Setting Up Local HTTPS Services with Custom Domains Using Caddy on Arch Linux
This guide explains how to serve multiple local services on custom domains (e.g.
.local β service1.local) with HTTPS, using Caddy and no external DNS
or certificates.
𧱠Prerequisites
- Arch Linux (or derivative)
- Services running locally on different ports (e.g., 8080, 9090)
caddyinstalled:sudo pacman -S caddy
π§ Step 1: Map Local Hostnames
Edit /etc/hosts:
sudo nano /etc/hosts
Add:
127.0.0.1 service1.local service2.local service3.local
π Step 2: Configure Caddyfile
Edit or create your Caddyfile (default path: /etc/caddy/Caddyfile):
service1.local {
tls internal
reverse_proxy 127.0.0.1:8080
}
service2.local {
tls internal
reverse_proxy 127.0.0.1:9090
}
This tells Caddy to:
- Use internal TLS (self-signed CA)
- Reverse-proxy requests based on hostname and forward to corresponding ports
π Step 3: Start Caddy
Restart the service to apply changes:
sudo systemctl restart caddy
π Step 4: Trust Caddyβs Local CA (One-Time Setup)
1. Copy the root certificate:
sudo cp /var/lib/caddy/pki/authorities/local/root.crt /etc/ca-certificates/trust-source/anchors/caddy-local.crt
2. Update the system trust store:
sudo trust extract-compat
3. (Optional) Trust in Firefox:
- Preferences β Privacy & Security β Certificates β View Certificates β Authorities β Import
- Choose
/var/lib/caddy/pki/authorities/local/root.crt - Check βTrust this CA to identify websitesβ
β Done!
Now you can access:
https://service1.localβ127.0.0.1:8080https://service2.localβ127.0.0.1:9090
All with trusted HTTPS, locally.