| ▲ | reactordev 2 days ago |
| +1 for caddy. nginx is so 2007. |
|
| ▲ | darkwater 2 days ago | parent | next [-] |
| Caddy is just for developers that want to publish/test the thing they write. For power users or infra admins, nginx is still much more valuable.
And yes, I use Caddy in my home lab and it's nice and all but it's not really flexible as nginx is. |
| |
| ▲ | reactordev 2 days ago | parent | next [-] | | Caddy is in use here in production. 14M requests an hour. | | |
| ▲ | mholt 2 days ago | parent [-] | | Where's that if I may ask? | | |
| ▲ | reactordev 2 days ago | parent [-] | | Trust me, you don’t want to know. Just know - it’s working great and thank you. GovCloud be dragons. |
|
| |
| ▲ | j-krieger 2 days ago | parent | prev [-] | | We use Caddy across hundreds of apps with 10s of millions of requests per day in production. | | |
| ▲ | mholt 2 days ago | parent [-] | | Oooh. Can you tell me more about this? | | |
| ▲ | reactordev 2 days ago | parent | next [-] | | In case people are wondering, this is the author of Caddy. He’s curious where it’s being used outside of home labs and in small shops. Matt, it’s fantastic software and will only get better as go improves. I used it in a proxy setup for ingress to kubernetes that’s overlayed across multiple clouds - for the government (prior admin, this admin killed it). I can’t tell you more information than that. Other than it goes WWW -> ALB -> Caddy Cluster * Other Cloud -> K8s Router -> K8s pod -> Fiber Golang service. :chefs kiss: When a pod is registered to the K8s router, we fire off a request to the caddy cluster to register the route. Bam, we got traffic, we got TLS, we got magic. No downtime. | | |
| ▲ | reactordev 2 days ago | parent [-] | | I almost forgot. Matt. We added a little sugar to Caddy for our cluster. Hashicorp's memberlist. So we can sync the records. It worked great. Sadly, I can't share it but it's rather trivial to implement. | | |
| ▲ | mholt a day ago | parent [-] | | Wonderful info, and feedback -- thank you so much. Happy that it works for you! |
|
| |
| ▲ | j-krieger 2 days ago | parent | prev [-] | | Sure. University / Government sector. I know quite some unis/projects in that field that switched to caddy, since gigantic ip ranges and deep subdomains with stakeholders of many different classes have certain PKI requirements and caddy makes using ACME easy. We deploy a self serving tool where people can generate EAB-Ids and Hmac keys for a sub domain they own. Complex root domain routing and complex dynamic rewrite logic remains behind Apache/NginX/HaProxy, a lot of apps are then served in a container architecture with Caddy for easy cert renewal without relying on hacky certbot architectures. So we don't really serve that much traffic with just one instance. Also, a lot of our traffic is bots. More than one would think. The basic configuration being tiny makes it the perfect fit for people with varying capabilities and know how when it comes to devops. As a devops engineer, I enjoy the easy integration with tailscale. | | |
| ▲ | mholt a day ago | parent [-] | | Thank you, this is amazing feedback/info. Yeah, we think the Tailscale integration is pretty neat too! |
|
|
|
|
|
| ▲ | RadiozRadioz 2 days ago | parent | prev | next [-] |
| So a tool's value should be judged as inversely proportional to its age? |
| |
| ▲ | reactordev 2 days ago | parent | next [-] | | A tools value is in the eye of the beholder. Nginx has ceased being valuable to me when they decided to change licenses, go private equity, not adapt to orchestration needs, ignore http standards, and not release meaningful updates in a decade. | | |
| ▲ | yjftsjthsd-h 2 days ago | parent | next [-] | | > when they decided to change licenses, https://github.com/nginx/nginx/blob/master/LICENSE looks like a nice normal permissive license. I don't care that there's a premium version if all the features I want are in the OSS version. | |
| ▲ | jcgl 2 days ago | parent | prev [-] | | Private equity? Either there’s a story I’m missing, or you’re mischaracterizing F5 as PE. | | |
| ▲ | reactordev a day ago | parent [-] | | Lookup Angie, freenginx, and the whole Rambler / F5 fiasco. Moscow feds involved and forced exploitation for profit. |
|
| |
| ▲ | mholt 2 days ago | parent | prev [-] | | Maybe inversely proportional to how much the ecosystem moves around it. |
|
|
| ▲ | supriyo-biswas 2 days ago | parent | prev [-] |
| Only if they'd get the K8s ingress out of the WIP phase; I can't wait to possibly get rid of the cert-manager and ingress shenanigans you get with others. |
| |
| ▲ | reactordev 2 days ago | parent | next [-] | | Yup. I can’t wait for the day I can kill my caddy8s service. The best thing about caddy is the fact you can reload config, add sites, routes, without ever having to shutdown. Writing a service to keep your orchestration platform and your ingress in sync is meh. K8s has the events, DNS service has the src mesh records, you just need a way to tell caddy to send it to your backend. The feature should be done soon but they need to ensure it works across K8s flavors. | | |
| ▲ | 01HNNWZ0MV43FF 2 days ago | parent | next [-] | | I think you can that with Nginx too, but the SWAG wrapper discourages it for some reason | |
| ▲ | pushrax 2 days ago | parent | prev [-] | | just send sighup to nginx and it will reload all the config—there's very few settings that require a restart | | |
| ▲ | reactordev 2 days ago | parent [-] | | Sure, how, from the container? The host it’s on? Caddy exposes this as an api. |
|
| |
| ▲ | ilogik 2 days ago | parent | prev [-] | | Traefik seems to be ok for us |
|
