
Ask HN: Secure alternative to Nginx? - fulafel
If I wanted to use a frontend &quot;HTTP router&quot; and static asset server for many different services written in various languages, and reduce the risk of vulnerability that comes from fronting all services with a C HTTP parser&#x2F;processor, what alternatives could I use?<p>Requirements: security mindedness, safe implementation language, production ready, simplicity.<p>Non-requirements: match nginx performance.
======
eberkund
Caddy?

~~~
fulafel
Thanks.

Their licensing seems confusing: The
[https://caddyserver.com/download](https://caddyserver.com/download) web page
says "Caddy binaries are free for personal use, and a commercial license is
required for internal company use, commercialized distribution, or other
business purpose. "

After seeing Caddy mentioned in another HN thread, I decided to make sure I
got that right, and stumbled upon
[https://github.com/mholt/caddy](https://github.com/mholt/caddy) which seems
to be open-source. But how to reconcile this with the apparent ban on
distributing binaries?

~~~
mholt
The source code is Apache licensed. The official binaries are licensed for
personal use for free. You pay to use official builds for commercial purposes,
but the restrictions on the personal-use binaries are still quite liberal. If
you have doubts, just ask us or build from source. It is, after all, open
source.

