flipt VS Caddy

We at https://flipt.io are putting on a buy vs build webinar in a couple of weeks to discuss this very thing as it's a common question that engineering teams seem to have.

If you're interested in attending its taking place on LinkedIn on April 17: https://www.linkedin.com/events/buildvs-buy-pickingafeaturef...

We're currently evaluating OPA for adding RBAC to our open-source application [0]. We plan on using the Go API [1] and doing the policy eval directly in our app since our app is also written in Go.

The thinking is we'll have some basic built-in policies (like admins can do X, editors can do Y, etc) but also allow users to configure their own policies if they want by writing rego and loading their policy rules at startup time (via config). We'd document the inputs that we pass to the evaluation call such as request headers, IP, role, etc.

I'm curious if anyone has ever tried something like this or similar?

[0] https://github.com/flipt-io/flipt

[1] https://www.openpolicyagent.org/docs/latest/integration/#int...

Flipt - Clickhouse integration for flag eval analytics

At Flipt, we continually discuss technologies that can bring change to the industry. In this article, we delve into cutting-edge top trends and tools that can redefine DevOps and platform engineering this year.

In this article, I will share the DevOps tools that we've used at Flipt and in previous roles (such as at InfluxDB). These tools are relevant for any modern software project.

But after onboarding 50+ contributors to Flipt, I realized there are ways to make starts easy for newbies.

In this article, I will share the effort-based issue labeling system we use at Flipt to deal with this problem.

Flipt has reached 3k GitHub stars ⭐ this week.

In this article, I’m sharing 3 GitHub Actions we use at Flipt that saved us more than 500 developer hours.

In this article, I’ll share 3 tools we use at Flipt to maintain high code quality and ship features reliably.

However, it's very unlikely that .NET developers will directly expose their Kestrel-based web apps to the internet. Typically, we use other popular web servers like Nginx, Traefik, and Caddy to act as a reverse-proxy in front of Kestrel for various reasons:

I think that recompiling with upgraded Go will not solve the issue. It seems Caddy imports `golang.org/x/net/http2` and pins it to v0.22.0 which is vulnerable: https://github.com/caddyserver/caddy/issues/6219#issuecommen....

Caddy [1] is a single binary. It is not minimal, but the size difference is barely noticeable.

serve also comes to mind. If you have node installed, `npx serve .` does exactly that.

There are a few go projects that fit your description, none of them very popular, probably because they end up being a 20-line wrapper around http frameworks just like this one.

[1] https://caddyserver.com/

Each app’s front end is built with Qwik and uses Tailwind for styling. The server-side is powered by Qwik City (Qwik’s official meta-framework) and runs on Node.js hosted on a shared Linode VPS. The apps also use PM2 for process management and Caddy as a reverse proxy and SSL provisioner. The data is stored in a PostgreSQL database that also runs on a shared Linode VPS. The apps interact with the database using Drizzle, an Object-Relational Mapper (ORM) for JavaScript. The entire infrastructure for both apps is managed with Terraform using the Terraform Linode provider, which was new to me, but made provisioning and destroying infrastructure really fast and easy (once I learned how it all worked).

So I dug a little deeper and came across this gem: Caddy. Caddy is this fantastic, extensible, cross-platform, open-source web server that's written in Go. The best part? It comes with automatic HTTPS. It basically condenses all the work our scripts and manual maintenance were doing into just 4-5 lines of config. So, stick around and I'll walk you through how to set up an automatic SSL solution with Caddy, Docker and a Node.js server.

Let's use Caddy which can act as reverse-proxy with automatic HTTPS coverage.

Even if it may be simple, it doesn't handle edge cases such as https://github.com/caddyserver/caddy/issues/1632

I personally would make the trade off of taking on more complexity so that I can have extra compatibility.

One of the most heavily used Russian software projects on the internet https://www.nginx.com/blog/do-svidaniya-igor-thank-you-for-n... but it's only marginally more modern than Apache httpd.

In light of recently announced nginx memory-safety vulnerabilities I'd suggest migrating to Caddy https://caddyserver.com/

My preferred solution is using Caddy. This will resolve the networking issues, work as a great reverse proxy, and takes care of the whole SSL process for us. We can follow the install instructions from their documentation and run these five commands: