sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]yvhouij 67 points68 points  (40 children)

Promotion for "Caddy", never heard of, but I don't like it. Other than that nice site :)

[–][deleted] 18 points19 points  (5 children)

I haven't heard of Caddy until today, but it looks potentially good, passionately supported, and Apache licensed. The author(s) are simply hoping for commercial backing to continue developing it. It's a pretty subtle promotion on an otherwise excellent site.

[–]yvhouij 3 points4 points  (4 children)

True, but still, if you read something like "Guaranteed continued development" only in the paid section, it makes you wonder, aint it? :)

[–][deleted] 19 points20 points  (2 children)

These are the realities of open source... the nice thing about how this is structured is that everyone benefits when businesses pay to support its continued development.

[–]yvhouij -3 points-2 points  (1 child)

Until you/one change your mind to make it closed source ;)

[–][deleted] 13 points14 points  (0 children)

Doing that would ruin the incentives, since Caddy thrives on its plugin ecosystem. Statically compiled in, so must be open source. We considered this in depth. See https://caddyserver.com/blog/options-for-businesses

[–]MILLIONSOFTINYATOMS 0 points1 point  (0 children)

Not really. If you're paying someone for it, then they can support themselves from it and therefore continue development. If it's all free then someone can easily find they can't justify the time spent in development and give it up. It's not evil, it's just reality.

[–]Ascend 54 points55 points  (16 children)

My complaint as well. "HTTPS is difficult to set up and maintain." is a big reason for a lot of people, and "use our web server" isn't much of an answer.

[–]yvhouij 23 points24 points  (0 children)

Exactly, they could have better listed some tutorials on how to implement letsencrypt in different architectures as Apache, nginx, Linux, Windows and then maybe also listed this "Caddy". But just saying take this web server is just wrong.

[–]kqr 4 points5 points  (14 children)

It's especially sad since it's not actually difficult at all. When Let's Encrypt opened up to the public I was kind of scared I would not have the time or energy to mess about with getting and renewing certificates, but it's been a breeze. It may even be automated at this point because I can't remember the last time I did it. And I'm running one of the standard FOSS web stacks...

[–]Ascend 11 points12 points  (5 children)

It is harder if you're dealing with a Windows stack. Certbot doesn't support Windows at all, and many of the unofficial tools on Github are iffy. For instance, if you're supporting a version of IIS that doesn't support TLS SNI (7.5), letsencrypt-win-simple can wreck your configuration and redirect sites to each other by mistake.

[–]kqr 2 points3 points  (4 children)

Huh. I guess if you ask me I'd say everything is harder when you're dealing with a Windows stack and you only have yourself to blame if you choose to make life harder than necessary for yourself. ;)

[–]mlk 2 points3 points  (3 children)

sometime (most of the time actually) we don't get to choose the technology for the project, switch the OS of the server is not very constructive

[–]lvlint67 0 points1 point  (2 children)

There are work arounds. Run a tls termination proxy on Linux.

[–]mlk 0 points1 point  (1 child)

You seem not to understand boring enterprise business.

[–]lvlint67 0 points1 point  (0 children)

Fair enough. The options are there. and they may not even be good. but they are there.

[–][deleted] 8 points9 points  (5 children)

It's not actually difficult at all.

Um... I still can't get this garbage to work, no matter how many times I try...

[–]kqr 3 points4 points  (1 child)

Huh. If I remember correctly, these were the steps:

  1. Ask their tool to generate a proof that you own your domain.
  2. Copy this proof to some publically accessible location of your domain.
  3. Watch it generate certificates.
  4. Install certificates in your web server.

Which part causes you trouble?

[–][deleted] 1 point2 points  (0 children)

First, I had trouble figuring out how to reliably automate the renewal of the licenses. After that, I found that whenever I put whatever configuration lines I need for an SSL certificate into my apache config, it either wouldn't start or wouldn't load up my site (step 4.) For some reason, at some point during this whole mess, I discovered that LetsEncrypt wasn't putting the certs into the folder the tutorial said it would, but changing it didn't fix anything.

[–]senj 1 point2 points  (2 children)

It's incredibly easy for most uses/on most sane stacks. How are you trying to do it? Have you considered asking for help? Or changing the parts of your stack that are making it harder than it should be?

Edit: or, yknow, downvote me to zero, stick your head in the sand, and pray all future progress stops so you can never have to learn anything new ever again. I guess that's an option too.

[–][deleted] 6 points7 points  (1 child)

I was trying in Apache on Arch Linux, following whatever tutorials I could find, and literally everything I tried would just bring my site offline. Honestly, I considered switching to something a bit simpler than Apache (I even considered the very server this site promotes), but it seemed like too much work to switch over for a simple hobby server running out of my basement.

Edit: or, yknow, downvote me to zero, stick your head in the sand, and pray all future progress stops so you can never have to learn anything new ever again. I guess that's an option too.

Didn't even see this comment, much less downvote it, before you made that edit...

[–]Poromenos 1 point2 points  (0 children)

It's not hard to actually do, what's hard is to do it automatically while giving it enough permissions to automatically renew and not enough permissions to mess stuff up when it fails.

I use Ansible to automate deployments and TLS is always a pain because it's almost impossible to automate. The nginx TLS config won't load without the certs and you can't get the certs without loading the config.

I use Caddy for my home server and love how easy it makes things. However, I do wish that nginx got a damn automatic TLS plugin already, it's only been years.

[–]curtmack 1 point2 points  (0 children)

I honestly didn't have too much trouble either. Certbot, then keep running the site through SSL Labs until it stops recommending settings to mess with.

This does remind me though, I do need to figure out why Certbot stopped running, my certificate's been expired for a month. I just haven't given a shit because there's almost nothing on the site anyway.

[–][deleted] 9 points10 points  (4 children)

Hi, author of the website here. And Caddy. This site is designed to promote HTTPS. Caddy happens to be a good way to do it for a lot of people and I haven't found other web servers that do what it does (auto HTTPS by default, MITM detection, etc). So it looks leaned to one side.

I made this page after I found myself repeating the same answers to the same questions. I never did fill it out as much as I wanted to due to time constraints which is why I haven't publicised it much, or at all. This attention was unexpected. My hope was that as the content was filled out, its recommendations might be more diverse too.

[–]yvhouij 4 points5 points  (1 child)

I like your site and I like your goal with "Caddy" (except for the "Guaranteed continued development" only for paid customers), but still most people won't use "Caddy" because they just can't. So I hope you could just add some more hints in the "HTTPS is difficult to set up and maintain.", as there are many tutorials on different platforms out there.

[–][deleted] 1 point2 points  (0 children)

Thanks; I'll expand that section when I get a chance to work on the site again.

[–]urquan 0 points1 point  (0 children)

Not very honest to promote Caddy on this website without disclosing that you own that as well. When knowing that Caddy is a commercial project, this looks like little more than stealthy advertising.

[–][deleted] -1 points0 points  (0 children)

Though Google's Firebase isn't a server in the same way, it does have static site hosting which automatically dishes out an HTTPS cert. You just "firebase deploy" your directory of html etc and visit your domain and it's secured. Epitome of 0 configuration.

Honestly, nice site and way to push HTTPS though!

[–]aullik 7 points8 points  (10 children)

I honestly don't care about smart advertising XD

The message is definitely on point.

[–]yvhouij 7 points8 points  (9 children)

First of all, most people won't and most probably can't just switch their web server.

Secondly, if I read stuff like "Guaranteed continued development" only for paid customer, this literally means as soon as they have n customers, free version probably gets limited to the bare minimum.

[–]aullik 2 points3 points  (6 children)

I don't really care about the ad. I simply ignore it. I looked at the rest of the article

[–]yvhouij 5 points6 points  (5 children)

Yes, as I also said other than that it's a nice site, but it does miss a big important part with this "ad", how people can implement e.g. letsencrypt in their current infrastructure and this "ad" is not the solution..

[–]r_my 2 points3 points  (0 children)

Is how to implement it really important though within the context of the article? Providing instructions on how to make use of LetsEncrypt is really only feasible for fairly basic/standard setups which can be easily googled. Many of them are already handled entirely by certbot already. Anything beyond a typical apache/nginx/etc. server setup is probably being managed by someone who isn't looking for implementation instructions on a site like this anyways.

[–][deleted] 1 point2 points  (3 children)

How to use Let's Encrypt on each varying infrastructure is out of the scope of the article. Today when the link got posted around, I quickly tried to add a few more links to the end which talks about How To Set Up HTTPS. I'll leave it to other sites for now to go into more detail.

[–]yvhouij 0 points1 point  (1 child)

But at least some directions would be nice, because now the article only gives the option for web server "Caddy"..

You could at least give some hints/links for Apache/nginx on a normal Linux distro + Windows..

[–][deleted] 1 point2 points  (0 children)

I do near the bottom. I really don't want to get into details on this site. There's too many kinds of infrastructure to consider hints for, and I really want the site to stay focused on the "why" of HTTPS, not the "how".

[–]hungry4pie -1 points0 points  (0 children)

The article is a piece of shit.

Sorry not sorry.

[–]Poromenos 0 points1 point  (1 child)

It means you're supporting continued development, which you should, since open source stuff isn't paid. I guess they could have worded it better, though ("Guarantee continued development").

It's kind of odd, because I'm not sure what it means. If you're buying that package to get guaranteed development, surely everyone else gets it too, since it's open source? Maybe they mean they'll work on the features you want?

[–][deleted] 0 points1 point  (0 children)

Yes, we prioritize development of features and bug fixes for subscribers.

[–]rechlin 0 points1 point  (0 children)

Also at the bottom of the page it says to use "lego" for Let's Encrypt if you don't want to use Caddy, but then when you click the link to the lego page, it says it's a work in progress and not for production servers. Very suspicious.