Hi there!
I was an avid Apache user for 5 years, but I’ve been using Caddy for a couple of months now, and I’m overall satisfied! I’m not looking back ever since
I love how easy it is to set-up, understand and have TLS certificates working (having Apache+Let’s Encrypt was a real hassle). I’ve had a very good experience, and I would like to thank Matt Holt for starting the project and the +100 contributors on GitHub: you are awesome, guys!
I’m starting to learn Go because of it, and I’ll be contributing soon (I hope ;)).
But there are some features missing for me, that I would consider to be core:
-
Dynamic loading of
Caddyfiles
per domain.
Wouldn’t be nice if, instead having to edit a single Caddyfile, Caddy loaded dynamically Caddyfiles “on-demand”? (not necessary to be on-demand, it could be cached).
Imagine that you have 3 folders:domain1.com
,domain2.com
anddomain3.com
, each one of those has its ownCaddyfile
. You could add new domains without having to restart/reload the Caddy service at all, and get the Let’s Encrypt certificate with the new DNS-challenge feature deployed in the 0.9 release. -
Background processing of new certificates
If you don’t like the idea above (I can understand why), let me contribute with another idea. Right now,service caddy restart
just loops over every domain and if there is a new domain, it has to retrieve the Let’s Encrypt certificate (going through all the ACME thing), and then it deploys the server… meanwhile having the rest of the domains halted, waiting for the new one to finish. (this is what I see from the SSH terminal, don’t know if this is how it actually works). It would be nice if it used the DNS-challenge to get the new domains, without interrupting the other domains, or at least, having a CLI option. -
CLI option to not halt on invalid domain
Okay, this caught me off-guard yesterday, and had to post it here. And I admit that it’s my fault, an human mistake. I moved one of my servers, and changed every single DNS record but one. The result? Whoops, Caddy won’t start because of it. And I spent like 2 hours trying to figure out what I did wrong on migration. I would appreciate to have an option for Caddy to just ignore the invalid ones and log them in/var/log/
or whatever we put in the-log
flag. This would be excellent for automated environments, and to help people by avoiding mistakes. -
Resource limit per domain in Caddyfile
Having directives like cpu_limit, mem_limit and bandwidth_limit would be great in order to avoid DDoS attacks and have a fine grain control over every domain. I know this is possible using proxies, but keeping it simple with Caddy would be nice to have.
What’s your opinion about these ideas?
Have a great day,
Ryan.