Caddy

see SSL - Caddy HTTP/2 server | Centmin Mod Community - already had a private Caddy installer for internal testing

Centmin Mod Nginx performs way better than Caddy for HTTP/2 at least. When Caddy becomes more performant, maybe then

edit also nice discussion and links at

• Caddy 0.9 Released with All New Core | Hacker News
• 1: Matt Holt, creator of Caddy webserver - Syscast Podcast

edit 2: also looks like Caddy split up some features as middleware plugins so if you want rate limiting support, realip support and ipfilter support (ip allow/deny), you need to do separate build downloads at Download Caddy

i.e.

Code (Text):

caddy -plugins
Server types:
  http

Caddyfile loaders:
  short
  flag
  default

Other plugins:
  http.basicauth
  http.bind
  http.browse
  http.errors
  http.expvar
  http.ext
  http.fastcgi
  http.filemanager
  http.git
  http.gzip
  http.header
  http.hugo
  http.internal
  http.ipfilter
  http.locale
  http.log
  http.mailout
  http.markdown
  http.mime
  http.minify
  http.pprof
  http.prometheus
  http.proxy
  http.ratelimit
  http.realip
  http.redir
  http.rewrite
  http.root
  http.search
  http.templates
  http.websocket
  shutdown
  startup
  tls
  tls.dns.cloudflare
  tls.dns.digitalocean
  tls.dns.googlecloud
  tls.dns.namecheap
  tls.dns.route53
  tls.dns.vultr

edit 3: ah Centmin Mod needs an equivalent page to Is Caddy Free?

 

The HTTP sponsor header requirement has been removed from Caddy for now.

Problem was Matt/Caddy didn't properly clarify in their announcement the distinction between Caddy official provided binaries from their build server/site versus custom source compiled Caddy binaries you build yourself from their Github repo source code. The HTTP sponsor header and EULA commercial licensing only applies to their official provided Caddy binaries. The source compiled Caddy binaries you build yourself from Caddy Github repo source code are exempt from HTTP sponsor header and EULA commercial licensing and covered by Apache 2.0 licensing https://caddy.community/t/caddy-commercial-sponsor-header-clarification/2716/

If Matt had better clarified this in the announcement, the fallout and controversy might have been lessened.

Though there's a few other EULA licensing sections, I don't agree with for their official Caddy binaries and that is prohiting sharing of Caddy benchmarks using their official binaries https://caddy.community/t/caddy-eula-section-3-1-h-benchmarking-info-clarification/2727/.

Of course if you source compile build your own Caddy binaries, you can share benchmarks. Which is what I did with custom source compiled Caddy 0.10.9 binaries at SSL - Caddy HTTP/2 server & benchmarks - Part 2. If you don't allow official Caddy binary users to share benchmarks, how do you track performance and regression issues ? How do you know if Caddy's performance is improving or not ?

 

I wouldn't go far to say that. It's definitely learning lesson for them. Just have to be mindful of what Caddy brings to the table and it's shortfalls. Caddy has brought in more folks into utilising HTTP/2 HTTPS who may have found Apache and Nginx HTTP/2 HTTPS usage more complicated i.e. the web devs who aren't necessarily system admins/devops type of folks.

Will be interesting to see how the next 1-2yrs plays out for various web servers I am interested in - Nginx, OpenLitespeed/Litespeed and Caddy (maybe h2o - just not a fan of yaml vhost format - spend more time getting formatting right than anything else).

 

Interesting tests for pure throughput. Centmin Mod optionally supports Nginx Kernel TLS (kTLS) but never saw through put improvements like on Nginx's blog post. But didn't look at cpu usage like in those tests. Something to look at when revisiting Nginx kTLS. But cpu usage improvements might also be due to specific network cards and offloading TLS to them.