I am wondering what’s so special about Caddy, from reading online what I understand is this:
TLS management, apparently it’s much easier to work with SSL certificates if we use Caddy. Why is certificate management so difficult? (if someone could explain from first principles I’d be very grateful)
Reverse proxy, for this I am wondering if it’s possible to simulate this locally via running multiple docker containers
Thanks all, just really curious to gain a deeper understanding about all the problems which Caddy solves.
If you use (most) other webservers, you need to also run a program like certbot or similar to automate TLS issuance for you. These work as cron scripts.
Having it bundled in your webserver unlocks a lot of extra features (On-Demand TLS, ACME TLS-ALPN challenge, OCSP stapling, automatic revocation detection) which are difficult or impossible otherwise. Also simplifies the stack, one less piece of software you need to run and configure.
Caddy has the most robust ACME implementation in the industry, largely in part because of the retry logic and issuer fallback. Caddy doesn’t only support Let’s Encrypt, but also ZeroSSL, so if LE has an outage, Caddy can still issue a valid cert with ZeroSSL.