- Bind admin API to localhost only.
- Restrict ports to trusted networks.
¶ TLS and Certificates
- Use automatic HTTPS with ACME.
- Restrict certificate issuers if needed.
- Store
Caddyfile with strict permissions.
- Avoid exposing the admin endpoint publicly.
- Run as a dedicated user.
- Keep Caddy updated.
Do you need help or support? Feel free to contact us!