Caddy, or stick with the tried and true, Nginx?

Posted by Unique-Squirrel-464@reddit | sysadmin | View on Reddit | 8 comments

When it comes to SaaS apps, and apps in general, I started out with Apache but then eventually switched over to using Nginx on my servers, it is tried and true, and very fast. However I'm working on a new feature where people can use a custom domain to access one of my apps, so of course that started me down the rabbit hole of how to best accomplish that and how to handle the issuing and renewal of SSL certs. So now I have two paths:

Stick with Nginx, script the addition of the new host to the nginx config, and then handle the issuing of the SSL certs via Let's Encrypt in a queue or scheduled job. Basically check DNS to make sure the customer updated their domain so its pointing at the server, then script the usage of certbot to issue the cert.
Just use Caddy, which has SSL cert issuing built in, no scripting necessary.

My concerns with switching to Caddy is whether it is performant enough in a production environment?

Has anyone else crossed this bridge? What decision did you make? If you went with Caddy, how has performance been and has there been any issues?

[-]

Live-Juggernaut-221@reddit

Nginx for static files. Haproxy for ssl/load balancing/routing.

[-]

Wonder_Weenis@reddit

caddy just works

Unless you're balls deep in nginx config, use caddy.

[-]

certkit@reddit

"Because you know it" is a great reason to just stick with nginx. Any new piece of software is going to come with edge cases and unexpected behavior that can slow you down, or cause outages.

If the major thing you need out of nginx is automated SSL renewal, you can get that from other things, like CertKit.

**Obviously, I am certkit.

[-]

CheesecakePerfect156@reddit

Caddy. Nginx is horrible to config

[-]

Unique-Squirrel-464@reddit (OP)

I don’t have many issues with doing the config, but honestly over the years I have saved copies of configs and snippets that I pull from…. So maybe it is, because it would be hard doing it by hand 😀. That being said, now that we have AI, anyone configuring it should just let the AI overlords do it for them.

But definitely +1 on Caddy, that is truly one you can do by hand without even have to give it much thought.

[-]

HugeRoof@reddit

Are you close to the limits of what you can do with nginx? (unlikely) If not, just do caddy and call it a day. LLMs can template what you need to switch to caddy in a few seconds and end up dead simple with no need to touch it for years at a time except for binary updates.

The only reason I even have nginx in places anymore is because building it is already part of a pipeline and it would be a lot of work for no gains (we dont terminate TLS in any of our nginx containers).

[-]

Unique-Squirrel-464@reddit (OP)

Thanks for the advice. I’m not near the limits of what Nginx can do, and honestly if I get that much traffic I’m probably going to horizontally scale anyways. I don’t like terminating TLS at my server, generally I put everything behind CloudFlare and then just use a self signed on the server (for connection from CF to the server) and let CloudFlare handle the certs. This project is slightly different though.

[-]

raip@reddit

https://www.reddit.com/r/selfhosted/comments/1odh46j/nginx_vs_caddy_vs_traefik_benchmark_results/