Massed Compute Icon

Massed Compute

Deploy Caddy Reverse Proxy with TLS on GPU Cloud (2026 Guide) banner image

Deploy Caddy Reverse Proxy with TLS on GPU Cloud (2026 Guide)

HomeBlogDeploy Caddy Reverse Proxy with TLS on GPU Cloud (2026 Guide)
Sunny Smith, Co-Founder, Massed Compute

June 2026

Deploy a production-ready Caddy reverse proxy with automatic TLS certificates from Let’s Encrypt. Route HTTPS traffic to ComfyUI, Ollama, FastAPI apps, or any HTTP service running on your VM.

caddy
reverse-proxy
tls
ssl
https
load-balancer
AI Agent Shortcut

This guide exists as a tested, machine-readable recipe in the Massed Compute MCP. Skip the manual steps — let an AI agent provision the VM, install Caddy, configure TLS, and verify the setup automatically.

Caddy is a powerful web server with automatic HTTPS that makes it dead simple to put TLS certificates in front of your applications. Whether you’re running ComfyUI on port 8188, Ollama on 11434, or a custom FastAPI app, Caddy handles the SSL termination and proxies traffic to your upstream service.

This guide walks through deploying Caddy on a Massed Compute CPU VM, configuring it as a reverse proxy, and getting automatic Let’s Encrypt certificates for your domain.

Tech Stack
Component Version Purpose
Caddy Latest Web server with automatic HTTPS
Ubuntu Server 24.04 LTS Base operating system
Let’s Encrypt ACME v2 Free SSL/TLS certificates
UFW Built-in Firewall management
System Requirements
Resource Minimum Recommended
vCPU 2 cores 4+ cores
RAM 4 GiB 8+ GiB
Storage 20 GB 50+ GB
OS Ubuntu 24.04 Ubuntu 24.04 LTS

Massed Compute VM Pricing

Choose a CPU VM that meets your performance and budget requirements. All options support automatic TLS and reverse proxy workloads.

Pricing fetched from the Massed Compute inventory API on June 10, 2026.
SKU Description vCPU RAM Storage Price Capacity
cpu_mini_amd_epyc Mini AMD EPYC 8 32 GiB 400 GB $0.12/hr 32
cpu_small_amd_epyc Small AMD EPYC 14 40 GiB 800 GB $0.22/hr 32
cpu_medium_amd_epyc Medium AMD EPYC 28 80 GiB 1600 GB $0.44/hr 18
cpu_large_amd_epyc Large AMD EPYC 52 160 GiB 3200 GB $0.82/hr 8
cpu_x_large_amd_epyc X-Large AMD EPYC 100 320 GiB 6400 GB $1.56/hr 4
cpu_dedicated_amd_epyc Dedicated AMD EPYC 126 440 GiB 10000 GB $1.98/hr 2

Launch Your VM

1

Create VM Instance

Log in to the Massed Compute dashboard and create a new CPU VM:

  • Image: Ubuntu Server 24.04 LTS
  • Size: cpu_mini_amd_epyc or larger
  • Region: Choose your preferred location
  • SSH Keys: Add your public key for secure access

Wait for the VM to reach the running state before proceeding.

2

Configure DNS (For HTTPS)

If you want automatic HTTPS with Let’s Encrypt certificates, point your domain’s DNS records to your VM’s public IP:

your-domain.com   A     YOUR_VM_IP
www.your-domain.com   CNAME   your-domain.com

For testing without a domain, you can use HTTP on port 80 only.

3

Connect to Your VM

SSH into your VM using the connection details from your dashboard:

ssh -i ~/.ssh/your-key ubuntu@YOUR_VM_IP

Install and Configure Caddy

4

Update System and Add Caddy Repository

Update your system and add the official Caddy repository:

sudo apt update
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl

# Add Caddy's official GPG key
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg

# Add Caddy repository
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list

5

Install Caddy

Update the package list and install Caddy:

sudo apt update
sudo apt install -y caddy

6

Configure Firewall

Open the necessary ports for web traffic:

sudo ufw allow OpenSSH
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw --force enable

7

Create Caddy Configuration

Create a Caddyfile to configure your reverse proxy. For HTTPS with a domain:

sudo nano /etc/caddy/Caddyfile

Add this configuration (replace YOUR_DOMAIN and YOUR_PORT):

your-domain.com {
    reverse_proxy 127.0.0.1:8188  # ComfyUI example
    # reverse_proxy 127.0.0.1:11434  # Ollama example  
    # reverse_proxy 127.0.0.1:8080   # FastAPI example
}

For HTTP testing without a domain:

:80 {
    reverse_proxy 127.0.0.1:8188
}

8

Start a Demo Upstream Service (Optional)

If you don’t have a service running yet, create a simple demo server for testing:

# Create demo service
sudo tee /etc/systemd/system/demo-upstream.service > /dev/null << 'EOF'
[Unit]
Description=Demo upstream service
After=network-online.target

[Service]
ExecStart=/usr/bin/python3 -m http.server 8188 --bind 127.0.0.1 --directory /var/www/demo
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

# Create demo content
sudo mkdir -p /var/www/demo
echo "" | sudo tee /var/www/demo/index.html

# Start demo service
sudo systemctl daemon-reload
sudo systemctl enable --now demo-upstream

9

Validate and Start Caddy

Validate your configuration and start Caddy:

sudo caddy validate --config /etc/caddy/Caddyfile
sudo systemctl enable --now caddy
sudo systemctl reload caddy

Verify Your Setup

10

Check Service Status

Verify that Caddy and your upstream service are running:

sudo systemctl status caddy
sudo systemctl status demo-upstream  # if using demo

# Check listening ports
sudo ss -tlnp | grep -E ':80|:443|:8188'

11

Test Local Connection

Test the reverse proxy from within the VM:

# Test direct upstream
curl -s http://127.0.0.1:8188/

# Test through Caddy
curl -s http://127.0.0.1/

12

Test External Access

From your local machine, test the proxy:

# HTTP test
curl -s http://YOUR_VM_IP/

# HTTPS test (if domain configured)
curl -s https://your-domain.com/

You should see your upstream service content through Caddy.

Troubleshooting

502 Bad Gateway

If you see a 502 error, your upstream service isn't running or isn't listening on the expected port:

sudo ss -tlnp | grep :8188
sudo systemctl status demo-upstream

Certificate Issues

For HTTPS certificate problems, check that DNS is properly configured and review Caddy logs:

sudo journalctl -u caddy -n 50

Make sure your domain's A record points to your VM's IP address.

Firewall Blocking Traffic

Ensure ports 80 and 443 are open:

sudo ufw status
# If needed:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Connection Refused

If external connections are refused, check that your upstream service binds to 127.0.0.1 (not 0.0.0.0) for security, and that Caddy is properly proxying.

Skip All of This: Deploy with an AI Agent

This entire guide exists as a tested, machine-readable recipe in the Massed Compute MCP. The recipe was last validated on June 10, 2026. Instead of following the manual steps, you can have an AI agent handle the deployment automatically.

Add this MCP server to your AI client configuration:

{
  "mcpServers": {
    "massed-compute": {
      "type": "http", 
      "url": "https://vm.massedcompute.com/api/mcp",
      "headers": { "Authorization": "Bearer MC_TOKEN" }
    }
  }
}

Then say:

"Set up Caddy reverse proxy with TLS on a new Massed Compute VM. I want to proxy HTTPS traffic from my-api.example.com to a FastAPI app running on port 8080. Use automatic Let's Encrypt certificates."

The agent will match your request against the recipe catalog, provision the right VM shape, run all the setup and verification steps above, and report back with the connection details. The deployment stops immediately if any verification step fails, giving you a clear error message to resolve.

Ready to Deploy?

Think it. Build it. Scale it. Get your Caddy reverse proxy running in minutes on Massed Compute's high-performance infrastructure.

Launch VM Now
View Pricing

Quick Setup Reference

For experienced users, here's the condensed deployment sequence:

# 1. Launch Ubuntu 24.04 VM with SSH key
# 2. Configure DNS A record (for HTTPS)
# 3. Install Caddy
sudo apt update && sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update && sudo apt install -y caddy

# 4. Configure firewall
sudo ufw allow OpenSSH && sudo ufw allow 80/tcp && sudo ufw allow 443/tcp && sudo ufw --force enable

# 5. Create Caddyfile
echo "your-domain.com { reverse_proxy 127.0.0.1:8080 }" | sudo tee /etc/caddy/Caddyfile

# 6. Start services
sudo systemctl enable --now caddy

Frequently Asked Questions

01Can I use Caddy with multiple upstream services?

Yes, you can configure multiple sites or services in a single Caddyfile. Each domain or subdomain can proxy to different upstream ports, and Caddy will handle automatic certificates for all of them.

02How does Let's Encrypt certificate renewal work?

Caddy automatically handles certificate issuance and renewal with Let's Encrypt. It will renew certificates before they expire, with no manual intervention required. Make sure your domain's DNS always points to your VM's IP.

03Can I use HTTP without a domain name?

Yes, for development and testing you can configure Caddy to listen on port 80 without TLS. Use :80 { reverse_proxy 127.0.0.1:PORT } in your Caddyfile. This won't have SSL/TLS protection.

04What if my upstream service is on a different machine?

Replace 127.0.0.1 with the internal IP address of the machine running your upstream service. Make sure the network allows communication between your Caddy VM and the upstream server.

05How do I monitor Caddy performance and logs?

Use sudo systemctl status caddy for service status and sudo journalctl -u caddy -f to tail logs in real-time. Caddy also supports Prometheus metrics and structured JSON logging for advanced monitoring.

Recent Posts

Categories

, ,

Tags

, , , , ,