*** Welcome to piglix ***

Caddy (web server)

Caddy
The Caddy web server logo.svg
Original author(s) Matthew Holt
Initial release 28 April 2015; 2 years ago (2015-04-28)
Stable release
0.10.2 / 2 May 2017; 60 days ago (2017-05-02)
Repository github.com/mholt/caddy
Development status Active
Written in Go
Operating system Android, BSD variants, Linux, OS X and Windows
Type Web server, reverse proxy server
License Apache 2
Website caddyserver.com

Caddy, sometimes clarified as the Caddy web server, is an open source, HTTP/2-enabled web server written in Go. It uses the Go standard library for its HTTP functionality.

One of Caddy's most notable features is enabling HTTPS by default. It is the first general-purpose web server to do so without requiring extra configuration.

The author, Matt Holt, began developing Caddy in December 2014 and released it in April 2015. In the year following its release, it was downloaded over 20,000 times and received 4,500 stars on GitHub.

Caddy supports a variety of Web technologies and is available as statically-compiled binaries for Windows, Mac, Linux, Android, and BSD operating systems on i386, amd64, and ARM architectures.

A variety of web site technologies can be served by Caddy, which can also act as a reverse proxy and load balancer. Most of Caddy's features are implemented as middleware and exposed through directives in the Caddyfile (a text file used to configure Caddy).

Caddy is not vulnerable to a number of widespread CVEs including Heartbleed, DROWN, POODLE, and BEAST. In addition, Caddy uses TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.

On June 2, 2015, version 0.7.1 was released to patch a vulnerability to timing attacks in Caddy's basic authentication middleware.

With regards to protocols and cipher suites, Caddy uses TLS 1.0-1.2 and prefers ECDHE ECDSA with AES256 GCM SHA384, although a dozen different ciphers are supported. Caddy has also been used by Cloudflare as a platform to serve an experimental TLS 1.3 implementation.

Traditional privilege de-escalation as performed in C programs is non-trivial in Go programs. In order to bind ports lower than 1024, Caddy must be run as root (not recommended) or given capabilities to bind to low ports using setcap (recommended). However, an alternate method of dropping privileges that involves spawning an unprivileged child process will likely be implemented in a future version.

Caddy does not automatically enable HTTP Strict Transport Security; it is recommended that users enable HSTS using Caddy's header directive.


...
Wikipedia

...