N100 Reverse Proxy Setup — Caddy Auto HTTPS Multi-Service Routing

When you’re running a website, an API server, and an admin panel on separate machines, a reverse proxy lets the outside world access them all through a single domain. You might think this requires a powerful server, but in practice an N100 mini PC is more than enough. This guide covers Caddy setup with automatic HTTPS and multi-service routing.

2-5%

CPU usage

~200MB

Memory usage

TDP

SSL certificate cost

1What Is a Reverse Proxy

A reverse proxy sits between clients (browsers) and your backend servers, receiving requests on their behalf and forwarding them to the right destination.

Client → Reverse Proxy (N100) → Backend Servers

example.com → Web server (10.x.x.11:3000)

api.example.com → API server (10.x.x.12:8080)

admin.example.com → Admin panel (10.x.x.13:4000)

Centralized SSL Termination

Manage HTTPS certificates in one place. Backend servers only need HTTP, simplifying configuration.

Backend Server Hiding

External users never see backend IPs or ports. This reduces the attack surface.

Domain-Based Routing

Route multiple services from a single public IP using domain or path-based rules.

2Why an N100 Is More Than Enough

A reverse proxy mostly just forwards requests—it barely touches CPU or memory. Here are the actual resource usage numbers from our production N100 mini PC.

Metric	Idle	Normal Load	Peak
CPU Usage	0.5-1%	2-5%	8-15%
Memory	~150MB	~200MB	~300MB
Concurrent Connections	~10	~100	~500
CPU Temperature	35-40°C	40-50°C	50-60°C

N100 is overkill for small offices

Even at 500+ concurrent connections, CPU stays around 15%. For small-office reverse proxy duty, the N100 has plenty of headroom. You can even run monitoring agents or a DNS server on the same box.

3Caddy Installation and Basic Setup

Caddy is a web server written in Go. Its biggest advantage is automatic HTTPS—set a domain and it handles Let’s Encrypt certificate issuance and renewal automatically.

# Install Caddy (Ubuntu/Debian)
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' \
  | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' \
  | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

# Verify the service
sudo systemctl status caddy

Basic Caddyfile

# /etc/caddy/Caddyfile

# Global options
{
    email admin@example.com    # For Let's Encrypt registration
}

# Your site
example.com {
    reverse_proxy 10.x.x.11:3000
}

# Apply config
sudo caddy reload --config /etc/caddy/Caddyfile

That’s literally it

Two lines—a domain and a backend address—and you have an HTTPS reverse proxy. Certificate issuance, renewal, and HTTP→HTTPS redirect are all automatic.

4Automatic HTTPS via Let’s Encrypt

Caddy obtains Let’s Encrypt certificates automatically when you configure a domain. Renewals happen 30 days before expiry with zero manual intervention.

Feature	Caddy	Nginx + certbot
Certificate Issuance	Automatic	Manual certbot command
Certificate Renewal	Automatic	Requires cron job
HTTP→HTTPS Redirect	Automatic	Manual config
OCSP Stapling	Automatic	Manual config
TLS 1.3	Enabled by default	Requires verification

Ports 80/443 must be open

Let’s Encrypt validation requires ports 80 and 443 to be reachable from the internet. If you’re behind a firewall (e.g. OPNsense), port-forward these to the N100’s internal IP.

5Multi-Service Routing

A single reverse proxy can route traffic to multiple services by domain or path.

Subdomain-Based Routing

# /etc/caddy/Caddyfile

# Main website
example.com {
    reverse_proxy 10.x.x.11:3000
}

# API server
api.example.com {
    reverse_proxy 10.x.x.12:8080
}

# Admin panel (with IP restriction)
admin.example.com {
    @blocked not remote_ip 10.x.x.0/24
    respond @blocked "Forbidden" 403
    reverse_proxy 10.x.x.13:4000
}

Path-Based Routing

# Single domain, multiple backends by path
example.com {
    # /api/* routes to API server
    handle /api/* {
        reverse_proxy 10.x.x.12:8080
    }

    # /admin/* routes to admin server
    handle /admin/* {
        reverse_proxy 10.x.x.13:4000
    }

    # Everything else to the web server
    handle {
        reverse_proxy 10.x.x.11:3000
    }
}

6Stability Tuning

A reverse proxy needs to run 24/7 without interruption. Here are the settings we use to maximize the N100 mini PC’s reliability.

Disable CPU Turbo Boost

Disabling turbo reduces heat and keeps clock speeds consistent. For a proxy, steady performance beats burst performance.

Lock Power Governor

Set the CPU governor to 'performance' or 'powersave'. 'ondemand' can cause intermittent latency spikes from clock switching.

systemd Auto-Restart

Configure Restart=always for the Caddy service so it automatically recovers from unexpected crashes.

# Disable CPU turbo boost (Intel N100)
echo 1 | sudo tee /sys/devices/system/cpu/intel_pstate/no_turbo

# Lock CPU governor
echo "powersave" | sudo tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor

# Check Caddy systemd restart policy
sudo systemctl cat caddy | grep Restart
# Restart=on-failure (default, sufficient)

# Minimize swapping (when RAM is adequate)
echo 10 | sudo tee /proc/sys/vm/swappiness

7Caddy vs Nginx Comparison

Criteria	Caddy	Nginx
Config Complexity	Very easy	Moderate to hard
Auto HTTPS	Built-in	Requires certbot
Performance	Excellent	Outstanding
Ecosystem	Growing	Very mature
Config File Size	5-10 lines	30-50 lines
Binary Size	~40MB (single binary)	~1MB (modular)
Memory (idle)	~30MB	~5MB

Caddy wins for small-scale setups

Nginx is the better choice for high-traffic or complex configurations, but for routing a handful of services in a small office, Caddy’s simplicity is unbeatable. Five lines of config and you have a production-ready HTTPS reverse proxy.

Summary

Reverse Proxy Setup Checklist

✓N100 mini PC — 6W TDP, 2-5% CPU usage is plenty for proxy duties
✓Install Caddy from the official repository
✓Add domain + backend address to Caddyfile — HTTPS is automatic
✓Route multiple services via subdomain or path-based rules
✓Restrict admin panels by IP for access control
✓Disable turbo boost for lower temperatures and stable clocks
✓Port-forward 80/443 to the N100 from your firewall
✓Enable systemd auto-restart for zero-downtime operation

You don’t need a powerful server for reverse proxy duties. One N100 mini PC is enough, and with Caddy the configuration is just a few lines. Run automatic HTTPS and multi-service routing for roughly $1/month in electricity.

This article is based on real-world experience running Caddy on an N100 mini PC. IP addresses, domains, and port numbers are examples—adjust them for your environment. Non-commercial sharing is welcome. For commercial use, please reach out via our contact page.

Need Help Building Server Infrastructure?

From reverse proxies and SSL certificates to domain routing, Treeru supports the full spectrum of web infrastructure design and deployment.

Request Infrastructure Consultation