What is the best free alternative to Caddy Cloud?

We have 10 open source alternatives to Caddy Cloud that you can self-host for free.

Can I self-host an alternative to Caddy Cloud?

Yes! All 10 alternatives listed here can be self-hosted on your own servers, giving you full control over your data and privacy.

Are these Caddy Cloud alternatives really free?

Yes, all alternatives are open source and free to use. Some may offer paid hosting or premium features, but the core software is always free.

Best Self Hosted Alternatives to Caddy Cloud

A curated collection of the 10 best self hosted alternatives to Caddy Cloud.

Managed hosting for the Caddy web server that provides automatic HTTPS/TLS certificate issuance and renewal, reverse proxying, and simple web app deployment, enabling serving sites and apps without self-managing server infrastructure.

Caddy

Caddy is a fast, extensible Go web server and reverse proxy with automatic HTTPS (ACME), HTTP/1.1, HTTP/2, and HTTP/3 support, and a JSON config API.

Caddy is a modern, extensible web server platform commonly used as an HTTPS server and reverse proxy. It automates TLS certificate provisioning and renewal by default and supports HTTP/1.1, HTTP/2, and HTTP/3.

Key Features

Automatic HTTPS with certificate issuance and renewal (ACME)
HTTP/1.1, HTTP/2, and HTTP/3 support
Reverse proxy with load balancing, health checks, retries, and pluggable transports
Native JSON configuration with an admin REST API for dynamic, online config changes
Caddyfile configuration format plus config adapters for other formats
Built-in support for internal PKI use cases (local CA, internal names and IPs)
Modular, plugin-based architecture with statically compiled extensions

Use Cases

Securely serve static websites and web applications with minimal TLS setup
Act as an edge reverse proxy for microservices with health checks and load balancing
Automate certificate management for multi-tenant and customer-domain SaaS deployments

Limitations and Considerations

Advanced deployments (dynamic config, clustering, custom modules) may require JSON config/API familiarity
Some capabilities depend on selecting/building the appropriate modules for your environment

Caddy is a strong fit when you want a production-grade server that simplifies HTTPS and scales to many sites. Its configuration API and modular architecture make it suitable for both simple single-host setups and automated, large-scale environments.

69.2kstars

4.6kforks

View Details

Nginx Proxy Manager

Nginx Proxy Manager is a web-based admin panel for managing Nginx reverse proxy hosts, redirects, streams, and Let’s Encrypt SSL certificates via Docker.

Nginx Proxy Manager is a web application packaged as a Docker image that provides an easy way to configure Nginx as a reverse proxy for your services. It focuses on simplifying SSL termination, host forwarding, and access control without requiring deep Nginx expertise.

Key Features

Web-based admin interface for managing proxy hosts and related Nginx configuration
Simple setup of forwarding domains, redirects, custom 404 hosts, and TCP/UDP streams
Built-in Let’s Encrypt certificate issuance and automatic renewals, plus support for custom certificates
Per-host access lists and basic HTTP authentication
Advanced Nginx configuration fields for power users
Multi-user management with permissions and an audit log

Use Cases

Publish home-lab and internal web apps securely behind a single reverse proxy
Centralize TLS certificate management and SSL termination for multiple services
Add basic authentication and access restrictions in front of existing web applications

Limitations and Considerations

Primarily intended to manage Nginx through its own UI; complex, highly customized Nginx setups may not map cleanly to the UI model

Nginx Proxy Manager is well-suited for homelabs and small deployments that want a straightforward, UI-driven approach to reverse proxying and TLS. It balances ease of use with optional advanced controls for users who need deeper Nginx customization.

31.1kstars

3.5kforks

View Details

SWAG

LinuxServer.io SWAG is a Docker image bundling Nginx reverse proxy, ACME certificate automation (Let’s Encrypt/ZeroSSL), optional PHP, and fail2ban intrusion prevention.

SWAG (Secure Web Application Gateway) is a LinuxServer.io-maintained container image that provides an Nginx web server and reverse proxy with automated TLS certificate issuance and renewal via an embedded ACME client. It is commonly used as a front door for self-hosted applications, handling HTTPS termination and reusable proxy configurations.

Key Features

Nginx web server and reverse proxy for routing multiple apps behind one domain
Automated certificate issuance and renewal using Certbot (ACME) with Let’s Encrypt or ZeroSSL
Supports HTTP and DNS-based validation, including wildcard certificates (via DNS plugins)
Includes preset reverse proxy configuration templates for many popular services
Optional PHP support for serving dynamic web content
Built-in fail2ban for intrusion prevention (with optional firewall rule integration)

Use Cases

Expose multiple self-hosted services securely over HTTPS with subdomains
Terminate TLS centrally and share generated certificates with other containers
Host a small web site or landing page alongside reverse-proxied applications

Limitations and Considerations

Certificate issuance depends on correct inbound port forwarding (HTTP validation) or supported DNS provider credentials (DNS validation)
Some Certbot DNS plugins may require additional packages/mods if not included in the base image

SWAG is a practical choice when you want a repeatable, containerized Nginx reverse proxy setup with integrated ACME automation and extra security tooling. It fits especially well in Docker-based homelabs that rely on subdomains and standardized proxy templates.

3.6kstars

280forks

View Details

GoDoxy

High-performance reverse proxy and container orchestrator with Web UI, automatic Docker/Podman route discovery, idle-sleep, access control, and automated Let's Encrypt support.

GoDoxy is a high-performance reverse proxy and lightweight container orchestrator designed for self-hosters. It automatically discovers containerized services, creates routes, and exposes a Web UI for configuration, monitoring and logs.

Key Features

Automatic route discovery from Docker/Podman containers and container labels
Idle-sleep: stop idle containers and wake them on incoming traffic
Connection- and request-level access control (IP/CIDR/GeoIP-based rules)
Built-in server monitoring and system metrics (uptime, CPU, memory, disk)
Access logging and periodic access summary notifications
Automated TLS certificate management using DNS-01 (Let's Encrypt)
HTTP reverse proxy and TCP/UDP port forwarding with rule-based routing
Authentication integrations: OpenID Connect, ForwardAuth, CAPTCHA middleware
Web UI with app dashboard, config editor, Docker logs viewer and metrics

Use Cases

Host and route multiple self-hosted web apps on a single server with automatic Docker label-based routing
Reduce resource use by putting little-used services to sleep and auto-waking them on demand
Provide centralized access control, TLS automation and monitoring for home or small lab infrastructures

Limitations and Considerations

GoDoxy is designed to run in host network mode; changing network mode is not supported and may break routing
GeoIP-based ACL features require a MaxMind account and GeoIP database configuration to function fully
Official builds target linux/amd64 and linux/arm64; other OS/architectures are not supported out of the box
Some application patterns (e.g., containers exposing multiple unrelated ports) may not be handled automatically and require manual routing configuration

GoDoxy combines reverse-proxy features with lightweight container orchestration and an integrated Web UI to simplify routing, access control and monitoring for self-hosted environments. It is intended for users who want automatic container-aware routing, TLS automation and resource-saving idle-sleep capabilities.

2.7kstars

104forks

View Details

GoDoxy

High-performance reverse proxy for self-hosted apps with Web UI, Docker/Podman auto-routing, HTTPS via Let's Encrypt, access control, and OIDC/ForwardAuth support.

GoDoxy is a lightweight, performance-focused reverse proxy designed for self-hosters, with automatic routing based on container metadata and a built-in Web UI. It can manage HTTPS certificates, apply access controls, and proxy traffic to services across single or multiple nodes.

Key Features

Reverse proxy for HTTP services plus TCP/UDP port forwarding
Automatic route discovery from Docker/Podman containers via labels, with hot-reload on changes
Web UI with app dashboard, configuration editor, uptime and system metrics, and container log viewing
Automatic TLS certificate management with Let's Encrypt (including DNS-01 challenge support)
Access control lists (ACL) with request/connection level rules (for example IP/CIDR)
SSO options via OpenID Connect and ForwardAuth integration
Optional idle-sleep behavior to stop and wake workloads based on traffic (including support for Docker containers and Proxmox LXCs)

Use Cases

Publish and secure multiple self-hosted web apps behind a single gateway with automated HTTPS
Centralize routing and basic access control for homelab services using container labels
Reduce resource usage by auto-sleeping seldom-used services and waking them on demand

Limitations and Considerations

Some ACL features rely on MaxMind configuration for geo/timezone-based rules
Designed to run in host network mode, which may constrain certain deployment patterns

GoDoxy fits well in homelab and small-server environments where container-driven routing, a convenient UI, and automated TLS are priorities. It combines reverse proxying, basic orchestration-like automation, and authentication integration to simplify operating self-hosted services.

2.7kstars

104forks

View Details

Ferron

A Rust-written, memory-safe web server offering automatic Let's Encrypt TLS, KDL configuration, HTTP/2/HTTP/3, reverse proxying, and built-in tooling for serving web apps.

Ferron is a fast, memory-safe web server implemented in Rust that emphasizes ease of configuration, modern protocol support, and automatic TLS management. It targets sysadmins and developers who need a secure, high-concurrency HTTP/HTTPS server with simple, declarative configuration.

Key Features

Memory-safe implementation written in Rust to reduce common memory-safety vulnerabilities.
Automatic TLS certificate management using ACME and Let's Encrypt (including support for ACME EAB and DNS providers).
Native support for modern protocols: HTTP/2 and experimental HTTP/3 for lower-latency multiplexed connections.
Simple, human-friendly configuration using KDL (with a YAML-to-KDL translator for legacy configs) and sensible defaults.
Powerful reverse-proxy features: load balancing, health checks, HTTP/2 backend connections, WebSocket support, and response/body transformation modules.
Modular command-line tooling: ferron (server), ferron-passwd, ferron-yaml2kdl, ferron-precompress, and FerrBench for performance testing.
Prebuilt installers and official Docker images plus build-from-source via Cargo for customization and packaging.

Use Cases

Serve static sites and assets with automatic TLS and HTTP/2/HTTP/3 for modern browser performance.
Front-end reverse proxy/load balancer for web applications (including health checks and backend multiplexing).
Host PHP via FastCGI or run ASGI-backed web apps with straightforward configuration and built-in utilities.

Limitations and Considerations

Ferron 2.x has historically been released in beta stages; some advanced features and module APIs may be marked experimental or have platform-specific behavior (for example differing async runtimes on Linux vs Windows).
Platform-specific runtime choices and edge-case configuration differences (compile-time module selection, optional runtimes) can require reading build/packaging docs for production deployments.

Ferron provides a concise, modern alternative to legacy web servers by combining Rust safety, automatic TLS, and a compact configuration model. It is well suited for administrators seeking predictable high-concurrency behavior and straightforward deployment workflows.

1.8kstars

81forks

View Details

NPMplus

NPMplus is a Nginx Proxy Manager fork that adds HTTP/3 (QUIC), OIDC auth, stronger TLS defaults, and extra security and logging features in a web UI.

NPMplus is a community fork of Nginx Proxy Manager that provides a web-based UI to manage Nginx as a reverse proxy for self-hosted services. It focuses on modern protocol support, stronger security defaults, and additional integrations while keeping a familiar NPM workflow.

Key Features

Web UI to manage reverse proxy hosts and TLS certificates
HTTP/3 (QUIC) support for HTTPS endpoints
ACME profile support and improved handling of alternative ACME servers and options like OCSP and must-staple
OIDC authentication support
Hardened TLS settings, plus modern compression support (zstd and brotli)
Optional integrations for CrowdSec and openappsec
Built-in access logging analytics via GoAccess
Additional hosting options such as file serving and optional PHP-FPM support

Use Cases

Central reverse proxy for multiple homelab or internal services with automated certificates
Adding OIDC-based login in front of protected services
Running a hardened, modern Nginx proxy with HTTP/3 enabled

Limitations and Considerations

Database backends beyond SQLite may work but are not recommended or supported by the project
Requires exposing UDP on 443 to use HTTP/3 (QUIC)
Supported CPU architectures are limited compared to upstream

NPMplus is a practical choice for users who like Nginx Proxy Manager’s UI but want more modern protocol support and additional security-focused features. It is especially suited for homelabs and small environments that need convenient TLS and proxy management with optional advanced integrations.

1.7kstars

92forks

View Details

CaddyManager

Manage Caddy 2 servers from a modern web dashboard with Caddyfile editing, authentication, audit logs, API keys, and SQLite or MongoDB storage.

CaddyManager is a web-based management interface for administering Caddy 2 servers from a single dashboard. It helps you organize multiple servers, edit and validate Caddyfiles, and control access for teams.

Key Features

Multi-server dashboard to add, remove, and monitor multiple Caddy 2 instances
Caddyfile configuration editor with syntax highlighting, templates, and validation workflows
Authentication with JWT-based sessions and role-based access control
API key management for programmatic access
Audit logging to track user and system actions
Dual database support: SQLite (default) or MongoDB
Integrated API documentation via Swagger UI
Runtime and application metrics endpoints suitable for Prometheus scraping

Use Cases

Manage several Caddy reverse proxies across environments from one UI
Maintain Caddyfile configurations with safer editing and validation
Provide controlled access and traceability for teams operating Caddy infrastructure

Limitations and Considerations

The project is in early development; configuration and data backups are strongly recommended before using in production

CaddyManager is a practical option for operators who prefer a graphical interface for Caddy administration while retaining API access, auditability, and flexible storage options. It is suited for homelabs and small-to-medium deployments, with MongoDB support for larger setups.

833stars

30forks

View Details

Cert Warden

Open-source centralized ACME client to manage TLS certificates with automated renewals, API-key retrieval for clients, http-01/dns-01 challenge support, Go backend and React UI.

Cert Warden is a centralized ACME client that provides a REST API and web UI to create, manage, and automatically renew TLS certificates. It centralizes ACME account handling and exposes a scoped API-keyed GET interface so consumers can fetch individual keys and certificates without implementing ACME themselves.

Key Features

Centralized ACME orchestration: manage ACME accounts, keys, and certificates from a single service.
REST API for consumers: authenticated GET endpoint with scoped API keys to retrieve keys/certificates programmatically.
Automated renewals: background automation for certificate issuance and renewal using RFC 8555-compliant ACME providers.
Challenge support: built-in HTTP server for http-01 and integrated support for many DNS providers for dns-01 challenges.
Frontend and backend: React-based web UI with a Go backend providing the API and ACME logic.
Deployment options: official Docker images and docker-compose examples plus binary releases for multiple platforms.
Robust logging and debugging options: detailed access and debug logs to track who or what is accessing key material.

Use Cases

Centralize TLS management across a home lab or small infrastructure to avoid running ACME clients on each endpoint.
Provide short-lived scoped certificate access to services or devices that cannot run a full ACME client.
Automate certificate renewals for services that require a simple API to fetch X.509 material.

Limitations and Considerations

Intended for small/home-lab use; the project is primarily maintained by a single developer and does not include commercial support.
Stores private key material in a local database file; compromise of that database compromises the entire PKI and requires strong operational safeguards (backups, access controls, encryption at rest as appropriate).
The project bundles a frontend and backend and the documentation notes there is limited support for running them separately.

Cert Warden is a practical option for users who want a single service to manage ACME interactions and make certificates available via an API. It emphasizes automation and simple client retrieval, but users should evaluate the operational security trade-offs before storing sensitive key material in its database.

475stars

16forks

View Details

#10

Mantræ

Web UI to manage Traefik routers, middleware, services and DNS entries, with an optional agent for container label syncing and DNS automation.

Mantræ is a web-based configuration manager that generates Traefik dynamic configuration through a clean UI. It focuses on creating and editing routers, middlewares, and services so Traefik can fetch the resulting dynamic configuration instead of editing YAML/TOML by hand.

Key Features

Visual editor for Traefik routers, services, entrypoints, rules, and middleware
Middleware management including rate limiting, authentication, headers, and other common middleware types
Agent mode to collect container labels from remote hosts and sync resources into a central configuration store
DNS automation integrations for providers such as Cloudflare, PowerDNS, Technitium and Pi-hole to manage DNS records for routers
Generates Traefik-compatible dynamic configuration files (YAML/TOML) for Traefik to consume
Lightweight Go backend with a TypeScript/Svelte frontend designed for easy deployment (Docker images available)

Use Cases

Centralize Traefik dynamic configuration across multiple hosts using agents to collect container labels
Quickly create and manage routers and middleware without directly editing Traefik YAML/TOML files
Automate DNS record creation for services exposed through Traefik using supported DNS providers

Limitations and Considerations

Mantræ is not a monitoring dashboard and does not display Traefik runtime status or metrics; it only provides configuration management
The project is under active development and may introduce breaking changes; evaluate stability before production deployment
DNS provider support and agent features depend on available integrations and may require provider credentials and additional configuration

Mantræ is intended for teams that want a UI-first approach to building Traefik dynamic configuration and automating DNS. It simplifies repetitive configuration tasks while leaving Traefik as the runtime reverse proxy.

404stars

13forks

View Details

Why choose an open source alternative?

•Data ownership: Keep your data on your own servers
•No vendor lock-in: Freedom to switch or modify at any time
•Cost savings: Reduce or eliminate subscription fees
•Transparency: Audit the code and know exactly what's running

Alternatives List

Caddy

Key Features

Use Cases

Limitations and Considerations

Nginx Proxy Manager

Key Features

Use Cases

Limitations and Considerations

SWAG

Key Features

Use Cases

Limitations and Considerations

GoDoxy

Key Features

Use Cases

Limitations and Considerations

GoDoxy

Key Features

Use Cases

Limitations and Considerations

Ferron

Key Features

Use Cases

Limitations and Considerations

NPMplus

Key Features

Use Cases

Limitations and Considerations

CaddyManager

Key Features

Use Cases

Limitations and Considerations

Cert Warden

Key Features

Use Cases

Limitations and Considerations

Mantræ

Key Features

Use Cases

Limitations and Considerations

Why choose an open source alternative?