Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Caddy webserver goes south - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Caddy webserver goes south

245

Comments

  • Life happen. You are always welcome to put some effort on a project, open source it and keep working on it for free. Is normal for open source projects to eventually commercialize.

    @WSS said:

    @rm_ said:

    Wedge was created following the announcement that sponsor headers would be added to HTTP responses, and official binaries would no longer be able to be used for commercial purposes.

    Note that this is for the "official binaries" only. This isn't horribly uncommon. Theo de Raadt used to refuse to release ISO images because people wouldn't pay $20 for a CD twice a year.. and the BSD license is a lot less restrictive than any GPL ever created.

    When I saw that, and his attempted attack on someone who wanted to rebuild his own binaries, though, I knew precisely where he was intending to go.

    The fact that he still hosts these "official binaries" on GitHub under a public license- I wonder just how difficult it would be to bundle them with a hex editor of your choice and change the header if you decide to do so. This would be a direct violation of his new EULA, but being that it's still being offered publicly on GitHub, he's already shown that he doesn't follow others' rules or restrictions.


    @jiggawattz said:
    The code in the git repository is licensed under the Apache License 2.0 which is most certainly a free software license. There is nothing stopping Individuals from forking this project and continuing.

    He's already begun removing tools and making things private that he considers not to be part of the project. This is how it begins. Apple had almost completely opensourced Darwin at one point, and then closed it up tighter than a Mormon seeing the golden tablets of Jedediah Smith in their minds' eye. With several of these license terms, all they have to return is how they hooked X into Y, rather than any major changes.

    See also: KDE's KHTML (WebKit) rendering engine and Safari, the initial GNU CC based ports for MacOS X (without source availability as it was still "beta"), et al.

    The GPL, and indeed, BSD don't protect a project very well if the authors have gone rogue. You're left with whatever the last, least-tained is, for the most part.

    Tion said: I always thought Caddy was a project of some guy with too much free time who wanted an idiot proof way to deploy a webserver with a let's encrypt certificate out of the box.

    Sure - then he graduated. Time to get a fucking job. With a paycheck.

    His Twitter shows that he's still attending school when not being a snarky little fuck on the internet.

  • @Hxxx said:
    Life happen. You are always welcome to put some effort on a project, open source it and keep working on it for free. Is normal for open source projects to eventually commercialize.

    I have no idea why you bothered quoting my entire post- or, indeed, responding to me when I was just illustrating how you can get away with not following the GPL license (legally).

    The time-tested and true means is usually to have at least two forks on a project/product, and to do work on the commercial product with security backports and possible features added to the GPL product later (even if it's trvial to do both unless you're horribly sloppy).

    Matt has shown direct intent to make it difficult for anyone to produce non-official binaries of Caddy. That is a very Theo thing to do- even though Theo has calmed down significantly since the late 90s.

  • WSS said: The time-tested and true means is usually to have at least two forks on a project/product, and to do work on the commercial product with security backports and possible features added to the GPL product later (even if it's trvial to do both unless you're horribly sloppy).

    This is indeed a good strategy. Virtuozzo/OpenVZ does this well.

    I'm sure someone - a student maybe or some dedicated devs - will fork Caddy and continue development.

    Matt has shown direct intent to make it difficult for anyone to produce non-official binaries of Caddy.

    Flaming someone on Twitter who wants to abet free-riding is not direct intent to sabotage non-official binaries. If you are a struggling artist, how happy are you when your fans just download your music for nothing?

  • eva2000eva2000 Veteran
    edited September 2017

    While expensive for licensing, totally understand that part.

    But using HTTP header as a means for it isn't my cup of tea when there are known performance overhead hit as you add more headers to Caddy. Though you can build from source yourself to get around the HTTP sponsor header requirement https://caddy.community/t/caddy-commercial-sponsor-header-clarification/2716

    But right now building from source is sort of broken too https://github.com/mholt/caddy/issues/1843.

    I think most personal usage folks using Caddy wouldn't care about that as they'd just use free version/personal with HTTP sponsor header intact anyway not knowing or caring about the performance hit as you add more HTTP headers.

    For HTTP/2 HTTPS loads, Caddy is ~1/3rd the performance of Nginx. So you'd need 3-4x Caddy servers to match the performance of 1x Nginx server for HTTP/2 based HTTPS. So for Commercial licensing you'd need 5/server license at discounted US$250/month which reverts to 4x250 = US$1,000 month once introductory licensing ends. That equates to $3,000/yr discounted or $12,000/yr for 5 commercial licenses if you only need 4 ?

    Compare Nginx commercial licensing for 1-4 servers https://www.nginx.com/products/pricing/

    • Nginx Basic $2,500/yr per server
    • Nginx Pro $3,500/yr per server
    • Nginx Enterprise $5,000/yr per server

    If I need 4x Caddy servers to match 1x Nginx servers performance the comparative cost is:

    • Caddy 5 instance license = $3,000/yr discounted or $12,000/yr normal price
    • Nginx 1 server Basic license = $2,500/yr, $3,500/yr Pro or $5,000/yr Enterprise.

    If I need 8x Caddy servers to match 2x Nginx servers performance the comparative cost is:

    • Caddy 10 instance license = $6,000/yr discounted or $24,000/yr normal price
    • Nginx 2 server Basic license = $5,000/yr, $7,000/yr Pro or $10,000/yr Enterprise.

    From financial and performance perspective, doesn't make sense unfortunately.

    Thanked by 1Hxxx
  • @jiggawattz said:
    Flaming someone on Twitter who wants to abet free-riding is not direct intent to sabotage non-official binaries. If you are a struggling artist, how happy are you when your fans just download your music for nothing?

    That's not at all what I have illustrated in this very thread as being hostile towards other devs, and most artists deserve to starve. Please look up.

    Thanked by 1switsys
  • This is why we like you. Smart.

    @eva2000 said:
    While expensive for licensing, totally understand that part.

    But using HTTP header as a means for it isn't my cup of tea when there are known performance overhead hit as you add more headers to Caddy. Though you can build from source yourself to get around the HTTP sponsor header requirement https://caddy.community/t/caddy-commercial-sponsor-header-clarification/2716

    But right now building from source is sort of broken too https://github.com/mholt/caddy/issues/1843.

    I think most personal usage folks using Caddy wouldn't care about that as they'd just use free version/personal with HTTP sponsor header intact anyway not knowing or caring about the performance hit as you add more HTTP headers. For HTTP/2 HTTPS loads,

    Caddy is ~1/3rd the performance of Nginx. So you'd need 3-4x Caddy servers to match the performance of 1x Nginx server for HTTP/2 based HTTPS. So for Commercial licensing you'd need 5/server license at discounted US$250/month which reverts to 4x250 = US$1,000 month once introductory licensing ends. That equates to $3,000/yr discounted or $12,000/yr for 5 commercial licenses if you only need 4 ?

    Compare Nginx commercial licensing for 1-4 servers https://www.nginx.com/products/pricing/

    • Nginx Basic $2,500/yr per server
    • Nginx Pro $3,500/yr per server
    • Nginx Enterprise $5,000/yr per server

    If I need 4x Caddy servers to match 1x Nginx servers performance the comparative cost is:

    • Caddy 5 instance license = $3,000/yr discounted or $12,000/yr normal price
    • Nginx 1 server Basic license = $2,500/yr, $3,500/yr Pro or $5,000/yr Enterprise.

    If I need 8x Caddy servers to match 2x Nginx servers performance the comparative cost is:

    • Caddy 10 instance license = $6,000/yr discounted or $24,000/yr normal price
    • Nginx 2 server Basic license = $5,00/yr, $7,000/yr Pro or $10,000/yr Enterprise.

    From financial and performance perspective, doesn't make sense unfortunately.

    Thanked by 2eva2000 netomx
  • Hxxx said: This is why we like you. Smart.

    cheers - I'm a logics guy :)

    Stevie said: I saw that too, TBH alot of "open source" company have been doing that, they start off open source and free and end up making a pretty decent software then BAM they do stuff like this, mongoose web server did something similar although not as expensive as caddy lol.

    There's better ways to do it like Nginx vs Nginx Plus, their commercial version just adds more value with advanced options and features compared to open source. Though I guess Caddy are trying to replicating that with the Private Plugin Hosting etc.

    Thanked by 1mholt
  • jarjar Patron Provider, Top Host, Veteran
    edited September 2017

    Would like to see the performance hit from one small header. Suspect it would be quite acceptable, if one preferred the web server for any reason.

    Granted, would like to see the benefits as well since basically no one will see it.

    Thanked by 1mholt
  • WSSWSS Member
    edited September 2017

    @jarland said:
    Would like to see the performance hit from one small header. Suspect it would be quite acceptable, if one preferred the web server for any reason.

    According to @eva2000, it's already -66% of an nginx service (I have not installed nor tested this numeric). As you know, other than adding trivial overhead which is possibly 1k (if ever reaching that), is easy to just add to ones' existing traffic.

    The single "header" is NOT what everyone is annoyed by, for what it's worth. You can continue to pretend that's why everyone's up in arms- but it isn't.

    The changing of the licensing is just pure greed. The fact that the new license denies the abilities of a commercial entity to use this product at all without a license is going to alienate the people who actually like/want to use this product.

    Their pricing tier does not make any sense- especially for a product that isn't proven to be better than anything else on the market (and is evidently much slower).

    Matt's trying to stall/block other developers from being able to build from a fork of the existing source tree tends to be what has annoyed most developers that I am aware of.

  • And now one of the sites he's included in the "This free server is supported by:" header, Minio, has asked him to remove their company from it. https://github.com/mholt/caddy/pull/1866 (abperiasamy)

    Thanked by 4netomx sarah MikePT sin
  • I wonder how sponsors will feel if the server was serving some kind of illegal content. "This server is supported by: " :)

    Thanked by 2netomx default
  • rm_rm_ IPv6 Advocate, Veteran
    edited September 2017

    eva2000 said: For HTTP/2 HTTPS loads, Caddy is ~1/3rd the performance of Nginx.

    Really? So what is even the point to bother with it in the first place.

    In any case, I suppose as long as it is needed by someone, there will be a fully Free and OSS fork (Wedge now), folding in all the useful changes and updates, while removing all the annoyances and providing official unencumbered binaries. With time most users may even migrate to that. This all is just FOSS working as intended.

  • WSS said: According to @eva2000, it's already -66% of an nginx service (I have not installed nor tested this numeric). As you know, other than adding trivial overhead which is possibly 1k (if ever reaching that), is easy to just add to ones' existing traffic.

    misunderstood Caddy even before HTTP header performance hits, already runs at ~33% of Nginx performance. Adding additional HTTP headers will lower that somewhat more ~5-10% more.

    All benchmarks are at https://community.centminmod.com/threads/caddy-http-2-server-benchmarks.5170/

    Thanked by 1netomx
  • eva2000 said: Adding additional HTTP headers will lower that somewhat more ~5-10% more.

    That's quite hard to believe from a purely programmatic standpoint.

    As an aside, interesting to note that with Nginx you cannot adapt the 'Server:' HTTP header. It's a hardwired thing.

  • eva2000 said: already runs at ~33% of Nginx performance

    Why would anyone want to use Caddy, let alone pay for it?

  • eva2000eva2000 Veteran
    edited September 2017

    @ricardo said:

    eva2000 said: Adding additional HTTP headers will lower that somewhat more ~5-10% more.

    That's quite hard to believe from a purely programmatic standpoint.

    As an aside, interesting to note that with Nginx you cannot adapt the 'Server:' HTTP header. It's a hardwired thing.

    issue happens on both h2o and caddy web servers from my tests but not nginx
    https://forum.caddyserver.com/t/any-performance-overhead-as-you-add-more-headers-under-http-2/403/3

    h2o reported issue https://github.com/h2o/h2o/issues/240

    Low concurrency tests at 10 concurrent users and 100 requests

    • Caddy 0.9 HTTP/2 HTTPS with headers = finished in 55.63ms, 1797.46 req/s, 2.43MB/s
    • Caddy 0.9 HTTP/2 HTTPS with without headers = finished in 48.52ms, 2060.92 req/s, 2.75MB/s
    • Centmin Mod Nginx 1.11.3 HTTP/2 HTTPS (2 cpus) = finished in 25.92ms, 3857.58 req/s, 5.99MB/s
    • Centmin Mod Nginx 1.11.3 HTTP/2 HTTPS (4 cpus) = finished in 22.39ms, 4465.68 req/s, 6.93MB/s

    Higher concurrency tests at 100 concurrent users and 1000 requests

    • Caddy 0.9 HTTP/2 HTTPS with headers = finished in 324.30ms, 3083.56 req/s, 4.17MB/s
    • Caddy 0.9 HTTP/2 HTTPS without headers = finished in 303.17ms, 3298.46 req/s, 4.41MB/s
    • Centmin Mod Nginx 1.11.3 HTTP/2 HTTPS (2 cpus) = finished in 228.77ms, 4371.15 req/s, 6.78MB/s
    • Centmin Mod Nginx 1.11.3 HTTP/2 HTTPS (4 cpus) = finished in 195.44ms, 5116.69 req/s, 7.94MB/s

    Even higher concurrency tests at 2000 concurrent users and 25000 requests

    • Caddy 0.9 HTTP/2 HTTPS with headers = finished in 6.16s, 4058.36 req/s, 5.47MB/s
    • Centmin Mod Nginx 1.11.3 HTTP/2 HTTPS (4 cpus) = finished in 3.21s, 7795.35 req/s, 12.09MB/s
  • FYI, Caddy's new http.cache proxy cache plugin helps with raising Caddy performance but still behind Nginx. See benchmarks I did at https://caddy.community/t/announce-new-http-cache-plugin/2429/10

  • HxxxHxxx Member
    edited September 2017

    Is quite hard to beat serverpilot.io stack which combines apache with nginx and a few other relevant technologies. Heck is already hard enough to beat Nginx alone... Why would anyone code a new web servers, make it open source then try to monetize it when is a lot slower than the alternatives?

    Reason: Hipsters.

  • @ricardo You can change the server header with the "Extra Headers" module for NGINX.

    Thanked by 2ricardo yomero
  • @Aidan said:

    eva2000 said: already runs at ~33% of Nginx performance

    Why would anyone want to use Caddy, let alone pay for it?

    Becouse installation and configuration takes a couple of seconds? On top of that it handles your certificates for you. Ideal for dev stacks. Would I be prepared to pay for it? No. With their pricing it would make more sense to fork it myself and hire a programmer to maintain it.

  • @ricardo said:

    eva2000 said: Adding additional HTTP headers will lower that somewhat more ~5-10% more.

    That's quite hard to believe from a purely programmatic standpoint.

    That's what I thought, too, but evidently "new" programming is something we've never even considered since they can manage concurrence and automatic garbage collection, but appending a small bit of text causes the whole thing to crash to a grinding halt.

  • doghouch said: @ricardo You can change the server header with the "Extra Headers" module for NGINX.

    Ahh yes. I remember coming across this on an older version of NGINX but now you can use this module. I was trying to avoid the fingerprint of showing the same backend proxied content. Their original reasoning for hard coding it was for metrics & branding IIRC.

  • WSS said: @ricardo said:

       eva2000 said: Adding additional HTTP headers will lower that somewhat more ~5-10% more.
    

    That's quite hard to believe from a purely programmatic standpoint.

    That's what I thought, too, but evidently "new" programming is something we've never even considered since they can manage concurrence and automatic garbage collection, but appending a small bit of text causes the whole thing to crash to a grinding halt.

    Yeah, I mean if the test was a static page of say, a hundred bytes or so, I could see why the additional writes & tiny overhead of a hook would result in that kind of difference.

  • Build a tentacle porn site using caddy.

    Thanked by 1Hxxx
  • imagine they had 100 sponsor

  • @sibaper said:
    imagine they had 100 sponsor

    It'd take 4 minutes to render a page!

  • Seems like they might have lost minio as a sponsor https://github.com/mholt/caddy/pull/1866

    https://caddyserver.com/sponsor

  • So what's the LET summation... Guy working on his lonesome gets shat on by freetards? Demonic bait and switch spitting in the face of open source? Greedy bastard cashing in?

    I'll continue using Nginx but it's interesting to see the reaction. I don't know enough to see how much has been contributed to the repo by the community

  • RhysRhys Member, Host Rep

    ricardo said: see how much has been contributed to the repo by the community

    too much.

Sign In or Register to comment.