BlogPath BlogPath
Get Started
Back to articles

Caddy (and Traefik) Reverse Proxy: Put Your Blog at /blog

Configure Caddy or Traefik to serve your CMS at /blog with automatic TLS, rewrites, and caching hints—plus when BlogPath.io is simpler.

Dec 8, 2025
• BlogPath Team
caddy traefik reverse-proxy
Caddy (and Traefik) Reverse Proxy: Put Your Blog at /blog

Caddy (and Traefik) Reverse Proxy: Put Your Blog at /blog

Caddy and Traefik offer automatic TLS and easy routing rules, making them solid choices for serving a blog at /blog. Here’s how, and when to reach for BlogPath.io instead.

Table of Contents

Why choose Caddy or Traefik

  • Automatic TLS and certificate renewal.
  • Simple, declarative configs for path-based routing.
  • Good for containerized or microservice setups.

Caddy config pattern

  • Example (conceptual):
handle_path /blog/* {
  reverse_proxy blog.origin.example.com
}
  • Add header normalization; exclude admin/login from caching; enable Brotli.

Traefik config pattern

  • Define a router that matches /blog/* and a service pointing to origin.
  • Strip prefix via middleware; preserve query strings.
  • Use middlewares for compression and rate limits on forms/search.

Caching and headers

  • Short TTL for HTML, long TTL for static assets.
  • Bypass cache on auth cookies; set Cache-Control if origin lacks it.
  • Add X-Forwarded-For and X-Forwarded-Proto for app awareness.

SEO and redirects

  • 301 legacy subdomain URLs to /blog/*.
  • Set canonicals to /blog; update sitemap path.
  • Avoid redirect chains; test feeds and search URLs.

Testing and rollback

  • Keep versioned configs; use staging routes before production.
  • Reload configs with health checks; maintain low DNS TTL for quick reversions.

Observability and health

  • Expose metrics (Prometheus for Traefik; admin endpoints for Caddy) to watch 4xx/5xx and latency.
  • Log cache status and user agents to refine rules for bots and heavy endpoints.
  • Run synthetic checks from multiple regions; watch TTFB and LCP deltas after changes.

Advanced FAQ

Can I run both HTTP/2 and HTTP/3?

Yes—Caddy and Traefik support them; ensure clients/browsers benefit from faster handshakes.

How do I limit admin access?

Add IP allowlists for /wp-admin or CMS backends; bypass caching there.

Should I terminate TLS at the proxy?

Yes. Terminate at Caddy/Traefik, then re-encrypt to origin (TLS upstream) where possible.

Do I need cache tags?

Not required, but helpful for purging. Versioned assets + short HTML TTLs often suffice.

Why choose BlogPath.io

  • Global CDN caching, WAF, and origin shielding without running infra.
  • No-code setup—DNS change instead of managing proxies.
  • Faster launch, unified observability, and uptime SLAs.

Related posts

Previous

12/8/2025

Calculating ROI of Moving Your Blog to a Subdirectory

Next

12/8/2025

Cloudflare Workers: Route Your Blog to a Subdirectory (2025 Guide)