The pairing of Caddy & LetsEncrypt have been spectacular for shipping TLS software with way less pain.
We're currently on a funny (Caddy docker external reverse proxy -> Nginx docker internal reverse proxy -> docker app) config. Our user admins can do custom TLS via Caddy, and thereby end the years of Nginx TLS pain. Meanwhile, we get to keep doing most of the fun Nginx tricks internally to make sure our GPU graph visual analytics streaming tech does cool things. It's been a breath of fresh air.
We've been watching Caddy 2. Project history like phoning home for a school project (this might have gotten people sued and endangered others!) taught us to be especially careful w/ upgrades, but w/ Nginx going open core startup and now being part of F5, I've gone pretty down on Nginx and up on Caddy over the last few years. The more we want to do more w/ Nginx, the more we want to get off Nginx for the internal proxy, so looking forward to Caddy continuing to improve!
We're currently on a funny (Caddy docker external reverse proxy -> Nginx docker internal reverse proxy -> docker app) config. Our user admins can do custom TLS via Caddy, and thereby end the years of Nginx TLS pain. Meanwhile, we get to keep doing most of the fun Nginx tricks internally to make sure our GPU graph visual analytics streaming tech does cool things. It's been a breath of fresh air.
We've been watching Caddy 2. Project history like phoning home for a school project (this might have gotten people sued and endangered others!) taught us to be especially careful w/ upgrades, but w/ Nginx going open core startup and now being part of F5, I've gone pretty down on Nginx and up on Caddy over the last few years. The more we want to do more w/ Nginx, the more we want to get off Nginx for the internal proxy, so looking forward to Caddy continuing to improve!