
Caddy 0.9 Released with All New Core - mmlkrx
https://caddyserver.com/blog/caddy-0_9-released
======
aexaey
There are some features in Caddy that are simply outstanding - HTTP/2 and
Let's Encrypt integration, to name a few - both pretty much work out-of-the-
box with zero-configuration.

On the other hand, there are still some gaping holes - for example, to block
(or allow) a 192.168.0.0/17 IPv4 subnet in Caddy, one needs to do all of
below:

\- Install an addon [1];

\- Which used to require recompilation, with 0.9 release you can just click an
option during download, yay!;

\- Add 128 ranges to cover this single subnet: 192.168.0.0-255,
192.168.1.0-255, ...192.168.127.0-255. Configuration doesn't support subnets,
only ranges. And only ranges in last octet, i.e. 192.168.1.0-255 (meaning
192.168.1.0/24), or implied ranges by trailing octet(s) omission, i.e. 192.168
(meaning 192.168.0.0/16) [2].

Oh, and ipv6 filtering doesn't exist at all.

[1]
[https://caddyserver.com/docs/ipfilter](https://caddyserver.com/docs/ipfilter)

[2] Which is mildly confusing notation too, since traditional UNIX inet_aton()
call would interpret this as 192.0.0.168. Try typing "ping 192.168" on Linux.

~~~
tychuz
>simply outstanding - HTTP/2 and Let's Encrypt integration

Simply simple de facto features basically are called outstanding now?

~~~
spdustin
Which other web server software intended to replace nginx or apache has HTTP/2
or Let's Encrypt as built-in functions?

------
Mojah
Shameless plug: if you're interested in knowing more about the Caddy
webserver, I did an interview with Matt Holt - its creator - a few weeks ago
on the SysCast podcast: [http://podcast.sysca.st/podcast/1-matt-holt-creator-
caddy-we...](http://podcast.sysca.st/podcast/1-matt-holt-creator-caddy-
webserver/)

------
djvdorp
I would love to hear experiences from people/companies using Caddy in
production (for example, replacing nginx). The project looks very promising,
but for production usage one might also like a decent group of other people
using it in production.

~~~
csixty4
I only use it to host a couple low traffic personal sites but so far it's been
fast & reliable. Configuration is easy because things like SSL cert management
are baked in. It's perfect for my needs. Not sure if I'd recommend it for
anything with a lot of diverse traffic, but it serves up basic WordPress blogs
and node.js apps fine.

------
embik
The one thing that bothers me (which is not Caddy's fault at all) is the
plugin system. If I understand correctly, I have to recompile Caddy for every
plugin I want to use, right? Sounds like a limitation with Go which is really
unfortunate.

~~~
kureikain
Isn't that the same for Nginx? You still have to compile when you add new
plugin?

Caddy is very easy to use. You can download the build with what you want from
their download page.

The nicest thing about it is very simple config file, TLS out of the box,
automatically renew as well.

~~~
Nullabillity
I'm not a big fan of this either. Now you need to keep track separately of
what your snowflake build enables, and when it's time to update, or if you
want to add something else, then you need to go back and fill out the form
manually again, and update manually.

Also, it makes distro packaging dreadful, since you can either ship nothing
and be useless for nearly everyone, or ship everything and surprise users if
they switch to the official builds and find out stuff is missing.

Nginx used to be as bad, but that's been fixed recently.

Personally Caddy is also not very useful for me, since I use a reverse proxy,
and Caddy didn't seem very helpful there the last time I tried. Oh, and it
would have been nice to be able to make it generate self-signed certificates
for staging environments.

~~~
cuu508
What problems did you have with reverse proxying?

The article says 0.9 can now generate self-signed certificates like so

    
    
        tls self_signed

------
nemothekid
I'm awesome to see Caddy come so far. We started using Caddy a little over a
year ago, when we needed a replacement for nginx as a reverse proxy that could
talk directly to mesos to figure out routing. At the time I rewrote the
reverse proxy middleware to get the functionality I needed, but we ended up
maintaining our own fork (which is now widely behind), because we needed our
own plugins (and a mesos reverse proxy didn't seem useful enough to integrate
into caddy core), so its great to see first class support for plugins.

~~~
mholt
Thank you for your work on the proxy middleware, Nimi! Hopefully in the future
we can get it to the point where you won't have to go to all the work to
maintain a fork.

~~~
nemothekid
I think the current Caddy plugins satisfies that - for us its more "if it
ain't broke, don't fix it".

------
dvdplm
Can Caddy work as a reverse proxy to other backend services? And if so, can I
use QUIC for the backend and plain TCP for the front-end? Would that give me
any benefit?

~~~
aexaey
\- Can Caddy work as a reverse proxy to other backend services?

Yes. Use this in your Caddyfile:

    
    
      proxy /api 10.20.30.40:8080 
    

\- And if so, can I use QUIC for the backend

No, QUIC is not supported at the moment:
[https://caddyserver.com/blog/implementing-http2-isnt-
trivial](https://caddyserver.com/blog/implementing-http2-isnt-trivial)

\- and plain TCP for the front-end?

Yes, if you mean HTTP/1.x. Also, you can serve static files from the proxy
itself. Everything not mentioned in explicit "proxy" directive would be served
from local files in the same directory as Caddifile.

~~~
aexaey
Oops, QUIC is now supported:

[https://github.com/mholt/caddy/releases/tag/v0.9.0](https://github.com/mholt/caddy/releases/tag/v0.9.0)

------
namsral
API Bootstrapping

What if you could slap something like Caddy in front of any API and provide
authentication, analytics even billing out of the box.

    
    
      - Rate limiting
      - Billing
      - Authentication and Authorization using OAuth or JWT
      - Analytics/Metrics
      - Geo Location
      - TLS
      - HTTP2?
      - Image optimization
      - Content minification
      - Gzip
      - Signaling Slack/Push/SMS
      - Caching through cloud storage S3, BlackBlaze B2
      - PostgREST

~~~
atonse
GoKit does that ([http://gokit.io](http://gokit.io)) – I heard about it on the
changeling podcast [1]. Really cool set of scripts. Haven't used it personally
though. There's also a changelog episode about Caddy [2], although I'm sure
some of that will be outdated starting today.

[1] [https://changelog.com/163/](https://changelog.com/163/)

[2] [https://changelog.com/179/](https://changelog.com/179/)

~~~
deathtrader666
GoKit looks awesome!

------
regecks
When I went to use Caddy (because I love the idea of it), I was disappointed
to find that there was no yum repo.

Of course, this makes sense because you have to compile the features in.

But, it would still be nice to have deployment automate-able. Maybe an Ansible
role that combines the feature list you need and downloads it via an API.

It's the major, and only reason I quit and went back to nginx.

~~~
jamespo
Why not create your own package? Can do a basic one with fpm

~~~
jsmeaton
Because then you also need to host a feed, and keep it updated when new
releases become available, and keep it updated when new plugin releases become
available, and ensure the feed stays up, and maintain patches, and maintain
required dependencies. All the things that package maintainers (thank you!) do
for the ecosystem. Unless there's substantial gain why not just stick with
Nginx?

For what it's worth though FPM is awesome, and has made my life better a
number of times. If you have to have software that isn't packaged and you
aren't familiar with packaging, look into FPM.

[https://github.com/jordansissel/fpm](https://github.com/jordansissel/fpm)

~~~
jamespo
What dependencies? This is statically compiled go.

Binaries are available, automating a download and wrapping into a package with
FPM is not that much effort.

~~~
jsmeaton
Right, it's not a tonne of work if you _need_ it or really _want_ it. But it's
still extra effort to move away from a supported package provided by the
package management software. Not providing repos means you lose the users who
might want to play around with it but don't have any packaging experience.
This shouldn't be very controversial.

------
electic
How does this compare to NGINX? Especially around performance and security?

~~~
spriggan3
NGINX is a battle tested C high performances general purpose server, while
Caddy looks more like a collection of diverse Go libraries bundled together. I
don't see a lot of protocols implemented by Caddy itself. There is also the
question of Go garbage collector performance and its over head, there is no GC
pauses with C.

This is a great project though, the author is young and talented.

~~~
ffggvv
> There is also the question of Go garbage collector performance and its over
> head, there is no GC pauses with C.

Malloc/free are not cheap either.

~~~
spriggan3
> Malloc/free are not cheap either.

They are still way cheaper than GC pauses in Go.

~~~
SEJeff
The Go GC with 1.5+ (and especially the work going on currently for 1.7) makes
it all but unnoticeable for the majority of non-soft realtime (think HFT)
systems:

[https://talks.golang.org/2015/go-gc.pdf](https://talks.golang.org/2015/go-
gc.pdf)

For 99% of users, it is simply not noticeable anymore. Also note that I've
worked at said HFT nanosecond latency types of firms the past 9 or so years.

------
ciconia
I just replaced nginx with caddy on a staging server. Works flawlessly, very
easy to install. The docs could use some improvement though, especially in the
way of examples.

------
Siecje
Can I use Caddy to provide a single point of authentication for multiple apps
when acting as a reverse proxy?

So a request to a protected resource needs to be authenticated if not then
redirect to a URL (login form).

If login is successful then a token is provided which can be used for
authentication.

If a request is authenticated successfully then it can proxy to the resource.

------
unethical_ban
The static site generation was actually really cool, but I get the direction
they're going with being a wrapper around secure web services.

------
kylemathews
Curious if there's a plugin yet for adding caching headers to static assets?

~~~
stp-ip
No plugin for only caching headers, but you can do that easily using the
headers plugin or headers_downstream within the proxy plugin.

As an example:

    
    
          header / Cache-Control "no-cache, max-age=86400"
    
          header /images/ Cache-Control "max-age=86400"
    
          header /css/ Cache-Control "max-age=604800"
    
          header /fonts/ Cache-Control "max-age=604800"
    
          header /icons/ Cache-Control "max-age=604800"
    

If you want to add the header only to static assets that can be done, but is a
bit harder.

------
eberkund
Is anybody using Caddy on Windows? I use it on OS X via Laravel Valet which is
excellent but I am looking for a replacement WAMP stack.

