From 08076c325b4a52040caa28b0995dd8291968ce64 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sat, 7 Oct 2023 16:43:39 -0600 Subject: [PATCH] Keeping going :) --- new/features.html | 114 ++++++++++++++++++++++++++++++-- new/index.html | 52 +++++++++++++++ new/resources/css/features.css | 5 +- new/resources/css/home.css | 58 ++++++++++++++++ new/resources/js/common.js | 3 + new/resources/js/home.js | 5 ++ new/resources/testimonials.json | 10 +++ 7 files changed, 240 insertions(+), 7 deletions(-) create mode 100644 new/resources/js/home.js create mode 100644 new/resources/testimonials.json diff --git a/new/features.html b/new/features.html index 37fff7b..114ca17 100644 --- a/new/features.html +++ b/new/features.html @@ -73,7 +73,7 @@

Runtime dependencies

- Caddy is statically compiled. Dynamically-linked applications can easily break in production and may be less secure as shared executable resources are loaded from various places around the system. Generally, Caddy binaries do not necessarily require external libraries — not even libc. + Caddy is statically compiled. Dynamically-linked applications can easily break in production and may be less secure as shared executable resources are loaded from various places around the system. Generally, Caddy binaries do not necessarily require external libraries — not even libc.
None @@ -442,13 +442,13 @@ Automatic HTTPS

- Our flagship feature. Caddy enables HTTPS by default, and automatically procures and renews certificates for all your sites. + Our flagship feature, powered by CertMagic. Caddy is the first and only major server that enables HTTPS by default, and automatically procures and renews certificates for all your sites.

- Fully-native, integrated auto-HTTPS is far superior to any solution that requires external tooling or cron jobs. Caddy's certificate maintenance is the best in the industry because it is more robust, reliable, and scalable than any other solution. + Fully-native, integrated auto-HTTPS is far superior to any solution that requires external tooling or cron jobs. Caddy's certificate maintenance is the best in the industry because it is more robust, reliable, and scalable than any other solution. Caddy simplifies your infrastructure instead of complexifying it.

- You can try deploying 100,000 sites with Certbot and a cron job—but if that doesn't fall over by itself, the web server will. Only Caddy is designed to massively scale TLS certificates both horizontally and vertically. + Sure, you can try deploying 100,000 sites with Certbot and a cron job—but if that doesn't fall over by itself, the web server will. Only Caddy is designed to massively scale TLS certificates both horizontally and vertically.

Never manually generate a CSR again. Never click a link in an email to download a certificate. Never (mis)configure your web server to use them. Never miss reminders to renew your certificates, one-by-one, every few months before they expire. You won't even have to think about certificates or TLS. @@ -461,7 +461,7 @@

Compliance

- Caddy's defaults are secure without any additional configuration, and passes compliance tests across various industries. + Caddy's TLS defaults are secure without any additional configuration, and passes compliance tests across various industries.
  • PCI DSS compliant
    • @@ -470,8 +470,110 @@
  • Industry best practices
- +
+

On-Demand TLS

+
+ Serving domains that aren't yours? Or have lots of them? No problem! With just a few lines of config, On-Demand TLS gets certificates dynamically during TLS handshakes, scaling your deployments to tens of thousands of certs. This functionality is a Caddy exclusive. +
+
+
+

Certificate issuers

+
+ Get certificates from any issuing authority in a way compatible with them. Certificate issuers take a CSR and return a certificate resource. Most sites will simply use ACME to get certificates. But Caddy can also issue its own self-signed certificates for internal use, testing, or development. Caddy's issuer sources are pluggable, so Caddy can automate certificates from any issuer modules. +
+
    +
  • ACME
    • +
  • Internal (self-signed)
    • +
  • Microsoft Active Directory Certificate Services
    • +
+
+
+

Certificate managers

+
+ Unlike issuers, which take a CSR and return a certificate that Caddy has to manage, certificate managers are modules that can return always-valid certificates on-demand; that is, they are managing the certificates for us. Caddy can get interface with HTTP endpoints or Tailscale to get certificates in this manner, with other ways available through plugins. +
+
    +
  • HTTP
    • +
  • Tailscale
    • +
+
+
+

Cluster coordination

+
+ Across all Caddy instances configured with the same storage, Caddy automatically coordinates and shares resources across the cluster. This includes certificate operations and the certificates themselves, OCSP staples, and session ticket keys. This results in reduced latency for your clients and higher scalability. +
+
    +
  • Obtaining & renewing certificates
    • +
  • Loading existing certificates
    • +
  • OCSP staples
    • +
  • Session ticket keys (STEKs)
    • +
+
+
+

Redirect HTTP to HTTPS

+
+ By default, HTTP requests will be redirected to HTTPS. +
+
+
+

OCSP

+
+ OCSP indicates when certificates are revoked. Servers should staple OCSP responses to certificates to provide clients with better security and privacy. Caddy is the first and only server to do this automatically and by default. It also caches responses to weather OCSP responder outages, and shares them across its cluster. This can all be disabled if needed. +
+
+ Automatic OCSP stapling with caching +
+
+
+

Must-Staple

+
+ Caddy can obtain certificates that force OCSP stapling if the CA supports it. This grants a higher degree of security in the case of revocation. +
+
+
+

Session ticket hardening

+
+ TLS connections are pointless if an attacker steals the key to encrypt session tickets. Caddy has been academically cited as the only server to rotate these keys regularly to limit attack windows. +
+
+ Automatic STEK rotation +
+
+
+

Key types

+
+ You can customize the type of key used for your certificates. +
+
    +
  • ed25519
    • +
  • p256
    • +
  • p384
    • +
  • rsa2048
    • +
  • rsa4096
    • +
+
+
+

Certificate lifetimes

+
+

Most ACME clients assume 90-day certificates, or don't expect certificates shorter than 7 days. Caddy can successfully manage certificates with lifetimes on the order of hours and minutes.

+ +

Instead of hard-coding a certain age before renewing, Caddy computes the age relative to the lifespan of each certificate, called a Renewal Window Ratio. By default, Caddy renews certificates after 2/3 of their usable lifetime. This ratio works for most validity periods, but can be adjusted.

+
+
+ Any lifetime +
+
+
+

Built-in throttling

+
+ Caddy conforms to best practices and doesn't blast CAs with requests for certificates; instead, each order is carefully timed to avoid overwhelming CA servers. +
+
+ +

ACME

+ +
diff --git a/new/index.html b/new/index.html index 2f1f6ae..b89ff13 100644 --- a/new/index.html +++ b/new/index.html @@ -6,6 +6,7 @@ + @@ -342,6 +343,57 @@

+ +
+
+
+ +
+
+ Caddy is awesome. +
+
+ Firstname lastname +
+
+ 9000x developer, Bigcorp +
+
+
+
+
+
+ +
+
+ Caddy is awesome. +
+
+ Firstname lastname +
+
+ 9000x developer, Bigcorp +
+
+
+
+
+
+ +
+
+ Caddy is awesome. +
+
+ Firstname lastname +
+
+ 9000x developer, Bigcorp +
+
+
+
+
diff --git a/new/resources/css/features.css b/new/resources/css/features.css index b6b978a..e9fe3e4 100644 --- a/new/resources/css/features.css +++ b/new/resources/css/features.css @@ -57,7 +57,10 @@ .feature-row .benefits { color: var(--text-color-muted); - font-weight: 500; +} + +.feature-row .benefits p:first-child { + margin-top: 0; } .feature-row .detail { diff --git a/new/resources/css/home.css b/new/resources/css/home.css index 92b7082..6f76979 100644 --- a/new/resources/css/home.css +++ b/new/resources/css/home.css @@ -321,6 +321,64 @@ div.ap-wrapper:fullscreen div.ap-player { + + +.testimonials { + display: grid; + grid-auto-columns: minmax(0, 1fr); + grid-auto-flow: column; + gap: 25px; + position: relative; +} +.testimonials::before { + content: ""; + background: linear-gradient(0deg, rgba(255,255,255,1) 0%, rgba(255,255,255,0) 45%, rgba(255,255,255,0) 55%, rgba(255,255,255,1) 100%); + position: absolute; + top: 0; + bottom: 0; + left: 0; + right: 0; + pointer-events: none; +} +.testimonial-picture { + width: 60px; + border-radius: 50%; +} +.testimonial { + display: flex; + align-items: flex-start; + gap: 1em; + border: 1px solid rgb(174, 181, 185); + border-radius: 5px; + padding: 1em; +} +.testimonial-quote { + margin-bottom: 1em; +} +.testimonial-name, +.testimonial-role { + font-size: 90%; +} +.testimonial-name { + font-weight: bold; + margin-bottom: .5em; +} +.testimonial-name::before { + content: '—'; +} +.testimonial-role { + color: var(--text-color-muted); + font-style: italic; +} + + + + + + + + + .demobox { position: relative; color: #003e4b; diff --git a/new/resources/js/common.js b/new/resources/js/common.js index 9f6dfbf..cbcaf74 100644 --- a/new/resources/js/common.js +++ b/new/resources/js/common.js @@ -104,6 +104,9 @@ function nextTheme() { setTheme(theme); } + + + // hoversplash effect! on('mouseover', '.button:not(.cool), button:not(.cool)', (e) => { const elem = document.createElement('span'); diff --git a/new/resources/js/home.js b/new/resources/js/home.js new file mode 100644 index 0000000..a6ec8bb --- /dev/null +++ b/new/resources/js/home.js @@ -0,0 +1,5 @@ +ready(async function() { + const resp = await fetch("/resources/testimonials.json"); + const testimonials = await resp.json(); + console.log(testimonials); +}); \ No newline at end of file diff --git a/new/resources/testimonials.json b/new/resources/testimonials.json new file mode 100644 index 0000000..c256c87 --- /dev/null +++ b/new/resources/testimonials.json @@ -0,0 +1,10 @@ +[ + { + "name": "First last", + "role": "9999x developer", + "company": "Bigcorp", + "picture": "https://...", + "quote": "Caddy is cool.", + "link": "https://..." + } +] \ No newline at end of file