Skip to content
nexusprism.org Community Extensions
Nexus Nexus

Caddyfile & multiple sites

Nexus uses Caddy as its reverse proxy. Caddy handles HTTPS automatically via Let’s Encrypt and proxies requests to the Nexus container running on port 4000.

The canonical Caddyfile

Section titled “The canonical Caddyfile”

The canonical Caddyfile lives at /opt/nexus/Caddyfile. This is the file to edit — not /etc/caddy/Caddyfile.

On every nexus-update run, the update script copies /opt/nexus/Caddyfile to /etc/caddy/Caddyfile and reloads Caddy:

Terminal window
cp /opt/nexus/Caddyfile /etc/caddy/Caddyfile
systemctl reload caddy

Any changes made directly to /etc/caddy/Caddyfile will be overwritten the next time nexus-update runs. Always edit /opt/nexus/Caddyfile so changes survive updates.

nexus-update preserves /opt/nexus/Caddyfile — it is excluded from the rsync that applies the new release. Your custom site blocks, additional domains, and any other Caddyfile additions will survive updates untouched.

Default Caddyfile structure

Section titled “Default Caddyfile structure”

The installer writes a Caddyfile for your forum domain with:

  • Security headers (Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, Referrer-Policy)
  • Long-lived caching for static assets (/assets/*, /images/*, /favicon.ico)
  • Immutable caching for avatars and logos (UUID filenames, safe to cache forever)
  • Immutable caching for self-hosted Font Awesome fonts
  • Gzip compression for all responses except SSE endpoints (Server-Sent Events must not be buffered)
  • WebSocket proxying to localhost:4000
  • General reverse proxy to localhost:4000

For apex domains, an optional www. redirect block is also written.

Adding other sites

Section titled “Adding other sites”

To host a homepage, docs site, or any other content on the same server, add additional site blocks to /opt/nexus/Caddyfile:

your-forum.com {
    # ... existing Nexus configuration ...
}


nexusprism.org {
    root * /var/www/homepage
    file_server
}


docs.nexusprism.org {
    root * /var/www/docs
    file_server
}

After editing, apply the changes:

Terminal window
cp /opt/nexus/Caddyfile /etc/caddy/Caddyfile
systemctl reload caddy

Caddy will automatically obtain and renew TLS certificates for any new domains you add, as long as their DNS A records point to the server and ports 80 and 443 are open.

Applying Caddyfile changes

Section titled “Applying Caddyfile changes”

Any time you edit /opt/nexus/Caddyfile, apply it with:

Terminal window
cp /opt/nexus/Caddyfile /etc/caddy/Caddyfile
systemctl reload caddy

systemctl reload caddy applies the configuration gracefully without dropping active connections. Use systemctl restart caddy only if a reload doesn’t take effect.