Caddyfile (a text file used to configure Caddy). - wikipedia
* HTTP/1.1 and HTTP/2 * HTTPS (automatically enabled or manually) * SNI (Server Name Indication) * OCSP Stapling * Virtual hosting (multiple sites on the same port)[ ] * Native IPv4 and IPv6 support * Serve static files (uses sendfile where possible) * Graceful restart/reload * Reverse proxy (HTTP or WebSockets) * Load balancing with health checks * FastCGI proxy * Templates (similar to Server Side Includes) * Markdown rendering * Common Gateway Interface|CGI via WebSockets * Gzip compression * Basic access authentication * URL rewriting * Redirects * File browsing * Access, error, and process logs
# Security
Caddy is not vulnerable to a number of widespread CVEs including Heartbleed, DROWN (Drown attack), POODLE, and BEAST (BEAST attack). In addition, Caddy uses TLS_FALLBACK_SCSV to prevent protocol downgrade attacks - wikipedia
# Automatic HTTPS
Caddy activates HTTPS by default for sites with qualifying domain names (names for which a TLS certificate can be negotiated via the ACME protocol (Automated Certificate Management Environment)), and redirects HTTP requests to HTTPS. It obtains certificates as needed during startup and keeps them renewed during the lifetime of the server. Let's Encrypt is the default certificate authority, but the user may customize the ACME CA that is used, which is often necessary when testing configurations. As of Q1 2016, Caddy accounted for about 2% of certificates issued by Let's Encrypt. - wikipedia
An alternate configuration allows Caddy to obtain certificates only as needed during TLS handshakes rather than at startup, a feature dubbed "On-Demand TLS." To enable this feature, the user must specify a maximum number of certificates that can be issued this way. When Caddy receives a request for a hostname for which it does not yet have a certificate, it will negotiate a new certificate via ACME and serve it immediately, while caching the obtained certificate in memory and storing it on disk. This process usually takes a few seconds, and is subject to tight rate limits.<ref name="AutoHTTPS-OnDemand" />
# See also