[Seirdy]

I generally recommend Caddy over Nginx, but Nginx does still have certain advantages:

- Nginx supports OpenSSL commands that enable features like TLS record padding.

- Performance: better latency and scalability to more connections. Not everyone uses a CDN for static/cached content

- Kernel-accelerated TLS offload on Linux and FreeBSD

- Many existing modules provide unique functionality. The many modules for live video streaming and image processing are good examples.

- An ecosystem of patches with features like HPACK static dictionaries, dynamic TLS record sizing, etce

> …has terrible language integration.

Generally, "language integration" isn't really a use-case for vanilla Nginx; it's a use-case for Nginx Unit, an Nginx language-specific module, or OpenResty. I personally prefer the reverse-proxy route since it lets me use whatever language I want regardless of server support: Go, Rust, Python, C, etc.

If none of these are that important then I absolutely would not recommend Nginx; Caddy would be the better tool.

> People aren't writing internet scale software in lua for a reason.

I'd include Itch.io, much of Taobao, and some of the most popular API gateways (including Kong) in the category of "Internet-scale software written by 'people'".

POSSE (Publish on Own Site, Syndicate Elsewhere) note from https://seirdy.one/notes/2022/09/09/reasons-to-use-nginx/

[mholt]

While I'm glad you recommend Caddy in general, it's worth noting that those advantages come with costs though, too:

- Padding: (I'm pretty sure Go already does this too: https://go.dev/src/crypto/tls/conn.go)

- Performance: Requires nuanced tuning. Caddy performs competitively well for real world usage

- kTLS: Sacrifices memory safety.

- Existing modules: How do they perform compared to natively-compiled code? Caddy modules can do all that nginx modules can do, and more, but are natively compiled. I ran experiments with Caddy+Starlark that performed 2x as fast as Nginx+Lua.

[Seirdy]

I recommend users who link against OpenSSL to enable padding to multiples of at least 1024 bytes if they want to impede traffic analysis. The Nginx devs aren't interested in implementing random record padding or supporting the feature in BoringSSL/LibreSSL, unfortunately.

Can Caddy leverage either form of padding? If so, I might need to give it another look!

And regarding modules: most are written in C and dynamically loaded as shared objects or statically linked during compile-time. A bunch are listed at https://www.nginx.com/resources/wiki/modules/. The ones for live streaming and VODs are the hardest to replace, IMO. IPScrub was my favorite but I haven't used it for a few years.

Personally, I think live streaming and ffmpeg-based encoding are specialized enough to warrant a specialized server (like a custom Nginx build) and are a bit out of scope for a general-purpose user-friendly server like Caddy.

[mholt]

I'm not sure, I'd have to see what the crypto/tls package does.

I would push back against the notion that something like that is "out of scope" for a "general-purpose user-friendly server". Caddy is far from user friendly if you utilize its low-level JSON configuration API, and at its core, Caddy is an extensible server platform. Even its HTTP app is a plugin, and it can be extended to do frankly anything if you want it to. Streaming video is a use case that I know several people use it for already.