It's been a while since I've seen Caddy here and I do remember all the controversy over the licensing. It is difficult to make an open source project and find a way to monetize/live off of it and there's always been that push/pull with projects like this, Redis, and others.
Back during that mess, I settled on haproxy+certbot+nginx in containers to setup my personal sites, but something like Caddy can greatly simplify that kind of stack.
This is pretty cool news and I hope this project continues to develop. How have they solved their funding problems? Does this have to do with the comment about Ardan Labs? For other people with FOSS projects who want to be able to work on this kind of stuff full time and not care about motorization, what options are there (other than Patreon/crowd/community type funding?)
As a developer, I like to get paid, but the issue of monetising something you already gave away for free is more complicated than that and the idea that somebody can build an effective business on something like caddy is probably a tad unrealstic.
There's a long list of free shit that we're building on top of. It's a bit like somebody sticking a cherry ontop of a free cake then trying to charge for it.
This is why a lot of people just go down the consultancy route. I imagine Matt Holt will be better off simply from being the author of a famous project.
Don't get me wrong though, if the project can monetise Caddy, all power to them.
Kevin Kelly of Wired magazine fame once wrote a piece called Better than Free which I think kind of distills key points against competing with anything that can be had for free on/from the internet [0], which are:
1. Immediacy (pioneer?)
2. Personalization (bespoke?)
3. Interpretation (consultancy?)
4. Authenticity (brand?)
5. Accessibility (SaaS?)
6. Embodiment (concierge/luxury?)
7. Findability (marketing?)
I'm not sure if anyone else has written abt this, but I'd like to read more.
Yes, basically this translates to that if you write a FOSS program and give it for free, you can start a side business for it with 10x the effort (marketing, polish, etc) needed than if you were selling it proprietarily, for 1/10 the profits...
> Kevin Kelly of Wired magazine fame once wrote a piece called Better than Free which I think kind of distills key points against competing with anything that can be had for free on/from the internet [0], which are:
Or maybe, you know, just have a better product. Case in point: NLEs. There are a whole bunch of free and sometimes open source NLEs, most of which just aren't particularly good.
nginx has an ad-free truly FOSS offering under BSD-2-Clause (not AGPL or SSPL) that isn't intentionally hamstrung. Their paid features are for larger and more advanced deployments. They don't try to claim a different non-commercial license for the binaries. It's definitely a massive step up compared to how Caddy operated in the past.
I have been using nginx pretty heavily in a wide variety of use cases for coming up on 10 years and I have never encountered this issue. I have also always used the free version of nginx.
I of course don't dispute that this limitation exists, but I'm just pointing out that the need for this type of error handling is, in my experience, quite rare.
There may be some very specific use cases where this is a deal breaker, but I would say the claim that the free version of nginx does not include "basic error handling" is a pretty grotesque exaggeration.
The scenario described only occurs if they’re using host names for their upstreams, and that hostname is no longer resolvable. It results in an error during config parsing, preventing reloads and fresh starts. Moral of the story: don’t use DNS names in upstreams unless you’re sure they’ll always resolve I guess.
That's tough: we do docker compose, so upstream = named container, and so init can be wonky (ex: dev). We have started strangling Nginx out for caddy bc this + LE (no pay gate on ssl autorenewal). These are increasingly basic things for modern apps.
>> If you start an nginx reverse proxy and it cannot reach upstream, nginx won't start at all. Only way to fix this is to pay.
I don't understand - if my upstream is down my nginx returns the usual "503 Service Unavailable". Are there any particulars to the configuration you are describing?
The problem isn't when the host is down, it is when nginx can't lookup the address for the host. If your DNS records are OK and your resolvers are working this isn't a problem, but if nginx (re)starts while you are having connectivity issues or if a DNS record that your config relies upon has been dropped it won't start any service until that one is edited.
Workarounds include using addresses not names (not practical at scale), running a local resolver that will hand out the last known address if it can't see the resolvers it normally forwards requests to or gets an NXDOMAIN response (extra hassle and technically breaks DNS so make sure other things don't use that resolver), or just ignoring the problem because it very rarely happens (though for some setups it is more likely than in others).
In my (current) uses of nginx it isn't a problem at all, though a concern springs to mind that might affect me later: if it only fails on startup, does that imply it isn't ever refreshing name->address mappings at all in normal operation so that if a server it is proxying for moves address that proxy config will start to fail until nginx is restarted? Any nginx experts want to comment so I can be lazy and not test or otherwise research this myself?
Huh. I don't think I've ever encountered this because I've only used nginx to server content or applications. I've always had it behind haproxy, which does have an option to allow haproxy to startup even if a backend host name doesn't resolve.
You describe an environment that is quite scaled up. I would assume that if there is scale, there is money. And a license to the commercial version is what, 2 salaried hours a year? It is easy to save time and money. I am sorry, but I cannot see this as a big problem.
We'd strayed off topic and were discussing an issue in nginx. Basic per-instance subscriptions for that are $2,500/yr each for small numbers of instances which is somewhat more than a couple of salaried hours.
Still not a large amount for a company with a profit making product, of course, but companies with profit making products are fewer and farther between than companies would like, and for a one-man-band or other small business trying to boot-strap something bigger, there isn't the same drop/ocean ratio.
Also, the implied problem (this still needs confirming/contradicting, so I might be barking up the wrong end of the stick) that it may not be updating name->address resolution regularly during normal operation (otherwise why does this only cause failure on start-up?) might not by fixed by the extra modules enabled by the paid licence.
This is particularly annoying when using nginx to sit in front of a bunch of uwsgi (python) docker containers. if one of the containers doesn't start for some reason, nginx will abort.
Presumably you could write some basic error handling and distribute under the same or even stricter oss terms? It would be fairly simple to 'uncripple' it in other words, either with contributed code, or to wrap the upstream in haproxy itself to ensure availability.
Software takes effort. Whether you want to get paid for that effort is a decision each developer can make, and many choose to contribute freely without payment. It's their prerogative. There is no "should" about it.
They said that they will focus on supporting enterprise clients, so that’s probably where the money will come from. This is similar to what Nginx is doing I believe.
Short answer: Yep. And even for developers in western countries there is still the hassle of pushing it through purchasing.
Long answer, hopefully really thoughtful and careful as I've had time to think this through:
I think I remember sponsoring Caddy when it was still an open source project. Not much, maybe USD25 or 35 or something (dinner level or something I think it said).
Also I think they got a grant or sponsorship from Mozilla.
I never used it though, I only donated because I was enthusiastic about him creating a nice open source project that I would likely use in the future.
Next I know it is a commercial project, more or less (it took a while before I realized he had left a way around it and it seemed entirely intentional that it wasn't obvious.)
So now I have helped someone start a business, which is nice but not what I thought I did when I donated to a permissively licensed open source project. (I thought I was helping create a new Apache server.)
Still no big problems so far in my case, I'm lucky that USD25 is not much in my case and he probably deserved it even if it left a small sour taste right there and then.
The bigger problem is I never started using Caddy because when I came back to use Caddy I had to consider if my use case would be OK, if I would have to pay a license (which is fine with me but an extra hassle as it has to got through my boss) and suddenly it was very easy to fall back to Apache.
Suddenly instead of helping kickstart an open source project around a product I loved I've helped start a business with a product that I can't use.
One of the things with using commercially-licensed components like this in your stack is that is greatly increases complexity.
You have to worry about counting instances vs licenses. This might sound trivial, but months down the road, are you still remembering to go through and check which licenses are affected anytime you make a change to the number of instances you're running? Can you spin up another instance or two to handle a load burst, or does that violate your license terms and/or require a purchase order go through finance first? What about dev/staging/testing stacks? Can you spin up a replacement for your production in a blue-green deployment and flip, or do you require 2x licenses?
If the license is enforced technically (eg, a license file) then you have to also have that as part of your deployment, but also make sure you secure it. In the worst case if the license is unique per instance, that pretty much precludes use in modern "cloud" environments.
What guarantee is there the cost won't go up 10x come renewal time next year? If it does, what does it take to replace the component? As others have pointed out, you also have to go through purchasing and maybe convince someone(s) that this purchase is necessary, etc.
This is all extra cost (time) and pain that really doesn't exist with using OSS -- and brings it far above whatever the list price is (even if it's "only" $25/node).
Also, from a developer perspective, none of these problems are fun or interesting to spend time on. Even if it has some feature that's missing in the OSS equivalent, I'd way rather spend my time building out a missing feature than doing licensing paperwork.
They have had startup pricing of $20 per month for unlimited instances, which is what I've been paying. Though mostly I've just installed the free version with the HTTP ad header.
Yeah, but it's still a lot for a small project which might easily run on a $5/month VPS. If your project is bigger than this then you don't gain much benefit from caddy: you might as well take half a day to setup certbot with nginx.
>> When I was a student I did managed to buy several software packages, with student discounts, at prices that would be around 100 to 300 euros nowadays.
Did you buy all of those packages yearly and for every one of your clients?
$25 / instance / month. So if you have 5 side projects that make you no money and you want play around with some load balancing, etc you will probably have 3 sites with 1 instance an 2 with 2 each, so 7. Then you will want to play with some docker swarm clustering or whatever and you spread around your instances a bit and you end up with 10 instances. That is $250 / month. Not $250 one-off, but every month. Now you are paying $3000 per year for you side projects.
$2000-3000 per year is not something that I am willing to spend on my side projects.
Software costs nothing to replicate. It's more advantageous to give hobbyists your software for free since they will not pay for any software and you can at least use them to make your software more popular.
You can not make money selling software to people who have $0 budget to buy it. Sell software to enterprises and give it away for free for OSS side projects.
Because enterprises take it for free. The way you can prevent this is to use AGPL licensing and charge money to use it under a comersial license.
The problem is now no one uses your software because there are endless amounts of more permissive open source software available that work just as well.
Same. I have this fantasy where I wonder: what if all software became public domain, and you reward creators based on the GitHub stars a repo has, weighted by something like page rank?
Then I realized this could be extended to anything where there is a platform for rating the content creation, from books (Goodreads) to arts (deviant art) to deeds (Facebook and Twitter). Then my friend told me I had reinvented Whuffie, as presented in the book Down and Out in the Magic Kingdom...
The main problem with this idea is that the money for paying creators would probably have to come from the government, since who else would pitch in to support this? But hey, people talk about universal basic income, this is like a weighted version...
My guess is they’re doing this since maybe Caddy’s growth may have slowed down since they did that confusing commercial use licensing?
I went from “I’m going to use this everywhere” to “I’ll switch back to nginx the next time I have time to transition back” Because it was too expensive to host little sites on. I’m relieved that I procrastinated. Now i can continue to use it in many places since Caddy is awesome.
My guess is you are incorrect and this has more to do with the Ardan Labs partnership[1][2]. This release also came shortly after Bill (founder of Ardan Labs) went to visit Matt and discuss Caddy[3], which helps support that claim.
Prior to the partnership I believe the real issue was that Matt & co didn't have a sustainable way to maintain the project and they were trying to figure that out. I don't know the details of the partnership with Ardan Labs, but my guess is it is structured in a way that allows Caddy to focus solely on building out a great product without worrying about monetizing it so they dropped all the proprietary licensing.
Yep. So long as they had an agreed max-size of the header, as I don't want to have kilobytes of text added. And an ethical ads policy. "Brought to you by $Hate_Speech_Provider" would be a bummer.
A lot of devs really feel open source software can be written for free while they themselves need to be paid top dollars. And we can see this outrage for large projects as well where people constantly rail against Oracle as if OpenJDK just get developed without millions in cost to Oracle. Or outrage against Go because Google put a small logo on Go website. There are so many other examples with same pattern.
So these devs crib on little amount of money to OSS devs but big time supporters must not put any ad at all.
A lot of devs really feel open source software can be written for free while they themselves need to be paid top dollars.
Of course we need to be paid top dollar. We donate our (finite) time and mental resources at the cost of family life, etc. to integrate and master 9 Javascript libraries, 8 messaging formats, 7 architectural patterns, 6 programming languages, 5 package managers, 4 cloud platforms, 3 operating systems, 2 caching tools, and 1 HTTP server to power it all.
Along the way, the creators of quality OSS benefit from the popularity of having thousands of adherents donating their collective millions of hours and trillions of neurons learning their software packages and providing fixes, ideas, and polishing to their product. And once the users have all 45 of those tools successfully integrated over years of effort and lessons learned, along comes an OSS creator who writes the newest 9 Javascript libraries...
I have done only a smidgen of Go programming, and don't know Caddy or any of the firms mentioned in the issue.
Do I correctly understand that Light Code Labs, the company steward of the Caddy project, is shifting to an entirely professional services-based business model, which is Ardan Labs' business model, by partnering with them?
What I understood was that in the future Ardan Labs would provide paid support for Caddy. Light Code Labs would receive financial support directly from Ardan Labs.
Since Ardan Labs is already in the support business, this would allow them to expand their business while Light Code could focus on coding.
This is great news, I hope it works out for them. Caddy is definitely the easiest web server to set up, and it was a shame when it went commercial, even though I probably would have done the same thing.
Never heard of the project, but looks good. Good to see they are making efforts to change the license.
Curious, who/when would you use caddy? If I were to be building and deploying microservices with the likes of Gin, Mux, etc.. would I have a use for this library? Or is this primarily for those wanting to serve static html pages? Still trying to get a foot hold on what my tool kit is going to consist of to build my software product.
I’m planning on using Caddy to provide bring-your-own-domain handling for a project I’m working on. Your user points their domain to your caddy server and it sets up https automatically - including the certificate - during the first request
Caddy is a webserver and can be used for static or dynamic sites in any stack. It's primary popular feature was easy and automatic SSL via LetsEncrypt integration.
Back during that mess, I settled on haproxy+certbot+nginx in containers to setup my personal sites, but something like Caddy can greatly simplify that kind of stack.
This is pretty cool news and I hope this project continues to develop. How have they solved their funding problems? Does this have to do with the comment about Ardan Labs? For other people with FOSS projects who want to be able to work on this kind of stuff full time and not care about motorization, what options are there (other than Patreon/crowd/community type funding?)