Introduction

Before adding advanced security features, you need a solid setup.
This guide walks through installing Caddy and running a Node.js app behind it.

Prerequisites

• Ubuntu VPS

• Domain pointing to the VPS IP

• Node.js installed

• Root or sudo access

Step 1: Run Node.js with PM2 (Recommended)

For production deployments, your Node.js application should always run under a process manager.

PM2 keeps your app alive, restarts it on crashes, and starts it automatically on server reboot.

Install PM2 globally:

npm install -g pm2

Start your Node.js application:

pm2 start server.js --name node-app

Enable PM2 on system boot:

pm2 startup systemd
pm2 save

Your Node.js app is now running persistently on port witch you define.

Step 2: Install Caddy on Ubuntu

Install Caddy using the official repository:

sudo apt update
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -s https://caddyserver.com/api/install.sh | bash

Enable Caddy to start on boot:

sudo systemctl enable caddy

Step 3: Configure Caddy as a Reverse Proxy

Edit the Caddy configuration file:

sudo nano /etc/caddy/Caddyfile

Add the following configuration:

example.com {
    reverse_proxy localhost:3000
}

Replace example.com with your real domain name.

What this configuration does:

• Listens on ports 80 and 443

• Automatically obtains and renews TLS certificates

• Proxies HTTPS traffic to Node.js running on port 3000

Step 4: Validate and Reload Caddy

After saving the configuration, validate and reload Caddy:

sudo caddy validate --config /etc/caddy/Caddyfile
sudo systemctl reload caddy

Caddy reloads the configuration without downtime.

Step 6: Verify HTTPS Is Working

Open your browser and visit:

https://example.com

Or test using curl:

curl https://example.com

You should see the response from your Node.js application.

Your app is now running securely with HTTPS managed entirely by Caddy.