Setting Up Local HTTPS Services with Custom Domains Using Caddy on Arch Linux

This guide explains how to serve multiple local services on custom domains (e.g. .local β†’ service1.local) with HTTPS, using Caddy and no external DNS or certificates.

🧱 Prerequisites

  • Arch Linux (or derivative)
  • Services running locally on different ports (e.g., 8080, 9090)
  • caddy installed:
    sudo pacman -S caddy

πŸ”§ Step 1: Map Local Hostnames

Edit /etc/hosts:

sudo nano /etc/hosts

Add:

127.0.0.1  service1.local service2.local service3.local

πŸ“ Step 2: Configure Caddyfile

Edit or create your Caddyfile (default path: /etc/caddy/Caddyfile):

service1.local {
    tls internal
    reverse_proxy 127.0.0.1:8080
}

service2.local {
    tls internal
    reverse_proxy 127.0.0.1:9090
}

This tells Caddy to:

  • Use internal TLS (self-signed CA)
  • Reverse-proxy requests based on hostname and forward to corresponding ports

πŸš€ Step 3: Start Caddy

Restart the service to apply changes:

sudo systemctl restart caddy

πŸ” Step 4: Trust Caddy’s Local CA (One-Time Setup)

1. Copy the root certificate:

sudo cp /var/lib/caddy/pki/authorities/local/root.crt /etc/ca-certificates/trust-source/anchors/caddy-local.crt

2. Update the system trust store:

sudo trust extract-compat

3. (Optional) Trust in Firefox:

  • Preferences β†’ Privacy & Security β†’ Certificates β†’ View Certificates β†’ Authorities β†’ Import
  • Choose /var/lib/caddy/pki/authorities/local/root.crt
  • Check β€œTrust this CA to identify websites”

βœ… Done!

Now you can access:

  • https://service1.local β†’ 127.0.0.1:8080
  • https://service2.local β†’ 127.0.0.1:9090

All with trusted HTTPS, locally.

↑ Back to the top