
Caddy 1.0, Caddy 2, and Caddy Enterprise - mholt
https://caddyserver.com/blog/announcing-caddy-1_0-caddy-2-caddy-enterprise
======
reacharavindh
I was excited about it and had it in my "check it out for next project" list.
Then saw that they were adding "ads" or some arbitrary junk to headers to
annoy users into considering a paid tier. I never bothered to look at it
again. I saw that the ads thing was removed, but the project lost that bit of
trust to be considered seriously after that. It may be a wonderful thing that
I am missing out on. But, just saying how my thought process went.

I will perhaps try it for some toy projects. But, I will have to watch the
words with oil in eyes before using it in any serious projects. If I don't
have the time to do that diligence, then this thing will not be considered....
This is the cost of losing trust with potential users.

~~~
roblabla
The "ads" were a simple Caddy-Sponsors header being sent on every HTTP
response, containing the string "This free web server is made possible by its
sponsors: Minio, Uptime Robot, and Sourcegraph". It could be removed (legally,
the license allows it) by compiling from source. This whole thing was largely
a non-issue, and overblown.

The bigger issue that came with it was a website redesign that was fairly
misleading (it looked like Caddy was going to be closed source), but when it
was pointed out, it was clarified to clearly point out that Caddy is a Free
and Open Source Software. To me, this reinforced my trust in the project. They
went the wrong way, people didn't like it, they fixed it.

The fact that, in today's world, a single misstep generates an immediate and
irrevocable loss of trust, even when that misstep is quickly corrected and
apologies are issued, is incredibly weird to me. It pushes people to hide
their mistakes instead of being open about them...

Disclaimer: I'm a happy user of Caddy, using self-built binaries. I'll take
this chance to thank the developers behind Caddy. You have made my life a lot
easier :).

~~~
TAForObvReasons
> The fact that, in today's world, a single misstep generates an immediate and
> irrevocable loss of trust, even when that misstep is quickly corrected and
> apologies are issued, is incredibly weird to me. It pushes people to hide
> their mistakes instead of being open about them...

This happened in the past too. What people did in the past was "move to
another town", but in the age of the Internet you can't really run away from
your public gaffes.

In this particular case, it's commendable that Caddy reversed course on the
ads. However, many people's first exposure to Caddy was this ad story and it
is extremely hard to change first impressions.

------
bovermyer
Very important excerpt:

> Beginning today, commercial licenses are no longer required for commercial
> use of any Caddy binaries.

~~~
jack12
I don't understand the change. If I understand the history correctly,
previously commercial usage restrictions only applied to official binaries
downloaded from their site, and now:

>Going forward, only commercial use of ... the download page ... requires a
subscription

So now you're allowed to commercially use the official binaries without buying
a license, but you're not allowed to acquire them without that license? I
don't really understand how that's a distinction with any difference.

Is the expectation that (non-commercial) 3rd-parties will mirror the official
binaries, and that's why it's a useful change?

~~~
TAForObvReasons
> Now that version 1.0 is tagged, we will see about working on integrations
> with Digital Ocean, various Linux distros and package managers, and making
> an official Docker container.

So it seems that if you use the Docker container or an APT repository, there
is no need for a subscription. However if you pull from their infrastructure
you need to pay. Interesting way to muddy the waters and extract money from
those who don't understand the situation.

~~~
mholt
That's not correct. To clarify the facts:

\- You can always build from source, and you could have always built from
source, for free, for commercial use, since the source code is and has always
been Apache licensed.

\- 3rd-party distribution channels such as Digital Ocean images, Linux package
managers, Docker, etc, have nothing to do with commercial or free use.

\- Using our official download page (or getcaddy.com) for commercial purposes
requires a subscription.

~~~
TAForObvReasons
The Caddy source code is hosted on GitHub, not on your infrastructure AFAICT.
If that changed, then what you wrote is different from what I wrote.
Otherwise, nothing written in the previous comment differs from what you just
wrote.

~~~
mholt
Your comment does not qualify "need to pay", which is only required for
commercial users.

If Caddy is as unpopular as HN makes it look, then that's probably nobody.
Right?

~~~
TAForObvReasons
Just to be clear: it seems that the same exact binaries distributed via a
docker image or through standard distro packages managers are free for
commercial use. The difference is that obtaining it from you directly costs
money. This is a part of the business model that HN users would likely find
distasteful. You're charging people who aren't technically competent enough to
realize that other places offer the same exact binaries for free. Why even
permit the side channels in the first place?

~~~
mholt
That's also an incorrect characterization. Those 3rd-party channels do not
give you the power to customize Caddy the way our build infrastructure does.
Try customizing Caddy with plugins through apt or DO images and let us know if
you find a way to do that!

~~~
gtirloni
I understand other projects have similar compilation requirements but now
you're just spinning a technical difficulty as a feature.

The fact people are still having trouble understanding your licensing terms
should give you pause.

------
francislavoie
Big news! Very exciting to see Caddy push forwards.

------
SpiffyMelon
This is great news!

Thank you Matt, and everyone else who has contributed to such an amazing
project :)

------
regecks
Really happy to read that OS packages will be available. Thanks for responding
to feedback!

All of these changes look great.

------
vorpalhex
What does Caddy offer over truly open source projects like Traefik?

~~~
mholt
I'm ready to answer your question, but define "truly open source" for me
first.

~~~
vorpalhex
FOSS, in the sense of freedom of speech as much as beer. Hinky enterprise
license requirements for builds, their previous banner on non-enterprise
versions, etc are not truly free, just a different kind of cost.

~~~
eridius
The enterprise license requirement for Caddy 1.0 is for using their build
infrastructure, not for using the build. The banner was something that could
trivially be removed (if it was even present this way) by compiling from
source.

FOSS doesn't meant the company doesn't deserve to seek a business model. In
fact, I applaud Caddy's approach towards finding a business model without
interfering with the FOSS nature of the project itself. If you want to avoid
Caddy's business model entirely, just build from source.

~~~
vorpalhex
Which brings me back to my original query - why bother with that nonsense when
I can just use Traefik?

If they're fussing with licenses to make money, what's to keep them making
future license tweaks that do affect the source?

~~~
eridius
Traefik also has enterprise licenses. I'm not sure what your point is.

Literally the only thing Caddy has done that has impacted non-enterprise
customers was that sponsor header that they removed pretty quickly when the
community told them they didn't want it. And enterprise customers have always
had the option of compiling from source if they don't want to buy a license.

------
brunoqc
It sounds like Caddy 2 will be open core. I'm not a fan.

~~~
yroc92
What are your reservations with such a model? Just curious.

~~~
axaxs
Not OP. Inevitably, most time/development is spent NOT on the core. Cool new
features are not added to the core. I understand the business model and why,
but it's not something end users like to see.

~~~
vorpalhex
See Elasticsearch for an example of this. "Oh, you actually want auth on that
otherwise entirely public cluster? Oh, well, now you better cough up some
money for an enterprise subscription..."

~~~
gtirloni
Which is just fine if they weren't taking free contributions from anywhere.
Once you start talking about a community building this great thing, your moral
bar should much higher for how you treat users.

------
chrisweekly
Does Caddy (still) need to run as root?

~~~
mholt
No program _needs_ to run as root. What are you referring to?

~~~
neilsense
Probably because it'll bind to low ports. setcap would fix it for OP.

