FreeBSD, Caddy and PHP - a perfect match -

Caddy is a great web server. It is easier to configure than nginx and handles the SSL certificates requests and renewals so you don’t need to mess with certbot/cron. At times, you might prefer to use Caddy instead of Nginx, Apache, Lighttpd, or other web servers

FreeBSD and Caddy play very well together for static websites/reverse proxies but we often need to serve dynamic websites. To add PHP, follow these steps.

First, install and enable Caddy by running these commands:

pkg install caddy
service caddy enable

Now let’s install PHP - let’s say PHP 8.2 - and enable php-fpm:

pkg install php82
service php-fpm enable

To use php-fpm, modify the configuration file at /usr/local/etc/php-fpm.d/www.conf by changing the listen address to the following:

Modify

listen = 127.0.0.1:9000

listen = /var/run/php82.sock

Then, change the socket owner. Just uncomment the following lines:

listen.owner = www
listen.group = www
listen.mode = 0660

Start php-fpm:

service php-fpm start

Now modify /usr/local/etc/caddy/Caddyfile. Append something like this:

my.website.com {
    root * /usr/local/www/website
    php_fastcgi unix//var/run/php82.sock
    file_server
}

This will configure a virtualhost called my.website.com (and Caddy will try to obtain a certificate for it), with its root on /usr/local/www/website and will process any request to .php files via php socket. The file_server directive ensures that static files can be served from the root path.

Start Caddy:

service caddy start

That’s all. While this is a basic configuration, it can be customized for more advanced usage. For example, you can add the following lines to restrict access to certain files:

    @disallowed {
        path /xmlrpc.php
        path *.sql
        path /wp-content/uploads/*.php
    }

    rewrite @disallowed '/index.php'

and you can have a working (and quite safe) Wordpress installation.

See also