Cookie Consent by TermsFeed

FreeBSD, Caddy and PHP - a perfect match

Photo by Ben Griffiths / Unsplash

Caddy is a great web server. It's easier to configure than nginx and handles the ssl certificates requests/renewals so you don't need to mess with certbot/cron. Sometimes you might prefer to use Caddy instead of Nginx/Apache/Lighttpd/etc.

FreeBSD and Caddy play very well together for static websites/reverse proxies but we often need to serve dynamic websites. Adding PHP is quite easy.

Let's start installing and enabling Caddy:

pkg install caddy
service caddy enable

Now let'is install PHP - let's say PHP 8.1 - and enable php-fpm:

pkg install php81
service php-fpm enable

I like using php-fpm via local sockets, if the web server and php-fpm are running on the same host. So let's modify some configurations editing /usr/local/etc/php-fpm.d/www.conf:

Let's modify

listen =


listen = /var/run/php81.sock

Then, let's set change the socket owner. Just uncomment the following lines:

listen.owner = www = www
listen.mode = 0660

Let's now start php-fpm:

service php-fpm start

Let's now modify /usr/local/etc/caddy/Caddyfile. Let's just append something like this: {
root * /usr/local/www/website
php_fastcgi unix//var/run/php81.sock

This will configure a virtualhost called (and Caddy will try to obtain a certificate for it), with its root on /usr/local/www/website and will process any request to .php files via php socket. The file_server directive will ensure that static files can be served from the root path.

Let's now start Caddy:

service caddy start

That's all. Of course it's a very basic configuration but it can be used as a draft for more advanced stuff. For example, you can just add something like this:

    @disallowed {
        path /xmlrpc.php
        path *.sql
        path /wp-content/uploads/*.php

    rewrite @disallowed '/index.php'

and you can have a working (and quite safe) Wordpress installation.

Stefano Marinelli

Stefano Marinelli