Moving from NGINX to Caddy

My reasons for moving my webserver from NGINX to Caddy!

Why I Moved #

Having one application to do what 3 applications would when using NGINX makes managing my server easier. Using Caddy replaces the ACME client, Dynamic DNS, and NGINX server applications. With the automatic certificate management, it requires less manual configuration than using NGINX.

Caddy also supports Post-Quantum algorithms for tls encryption and Encrypted ClientHello (NGINX would support PQC if compiled using OpenSSL 3.5.0-alpha1+).

Advantages of NGINX #

NGINX is ’tried and true.’ Although Caddy is written in Go with high memory safety guarantees, NGINX has existed for a very long time and may be considered more secure. Also, for others, NGINX may offer more granual configuration than Caddy.

Problems with NGINX #

As NGINX has grown, they have created a paid, NGINX Plus version of their software. I beleive this goes against the philosophy of open source as this could cause the project to withold features from the free version.

NGINX doesn’t support Encrypted ClientHello in their upstream code (still?).

NGINX doesn’t support any Post-Quantum Cryptography algorithms. This will be fixed when PQC is added to OpenSSL (it has in their latest alpha).

Advantages of Caddy #

When building, Caddy uses modules that are imported when building. This makes caddy have zero dependecies (when running the binary). This also allows for certain modules to be built, which can reduce bloat.

Recently, Caddy added Encrypted ClientHello and Post-Quantum key exchange by default.
Caddy’s Dynamic DNS will automatically configure ECH in the DNS entries with one simple line:
{ ech ech.example.com }

Also, Caddy easily supports QUIC/HTTP3 support, again, with just one simple line:
server { protocols h1 h2 h3 }

Problems with Caddy #

In my experience, the configuration of Caddy through Caddyfile is harder than through NGINX. Caddy also has a smaller community which may make it harder to find support with issues.

Caddy’s performance has been shown to be slower under heavy loads compared to NGINX, but this won’t affect normal user (less than 1000 requests per second).