Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Pulumi
Pulumi - Infrastructure as Code in any programming language. Build infrastructure intuitively on any cloud using familiar languages 🚀
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
I am curious why I should consider using nginx when Caddy (https://caddyserver.com) exists. It seems to have more activity behind it.
Tangential: the readme mentions Pulumi [1], an Infratructure-as-Code tool I hadn't heard of before.
As an IaC tool, can anyone speak of how it fits in the landscape compared to Chef, Puppet, Ansible, SaltStack, and, oh, Terraform?
Caddy is capable of handling bidirectional gRPC streams! I have just tested it, and it works just fine. The caveat is having to use `flush_interval -1` to immediately flush writes instead of having to wait until reading from socket is complete.
I used this Caddyfile to proxy to the route_guide example (https://github.com/grpc/grpc-go/tree/master/examples/route_g...):
```
That is true, unfortunately. We, the core maintainers, don't use k8s ourselves, so we need to defer to the community for help. See https://github.com/caddyserver/ingress
If I'm not mistaken, the biggest user of openresty is the Kubernetes community-maintained nginx ingress controller [1].
[1]: https://github.com/kubernetes/ingress-nginx I took pains to say "community-maintained" because there's also an official nginx ingress controller from F5 (current corporate owner of nginx).
What I meant was using OCSP status (from stapling) to trigger reissuance on revocation. I don't think this can be done with nginx and certbot unless nginx makes its OCSP status available for the certbot client to read from, or having an event trigger in nginx somehow to get certbot to run. Either way, it's extra faff that you don't need to worry about with Caddy.
> which can run on port 80/443 without iptables hacks
Not sure what you mean. Do you mean that you need root to bind to those ports? In which case, you can give the process CAP_NET_BIND_SERVICE which lets it. Caddy's systemd service does this, and runs as a non-root user: https://github.com/caddyserver/dist/blob/2ceb535e076ed9b3083...
Disclaimer: I am one of the authors of the project.
I do wish that NGINX made LetsEncrypt as easy as to use as Caddy does. We are all big fans of LetsEncrypt and are quite happy to see NGINX donating to the project.
In this project (MARA), LetsEncrypt support is integrated via [Cert Manager](https://cert-manager.io/) for Kubernetes. This is nice because it supports certs from a variety of issuers like AWS, Google, Vault, Cloudflare, etc in addition to Let's Encrypt.
There's also an interesting open source project called NAML. As I understand it, it can be a replacement for Helm.
Related posts
- Upgrading Hundreds of Kubernetes Clusters
- Otterize launches open-source, declarative IAM permissions for workloads on AWS EKS clusters
- My CNCF LFX Mentorship Spring 2023 Project at Kubescape
- Elm 2022, a year in review
- Is there a good example of an open source non-trivial (DB connection, authentication, authorization, data validation, tests, etc...) Go API?