WSL2 (Debian 13) is installed
Get your WSL2 private IPv6 address:
Start WSL
Show the WSL2 local IPv6 addresses:
ip -6 --brief addr show dev eth0 scope link
Copy the IPv6 address, excluding /64
You can add a host name record on your Windows hosts file, or on your home router.
Launch Notepad or Notepad++ as Administrator.
Navigate to C:\Windows\system32\drivers\etc\ and open hosts.
Type in the IPv6 address and the host name:
fe80::1824 wsl.internal
If your WSL session is already open, reboot it to receive the latest Windows hosts file.
Modern Internet routers can add IPv6 records. Use this instead of hosts file if you connect from multiple home clients.
Log in to your router's web interface.
Go to Advanced settings.
Go to Network Settings > DNS Server.
Scroll down and click "Add DNS Entry".
Change to "IPv6"; enter a host name (i.e. wsl.internal) and IPv6 address. You can add fully-qualified domain names.
Click Apply.
Install the Linux packages
sudo apt install libnss3-tools mkcert
Install a Certificate Authority for your user:
mkcert -install
Determine the WSL location of the root certificate
mkcert -CAROOT
In Windows open File Explorer and navigate to the folder; confirm the file rootCA.pem is there:
\\wsl$\Debian\home\username\.local\share\mkcert\
Launch Terminal or Powershell as Administrator.
Install the root certificate to your current user's trusted root authorities (replace username with the WSL username):
Import-Certificate -FilePath "\\wsl.localhost\Debian\home\username\.local\share\mkcert\rootCA.pem" `
-CertStoreLocation Cert:\CurrentUser\Root
Click "Yes" to complete the certificate installation.
Open an WSL Terminal. You are logged in as username.
Install the debian keyring packages:
sudo apt install -y debian-keyring debian-archive-keyring
Download the Caddy gpg key; this can take a few seconds with no feedback:
sudo wget -qO- 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' |
sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
Define the Caddy repository:
sudo vi /etc/apt/sources.list.d/caddy.sources
Types: deb
URIs: https://dl.cloudsmith.io/public/caddy/stable/deb/debian
Suites: any-version
Components: main
Signed-By: /usr/share/keyrings/caddy-stable-archive-keyring.gpg
Check for updates:
sudo apt update
apt list --upgradable
Apply any updates:
sudo apt upgrade -y
Install Caddy
sudo apt install caddy
Edit the Caddyfile, and replace it completely with the custom configuration below.
sudo vi /etc/caddy/Caddyfile
wsl.internal, [fe80::1824], [::1] {
root * /srv/www
file_server
# Certs from mkcert
tls /srv/wsl.internal+1.pem /srv/wsl.internal+1-key.pem
# Strict isolation headers
header {
Cross-Origin-Opener-Policy "same-origin"
Cross-Origin-Embedder-Policy "require-corp"
}
}
Be sure to replace fe80::1824 and possibly wsl.internal before you save the file. IPv6 addresses should be in brackets.
Create the folder for serving webpages
sudo mkdir -p /srv/www
sudo chown caddy:caddy /srv/www
Create a certificate that includes the hostname, local IPv6 address , and loopback IPv6
mkcert wsl.internal fe80::1824 ::1
Move the local certificates from /home/username to /srv:
sudo mv wsl.internal*.pem /srv/
sudo chown caddy:caddy /srv/*.pem
Restart Caddy to apply the changes:
sudo systemctl restart caddy
Review the caddy system logs, looking for errors:
sudo journalctl -u caddy
Add your user to "caddy" group (be sure to replace username!)
sudo usermod -aG caddy username
sudo chmod ug+w /srv/www
Refresh your permissions and add a totally blank HTML file:
su - username
touch /srv/www/index.html
Query Caddy without a browser:
curl https://[::1] or curl https://[fe80::1824%eth0]
If there is no error, the empty page was retrieved. Linux cannot use wsl.internal from the hosts file, because it needs the %eth0 suffix .
On the Windows machine, browse to https://wsl.internal ; an empty page is expected.