How to Install Caddy on Proxmox Container With Ubuntu Server

Running Caddy as a reverse proxy and web server inside a lightweight Proxmox LXC container on Ubuntu Server is one of the smartest ways to handle automatic HTTPS, traffic routing, and self-hosted services in a homelab. This tutorial walks you through the entire process step by step, from creating the container to a working Caddyfile with reverse proxy examples. Whether you’re fronting Docker services, static sites, or full applications like PeerTube on Proxmox, Caddy makes it simple and secure.

What makes Caddy special is how it handles TLS certificates automatically, needs almost no configuration for basic use, and runs efficiently in an LXC container. By the end of this guide you’ll have a production-ready Caddy instance that can proxy multiple services with zero downtime reloads.

Why Run Caddy in a Proxmox LXC Container?

Proxmox LXC containers offer near-native performance with minimal overhead compared to full VMs or even Docker for a core networking service like Caddy. You get full systemd support, easy snapshots, and resource limits while keeping the container isolated. Caddy’s automatic HTTPS via Let’s Encrypt (or ZeroSSL) eliminates manual certificate management. And the Caddyfile syntax? Far more readable than Nginx or Apache configs.

This setup works great for homelabs that already host services such as Dockge on Proxmox or Prowlarr—Caddy can sit in front of them all and handle routing and encryption in one place.

Prerequisites

• Proxmox VE 8.x or 9.x installed and accessible via web UI
• Root or sudo access on the Proxmox host
• A registered domain name (for automatic HTTPS)
• Basic familiarity with Linux command line
• Network bridge (vmbr0 or similar) configured on Proxmox
• At least 1 CPU core, 1 GB RAM, and 8 GB disk for the container

Step 1: Create an Ubuntu LXC Container in Proxmox

Log into the Proxmox web interface and follow these steps:

1. Navigate to your node → Create CT.
2. Choose a unique CT ID (e.g., 200) and set a hostname like caddy-proxy.
3. Select the latest Ubuntu Server template (typically ubuntu-24.04-standard_*.tar.zst or newer). If the template is missing, run pveam update on the host first and download it under local → CT Templates.
4. Set a strong root password and optionally add an SSH public key.
5. In the Disk section, allocate at least 8 GB.
6. CPU: 1–2 cores; Memory: 1024–2048 MB.
7. Network: Use bridge=vmbr0, IPv4 DHCP or static as preferred. Name the interface eth0.
8. Under Options, make sure Unprivileged is enabled and Nesting is disabled (unless needed later).
9. Finish creation and start the container.

Once running, open the console or SSH in as root. For full details on LXC management, see the Proxmox VE Linux Container documentation.

Step 2: Update the Ubuntu System and Prepare the Environment

Inside the container, run the following commands:

apt update && apt upgrade -y
apt install -y curl debian-keyring debian-archive-keyring apt-transport-https

This makes sure your system is current and has the packages needed for adding third-party repositories.

Step 3: Install Caddy from the Official Repository

Caddy provides official Debian/Ubuntu packages that automatically create a systemd service. Run these exact commands (current as of April 2026):

curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list

chmod 644 /usr/share/keyrings/caddy-stable-archive-keyring.gpg
chmod 644 /etc/apt/sources.list.d/caddy-stable.list

apt update
apt install caddy -y

The installation automatically creates a caddy system user and group, sets up the service, and starts Caddy. Verify with:

systemctl status caddy

You should see the service active (running). For the complete official instructions, refer to Caddy’s official installation instructions.

Step 4: Configure Your Caddyfile

Caddy looks for its configuration at /etc/caddy/Caddyfile. Replace the default content with something useful. Here are two practical examples.

Basic Reverse Proxy Example

example.com {
    reverse_proxy 127.0.0.1:8080
}

Replace example.com with your domain and 8080 with the port of your backend service (e.g., a Docker container or another app in the same LXC).

Static File Serving + Reverse Proxy (Common Homelab Setup)

example.com {
    root * /var/www/html
    file_server
    handle_path /api/* {
        reverse_proxy 127.0.0.1:3000
    }
}

Full Caddyfile syntax reference is available in the Caddyfile documentation.

After editing, validate the config:

caddy adapt --config /etc/caddy/Caddyfile --pretty

Step 5: Reload Caddy and Test

Apply changes without downtime:

systemctl reload caddy

Or restart if needed:

systemctl restart caddy

Test from another machine:

curl -I https://yourdomain.com

You should receive a 200 OK response with automatic HTTPS. Caddy will request and renew certificates automatically on first access.

Step 6: Firewall Configuration

Inside the container, allow HTTP/HTTPS traffic:

apt install -y ufw
ufw default deny incoming
ufw default allow outgoing
ufw allow 80/tcp
ufw allow 443/tcp
ufw --force enable

On the Proxmox host, make sure the firewall (if enabled) allows ports 80 and 443 to the container’s IP.

Using Caddy as a Reverse Proxy for Self-Hosted Services

Most homelab users run Caddy to front multiple containers. For example, you can proxy requests to services installed via our other guides:

• Wallos subscription tracker on port 8080
• Redlib on port 8081
• Any Docker service managed by Dockge or Portainer

Simply add more site blocks to the Caddyfile and reload. Caddy handles load balancing, header forwarding, and TLS termination for you.

Troubleshooting Common Issues

• Certificate errors: Make sure your domain’s A record points to the container’s public IP and that ports 80/443 are reachable from the internet (ACME HTTP-01 challenge).
• Service not starting: Check journalctl -u caddy -e for permission or config errors.
• Permission denied on files: Caddy runs as the caddy user—use chown -R caddy:caddy /var/www/html for static sites.
• APT repository issues: Double-check the GPG key and sources.list permissions (they must be world-readable).

Best Practices and Maintenance

• Keep the container updated: Run apt update && apt upgrade -y monthly.
• Use caddy upgrade (if installed manually) or simply apt upgrade caddy for Caddy updates.
• Backup the Caddyfile and /var/lib/caddy/.local (certificates) regularly.
• Monitor logs with journalctl -u caddy -f.
• Consider adding rate limiting or IP whitelisting for sensitive services.

Final Thoughts

You now have a fully functional Caddy installation running in a Proxmox LXC container on Ubuntu Server—lightweight, secure, and ready to handle your entire homelab’s web traffic with automatic HTTPS. This setup scales beautifully as you add more services and integrates seamlessly with the other self-hosted applications you may already run on Proxmox.

Next step: Point your domain to the container’s IP, expand your Caddyfile with additional site blocks, and enjoy hassle-free reverse proxying. If you run into any edge cases, the official Caddy community is extremely helpful.