-
I'm a big fan of pico.sh (it's one of my main inspiration for smallweb.run).
I'm sure you're aware of it, but it might be interesting to others: caddy exposes all of it's internal as library you can easily integrate to your projects: https://github.com/caddyserver/certmagic
-
InfluxDB
InfluxDB high-performance time series database. Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems.
-
-
river
This repository is the home of the River reverse proxy application, based on the pingora library from Cloudflare. (by memorysafety)
Caddy is pretty nice, I believe Coolify uses it as part of their self-hosted open source PaaS model. Just out of curiosity, are there any alternatives in Rust? I think Pingora is one, as well as River which is built on top of it [0], but I'm not sure how widely used the latter is as a Caddy replacement.
[0] https://github.com/memorysafety/river
-
Another great web server to try is h2o: https://h2o.examp1e.net/
Especially for its HTTP/2 and HTTP/3 QUIC support.
-
Caddy is nearly a decade old, and is very well-regarded.
https://hn.algolia.com/?dateRange=pastYear&page=0&prefix=fal...
https://en.wikipedia.org/wiki/Caddy_(web_server)
-
The friendly licensing (Apache v2) is important too, especially w/ Caddy's modular architecture (single, static binary compiled for any platform).
Meaning ecosystems around Caddy to make it even simpler and more secure, e.g. keep your server private while serving Internet clients. So VPNs like Tailscale (1) or zero implicit trust like OpenZiti (also Apache v2; (2)). Similar to what we have seen with open source k8s ecosystem for example.
(1) https://tailscale.com/blog/caddy (and other VPNs but the proprietary bits in the commercial TS service make it easier to use)
(2) https://github.com/openziti-test-kitchen/ziti-caddy (disclosure: maintainer...there may be other open source zero implicit trust options with these types of Caddy integrations)
-
Here using `layer4.matchers.*`
https://github.com/mholt/caddy-l4?tab=readme-ov-file#introdu...
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
Caddy is really great. In prod, but most surprisingly for all environments.
- There's a great tool, localias, which uses Caddy for a local dev server https://github.com/peterldowns/localias
- I use it locally for dev https://github.com/iloveitaly/python-starter-template/blob/m... which aligns tricky bits of a web app like HTTP redirect, cookies, and CORS to work consistently across dev and prod.
- Can be used on GHA for HTTPS as well https://github.com/iloveitaly/github-action-localias
-
Caddy is really great. In prod, but most surprisingly for all environments.
- There's a great tool, localias, which uses Caddy for a local dev server https://github.com/peterldowns/localias
- I use it locally for dev https://github.com/iloveitaly/python-starter-template/blob/m... which aligns tricky bits of a web app like HTTP redirect, cookies, and CORS to work consistently across dev and prod.
- Can be used on GHA for HTTPS as well https://github.com/iloveitaly/github-action-localias
-
Caddy is really great. In prod, but most surprisingly for all environments.
- There's a great tool, localias, which uses Caddy for a local dev server https://github.com/peterldowns/localias
- I use it locally for dev https://github.com/iloveitaly/python-starter-template/blob/m... which aligns tricky bits of a web app like HTTP redirect, cookies, and CORS to work consistently across dev and prod.
- Can be used on GHA for HTTPS as well https://github.com/iloveitaly/github-action-localias
-
minica
minica is a small, simple CA intended for use in situations where the CA operator also operates each host where a certificate will be used.
I was only commenting about DNS part, self signed certificates come with their own lot of trouble. At least I havent ever run into any cache issues with local resolvers.
I have previously used https://github.com/jsha/minica which makes it at least easy to create a root certificate and matching server cert. How to get that root cert trusted on different array of devices is another story.
-
You can use Caddy's CertMagic library in your own server, if you want something super-lightweight.
Here's a little POC I did for doing the opposite of apextowww: https://github.com/timdev/nodubs/blob/main/nodubs.go
-
Caddy made it possible for us at https://pico.sh to provide on demand tls for user subdomains and custom domains.
It really was pretty easy to setup and “just works”
-
With nginx I'm assuming you would use something like Vouch or oauth2-proxy? Something like the architecture described here:
https://github.com/vouch/vouch-proxy?tab=readme-ov-file#what...
Can't speak for caddy-security, but the forward_auth feature is the caddy equivalent to nginx's auth_request
-
docker-swag
Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
There are already full solution for things like that i.e. https://github.com/linuxserver/docker-swag
-
I do not have in-depth knowledge of traefik unfortunately. I tried it a while ago, but decided to switch to the setup mentioned above for the setup simplicity. For my use-case, the setup mentioned on github under "Basic usage example, using docker-compose" plus adding two lines to a docker-compose file has been enough for most of my use-cases, and never given me any trouble.
I think achieving a similar setup in traefik (e.g. https://github.com/tiangolo/blog-posts/blob/master/deploying...) would be more complicated, and I felt like I was not sure what all the labels did or how to adapt the setup.
-
oauth2-proxy
A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
I believe it's almost always the "groups" claim <https://github.com/oauth2-proxy/oauth2-proxy/issues?q=cookie...> but I would suspect any sufficiently large set of claims would do it (e.g. a huge "iss", erroneously returning the user profile jpeg attribute, who knows)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
