Next Steps for the Caddy Project Maintainership
Posted3 months agoActive3 months ago
caddy.communityTechstoryHigh profile
supportivepositive
Debate
20/100
CaddyOpen SourceMaintainershipWeb Server
Key topics
Caddy
Open Source
Maintainership
Web Server
The Caddy project is transitioning to a more distributed maintainership model, sparking a supportive discussion on HN about the project's strengths and the challenges of open-source maintenance.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
44m
Peak period
46
3-6h
Avg / period
9.2
Comment distribution92 data points
Loading chart...
Based on 92 loaded comments
Key moments
- 01Story posted
Oct 15, 2025 at 5:32 PM EDT
3 months ago
Step 01 - 02First comment
Oct 15, 2025 at 6:16 PM EDT
44m after posting
Step 02 - 03Peak activity
46 comments in 3-6h
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 17, 2025 at 8:34 AM EDT
3 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45598590Type: storyLast synced: 11/20/2025, 5:51:32 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
> The Ultimate Server
> makes your sites more secure, more reliable, and more scalable than any other solution.
Is this an alternative to nginx or something?
Personally, I much prefer the way caddy does configuration / plugins (as someone reasonably conversant in how nginx does those things) - comparable to "sysv init scripts vs systemd unit files".
A stand-out feature has been ACME support built-in, and it’s a fairly capable reverse proxy. I’ve seen organizations use Caddy to provision certificates for customer domains at scale with very good results.
As a note, Caddy is one of those tools which hits the 80-90% of functionality with 50% of the complexity.
For both my homelab and hobby projects it just works. Its configuration is sane and well documented.
I highly recommend giving it a try.
Here’s a complete configuration file for a Wordpress site with a LetsEncrypt TLS cert, static files, and PHP executed via FastCGI:
That’s it. That’s the whole thing. All the other settings are adjustable, but have the default values you’d configure yourself if you wanted to dig in and tweak it.I appreciate Caddy immensely. It doesn’t do anything Nginx can’t do, as far as I know, but it’s a whole lot more ergonomic while doing it.
Which is to say, in N years, will the Caddy defaults be full of some unfortunate decisions?
Caddy and Traefik have been around for a while now, so curious what has prevented the boring technology from essentially flipping some defaults around.
Similarly, nginx isn't going to be the one picking your SSL config out of the box; it's a bunch of arcane flags and settings (if you're not intimately familiar with SSL anyways) that you look up once how to get the SSLabs A+ score and then you put it in a reusable snippet to not have to think about that stuff ever again for future domains. If you want ACME certificates, you're gonna have to tell it to do that (nginx recently got a module for this I think, which kinda makes it equal in this sense to caddy's automatic LE cert generation) or where to find the certificates.
Caddy automates a lot of this sort of thing; the result is smoother/cleaner config files (it's hard to deny that reverse_proxy is shorter than the several dozens of config lines you'd use for nginx) but you also need to be aware of what Caddy does by default and the assumption that what the Caddy developers think should be the default will also always be what you want, unless you want to poke at manual overrides (in which case it's pretty much nginx again.) It can also do a few common variants on static site hosting, like automatically pulling a git repo, running a page generator on it and serving the resulting folder, which nginx just straight up doesn't do afaik.
In practice, I found Caddy works well on development/toy machines where there's no real expectations for having to think about prod and "not having to spend an hour reconfiguring your setup" when you start a project is beneficial and it's easy to swap things like ports around. Nginx works better on production machines because you basically set it up once and then can safely never have to think about it again, while still allowing you explicitly see why it's (not) doing what you want later down the line.
Traefik I legitimately couldn't see a reason to use however. It's config syntax is atrocious and looking it up online tells me it's mainly popular with non-technical homelab people because it can serve a web UI to manage your reverse proxies in. I guess that's a desirable feature for some?
One thing I did like about Apache back in the day was that it made it really easy to give per served web folder configuration. Nowadays I just toss stuff on a subdomain (cuz there's little reason not to), but if you only have one hostname to put things on (ie. a homelab thatt you can only access by local IP address), that's obviously not an option. .htaccess files were pretty neat for doing that.
Nginx can't really do that as easily, you have to start futzing with different location blocks and it kinda gets messy quickly.
On a not-so-relevant note, I do think Apache has probably the nicest "dirlist" out of all of them. Nginx's is really ugly and Caddy's feels too overdesigned.
Would I use it for a new service today? No.
Not because the configuration itself is complex (as I say, I've been working with it for decades), but because managing the config is complex.
You end up using custom templating systems, testing the new config oob, and then sending signals to the daemon. There's a huge pile of scripting needed to manage all of this in even the most basic way, let alone integrate it with a service mesh or orchestration system.
Even the ASF will push you towards ATS or Dubbo or APISIX rather than old-school Apache Server.
Caddy will get you up and running in seconds, whereas forcing Apache's square peg into the modern environment's round hole is going eat weeks for very little benefit.
As a side note, I see that Apache still describes it as "the most popular web server on the Internet", but that's probably not the case: https://w3techs.com/technologies/overview/web_server
To me, that has shades of XFree86 calling itself "the premier open source X11-based desktop infrastructure." Um...
And those good defaults matter. If I pin down a set of TLS protocols today, will those still be good choices a couple of years from now? I don’t know. I’ll bet the then-current version of Caddy will still have good default settings. If HTTP/4 comes along, I suspect Caddy will configure it correctly on my site without me doing anything other than upgrading to a newer version, while other servers will want me to explicitly update their configs to enable it.
Admittedly there are some decisions we made with Caddy v2.0 that we would like to revisit eventually with a Caddy v3.0 in some future, but we haven't gotten to the point we've felt the need to plan that, most of those issues are minor enough that they haven't been deal-breakers. (And for context, v2.0 being a rewrite and rearchitecture from v0/v1 was necessary to unlock the potential that Caddy has realized today).
No professional should care about a handful of extra lines. Anyway, in many real life situations, the config will be long and complex, whatever tool you use.
In the case above, the cert was created offline with the excellent mkcert from mkcert.dev, which is perfect for a developer machine. In other cases, I've had to use a certificate provided by my client. For the remaining cases, cerbot automates all, including nginx's config. Or if one installs the latest nginx, ACME cert retrieval is now included, so the difference to Caddy is shrinking.
I don't deny that Caddy is a worthy tool, but I don't care if it makes me write a few lines less in configuration files that I rarely write or update. Praise should focus on more important features. [edit] The excellent leadership shown in this post seems more important!
That "except" is doing a lot of lifting, in my opinion. Automatic Let's Encrypt is a big part of why I reach for Caddy. Install, run, done. No cert management headaches. It felt like magic the first time I used it, and now that I think of it, it still does.
Also, if I want to add another domain that should be accepted and reverse proxied to my application, in Caddy I just do this:
Suddenly not only does my Wordpress site respond on example.com, but also wp.example.com, and caddyfreakingrules.example.com, Caddy will fetch and automatically rotate certs for all three domains, and Caddy will auto-redirect from http to https on all three domains. (Does the ngnix example actually do that?)Another thing, does nginx with the above configuration automatically load new certs if the ones that were there when the process spawned have since expired? Because not only does Caddy automatically renew the certs, it is handled transparently and there's zero downtime (provided nothing changes about the DNS pointers of course).
Caddy is freaking awesome!
Bonus, if this were your Caddyfile (the entire thing, this is all that's needed!):
Then you'll disable the unauthenticated JSON API on localhost:2019 (which is a good security practice, this is my only gripe with Caddy, this API shouldn't be enabled by default), tell Caddy how to use the DNS-01 ACME resolver against Cloudflare (requires a plugin to Caddy, there are loads for many DNS providers), and then tell Caddy to use appropriate wildcard certs if it has generated them (which for *.example.com it will have).The result of which is that Caddy will only generate one cert for the above 3 sites, and Let's Encrypt won't leak the existance of the wp.example.com and caddyfreakingrules.example.com domains via certificate transparency.
But it’s not only the config that makes Caddy nice. I think that’s a good example of the kind of care and consideration that goes into Caddy’s development, though.
There still remains this simple to reproduce bug where the page doesn't load of you use the full domain name of a site.
https://caddyserver.com./
Still, only you and one other person with a similar grudge have ever complained about it (we've never had any github issues opened about it in years, neither on our forums) and nobody who cares has attempted to solve it with code changes.
Which is sad, as now I have to reconsider.
I’ve seen people mentioning about dot at the end of the domain a few times this year. Also never knew is a valid domain and should be able to resolve. Some people mentioned before YouTube.com. Won’t load ads. But I think they fixed.
Caddy always worked well and recommended to other people. So I’m a pro caddy user, don’t get me wrong.
We appreciate the recommendations! :)
Looks like https://github.com/caddyserver/caddy/issues/1632 to me?
Oh and now I see you work on the project. Hard pass on Caddy if this is how you respond to mild criticism.
In my own cases of responsibility, Caddy would have eliminated them had it been around. Instead I've learned to be paranoid, though having things like this are far better in terms of easing cognitive burden.
Cheers for all of the hard work by you and other maintainers.
I try to avoid engaging in online flame wars but I will say that the developers - including Francis - have been nothing but helpful and courteous to me personally and I've also learned a lot from their numerous positive contributions to Caddy-related forums.
You seem to think there is a conspiracy against Caddy. That seems doubtful. But I could see disproportionate defensiveness like what is on display here causing some people to not be fans.
From the outside, such a group mechanism is happening here. Your reaction to the issue being brought up is not rational, and from the outside not understandable. Even if it was brought up 18 month before in the same way. And no, the curl post does not match your hostility. And no, the tone did not came off as "pretty snide", even if tribal voting pattern greys out your opposition anyway.
Please reconsider your approach here. If the issue is not fixable in caddy (though Apache seems to handle it fine?) maybe formulate a standard response that says something like "sorry, this is complicated, see the curl explication here" and leave it at that. Have an action plan that recognizes group dynamics and the burnout symptoms existing in the project, as mentioned in the article.
If you want another vote for how annoying the trailing dot issue is in general, hear it from no other than the author of Curl, Daniel Stenberg himself https://daniel.haxx.se/blog/2022/05/12/a-tale-of-a-trailing-...
That is not a grudge. That is not slander. That is not a hill to die on. That is not an attack.
This makes me wonder how many other minor bugs are dismissed by you as a grudge due to you overreacting like this. It makes me a lot less confident in your project.
It’s perfectly fine for you to say ”this is low priority and we have no plans to fix it in the immediate future”. What’s not fine is treating it like a personal attack because they dared mention it twice in 18 months.
I really don't think it's fair for you to make a judgement on me or the project from an interaction like this. At least judge the project on its technical merits. I've been very transparent here. But I can't stop you from having your thoughts. It is what it is.
You’ve explained why you won’t fix it (seems that you don’t feel you’ve got sufficient coverage to be confident to do so, or that it’s not possible to cover this type of change) so just put an faq up about it and do not take it personally. You cannot expect zero criticism.
This makes me wonder how many other discussion threads are wasted by this kind of complaints.
Overreaction to (alleged) overreaction never solves the problem!
My 2nd thought: Actually, this is very likely a culture/communication difference whereby both people care (I'm a big fan of Erin Meyer's work here)
My 3rd thought: I wonder what happens if I provide this repo and the chat comments to codex. Outcome: https://github.com/wsimmonds/caddy/pull/1
My 4th though: Perhaps I can make 'enemies' become friends if they both have disdain for AI ;)
Note: I would absolutely not submit this as-is. Caddy's an amazing project though I am not very familiar with its implementation and I'd seek to understand it, conventions etc. and make some obvious improvements to the code which has been generated - but this was a minor bit of fun. I created 4 separate versions and only in one of them did anything with TLS related get amended.
bananas
why is this your hill to die on?
Caddy has been great!
https://github.com/sponsors/mholt
I had in mind somehow requiring or rewarding everyone to pay a small amount. Like, anyone who uses software from a platform such as GitHub should pay a subscription fee for maintenance depending on usage. It could be small so that it doesn’t interfere with usage. Considering huge number of users, that could pay for maintainers.
The point is, there are large number of users, if each user pays a small amount to the platform, they won’t notice it, yet it accumulates to a maintenance fee.
Paying a maintenance fee makes sense, regardless of how you label it. The entirely free software has problems and may not be sustainable.
Sponsoring right away.
1. This may have been a misread on my part, on second read, gp's comment says nothing about mandatory payment. The reason I'm wary of mandatory payments is that you'd have to quantify who deserves what, and expend more time on the administration - likey setting up a foundation or company, or which not every F/OSS project needs. Again, I'm speaking generally - a Caddy Foundation, or Caddy Inc. may be appropriate. "Open source project" is a very broad term, ranging in size from leftpad to the Linux kernel, and the needs will be different for each.
(And this time with a solid option for companies too!)
Automatic HTTPS, multiple domains, proxying specific routes to local services, etc etc, managed by one extremely legible config file.
I've had literally one service failure over that period, and it was my own error after running upgrades of the droplet's operating system.
Highly recommended.
Congrats to Mike on growing the project to the point where he can responsibly take a hand off the wheel now and then. And thank you!
It's actually Matt :)
(He and I were coworkers for a time.)
Hopefully some Mikes have been involved in the project as well and picked up some stray well wishes.
Anyway, I'm hoping this will help the project scale better on the development side. The community has shown that it can be responsible. Thanks for being a great part of it over the last 10+ years.
I have not configured lone servers in a long long time
[1] https://github.com/pyinfra-dev/pyinfra
13 more comments available on Hacker News