Windows with Caddy

Setting Up HTTPS for OpenAlgo on Windows with Caddy

Run OpenAlgo locally on https://openalgo.local with a valid SSL certificate, no browser warnings, and zero changes to app.py.

Why this setup?

OAuth flows for brokers like shoonya often require HTTPS redirect URLs. Running OpenAlgo on plain http://127.0.0.1:5000 works for testing, but production-like local development needs:

• A proper hostname (openalgo.local instead of 127.0.0.1)

• HTTPS with a trusted certificate (no Not Secure warnings)

• No code changes to OpenAlgo itself

Caddy handles all of this in front of your Flask app as a reverse proxy.

Prerequisites

• Windows 10 or 11

• OpenAlgo already cloned and running locally

• Administrator access for two one-time setup steps (hosts file edit, certificate trust)

Step 1: Download Caddy

Go to https://caddyserver.com/download

Select:

• Platform: Windows

• Architecture: amd64

Click Download. You'll get a file named something like caddy_windows_amd64_custom.exe.

Step 2: Place and rename the binary

Create a folder to hold Caddy:

Move the downloaded file into C:\caddy\ and rename it to caddy.exe.

In PowerShell:

Verify it works:

You should see something like:

Tip: Show file extensions in Windows

If you see caddy.exe.exe after renaming, Windows is hiding extensions. Open File Explorer, click View > Show > File name extensions, then rename again.

Step 3: Edit the hosts file

This maps openalgo.local to your local machine.

1. Press the Windows key, type Notepad

2. Right-click Notepad and select Run as administrator

3. In Notepad: File > Open

4. Navigate to: C:\Windows\System32\drivers\etc\

5. Change the file type dropdown (bottom right) from Text Documents (*.txt) to All Files

6. Open hosts

Add this line:

A typical hosts file will look like this after editing:

Save and close.

Verify the entry works:

You should see replies from 127.0.0.1. If you see could not find host, the hosts file did not save correctly. Reopen Notepad as Administrator and try again.

Step 4: Create the Caddyfile

OpenAlgo ships with a default Caddyfile in the project root. If yours is missing, create it.

Navigate to your OpenAlgo project folder:

When Notepad asks if you want to create the file, click Yes. Paste this:

Save and close.

Note on the Caddyfile name

The file must be named exactly Caddyfile with no extension. If Notepad saves it as Caddyfile.txt, rename it:

Step 5: Run Caddy for the first time (Administrator)

The first run installs Caddy's local certificate authority into Windows so browsers trust the auto-generated SSL certificate.

1. Press Windows key, type PowerShell

2. Right-click Windows PowerShell and select Run as administrator

3. Run these commands:

Windows will show a security dialog asking permission to install a root certificate. Click Yes.

You should see logs like:

Leave this terminal open. Caddy is now running.

Step 6: Start OpenAlgo in a separate terminal

Open another PowerShell window (no admin needed). Navigate to the project folder and start OpenAlgo:

You should see:

Step 7: Open OpenAlgo in your browser

Go to: https://openalgo.local

You should see the OpenAlgo login screen with a valid lock icon next to the URL. No certificate warnings.

Step 8: Update broker callback URLs

Now that OpenAlgo runs on HTTPS, update the redirect URL in your .env file:

Match this exactly in your broker's developer console:

• Shoonya API Portal: Edit your app and set the Redirect URL to https://openalgo.local/shoonya/callback

Restart OpenAlgo after editing .env.

All the brokers the procedure remains the same.

Daily workflow after setup

Once everything is set up, your daily workflow is just two terminals: Run this from the openalgo root folder

Terminal 1 (Caddy):

Terminal 2 (OpenAlgo):

Press Ctrl+C in either terminal to stop. Nothing runs in the background as a service.

Optional: Single-command launcher

Create start.bat in your OpenAlgo folder:

Double-click to launch both. Close both terminal windows when done.

Troubleshooting

Browser shows ERR_CONNECTION_REFUSED

Make sure both terminals are running. Caddy must be running for HTTPS to work, and OpenAlgo must be running for Caddy to have something to proxy to.

Certificate warning in browser

This means Caddy's root CA is not trusted. Stop Caddy, then run as Administrator:

Accept the Windows prompt. Restart Caddy.

Port 443 already in use

Another service is using the HTTPS port. Common culprits:

If IIS or World Wide Web Publishing Service is using it, stop the service. Or change Caddy to use a different port:

Then access OpenAlgo at https://openalgo.local:8443.

Caddy says "Caddyfile input is not formatted"

Cosmetic warning only. To fix, run:

Hosts file ping does not resolve

The most common cause is saving hosts as hosts.txt. Open C:\Windows\System32\drivers\etc\ in File Explorer with extensions visible (View > Show > File name extensions). If you see hosts.txt, delete it and edit the original hosts file again.

Removing the setup

If you want to undo everything:

1. Stop Caddy and OpenAlgo

2. Untrust the Caddy CA: C:\caddy\caddy.exe untrust (as Administrator)

3. Remove the 127.0.0.1 openalgo.local line from C:\Windows\System32\drivers\etc\hosts

4. Delete C:\caddy\

5. Delete the Caddyfile from your OpenAlgo folder

Summary

You now have OpenAlgo running on https://openalgo.local with a fully trusted SSL certificate. No background services, no code changes to OpenAlgo, and OAuth callbacks work cleanly with broker APIs that require HTTPS redirect URLs.