htcpp VS Caddy

I'm always a bit bothered by them saying they are the "only" web server that can do this. First you can also just configure it in a way where it will not use HTTPS (e.g. if you provide an IP:port instead of a hostname). And if you do require specific configuration to enable HTTPS and automatically get certificates via ACME, then lots of other web servers can do this too. Even my own web server can do it: https://github.com/pfirsich/htcpp (see https://github.com/pfirsich/htcpp/blob/main/configs/acme.jom... for an admittedly much more complicated config).

Cool stuff! I am currently converting my io_uring based HTTP server (https://github.com/pfirsich/htcpp) to using coroutines as well, so this is cool to see. (WIP library here: https://github.com/pfirsich/aiopp)

I recently built an HTTP(S) server myself (https://github.com/pfirsich/htcpp) and did not find something like you are looking for. If you also don't find anything (but please link it if you do!), consider just running your server on a publicly accessible VM and listening on port 80 and you will be bombarded by various people trying to break in. Most of it will be useless, like checks for unprotected phpMyAdmin and stuff like that, but I did find a few bugs that way. I even found some TLS issues (of course listen on 443 instead).

I am serving static HTML from a web server, which I have built myself using C++: https://github.com/pfirsich/htcpp. I am not sure if that even counts, but I'm kind of proud of it. And I use it to serve my personal website: https://theshoemaker.de.

No, look at the associated unit test: https://github.com/caddyserver/caddy/blob/c6eb186064091c79f4...

If that test fails we could serve PHP source code instead of having it be evaluated, a major security flaw.

However, it's very unlikely that .NET developers will directly expose their Kestrel-based web apps to the internet. Typically, we use other popular web servers like Nginx, Traefik, and Caddy to act as a reverse-proxy in front of Kestrel for various reasons:

I think that recompiling with upgraded Go will not solve the issue. It seems Caddy imports `golang.org/x/net/http2` and pins it to v0.22.0 which is vulnerable: https://github.com/caddyserver/caddy/issues/6219#issuecommen....

Caddy [1] is a single binary. It is not minimal, but the size difference is barely noticeable.

serve also comes to mind. If you have node installed, `npx serve .` does exactly that.

There are a few go projects that fit your description, none of them very popular, probably because they end up being a 20-line wrapper around http frameworks just like this one.

[1] https://caddyserver.com/

Each app’s front end is built with Qwik and uses Tailwind for styling. The server-side is powered by Qwik City (Qwik’s official meta-framework) and runs on Node.js hosted on a shared Linode VPS. The apps also use PM2 for process management and Caddy as a reverse proxy and SSL provisioner. The data is stored in a PostgreSQL database that also runs on a shared Linode VPS. The apps interact with the database using Drizzle, an Object-Relational Mapper (ORM) for JavaScript. The entire infrastructure for both apps is managed with Terraform using the Terraform Linode provider, which was new to me, but made provisioning and destroying infrastructure really fast and easy (once I learned how it all worked).

So I dug a little deeper and came across this gem: Caddy. Caddy is this fantastic, extensible, cross-platform, open-source web server that's written in Go. The best part? It comes with automatic HTTPS. It basically condenses all the work our scripts and manual maintenance were doing into just 4-5 lines of config. So, stick around and I'll walk you through how to set up an automatic SSL solution with Caddy, Docker and a Node.js server.

Let's use Caddy which can act as reverse-proxy with automatic HTTPS coverage.

Even if it may be simple, it doesn't handle edge cases such as https://github.com/caddyserver/caddy/issues/1632

I personally would make the trade off of taking on more complexity so that I can have extra compatibility.

One of the most heavily used Russian software projects on the internet https://www.nginx.com/blog/do-svidaniya-igor-thank-you-for-n... but it's only marginally more modern than Apache httpd.

In light of recently announced nginx memory-safety vulnerabilities I'd suggest migrating to Caddy https://caddyserver.com/