mirrors/caddy-website
1
0
Fork 0
mirror of https://github.com/caddyserver/website.git synced 2025-04-20 12:15:08 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Keeping going :)

Browse source
This commit is contained in:
Matthew Holt 2023-10-07 16:43:39 -06:00 committed by Francis Lavoie
parent 82439beeae
commit 08076c325b
No known key found for this signature in database
GPG key ID: 0F66EE1687682239
7 changed files with 240 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

114
new/features.html
View file

@ -73,7 +73,7 @@
<div class="feature-row"> <div class="feature-row">
<h4>Runtime dependencies</h4> <h4>Runtime dependencies</h4>
<div class="benefits"> <div class="benefits">
Caddy is statically compiled. Dynamically-linked applications can easily break in production and may be less secure as shared executable resources are loaded from various places around the system. Generally, Caddy binaries do not necessarily require external libraries &mdash; not even libc. Caddy is statically compiled. Dynamically-linked applications can easily break in production and <a href="https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt">may be less secure</a> as shared executable resources are loaded from various places around the system. Generally, Caddy binaries do not necessarily require external libraries &mdash; not even libc.
</div> </div>
<div class="detail"> <div class="detail">
None None
@ -442,13 +442,13 @@
Automatic HTTPS Automatic HTTPS
</h2> </h2>
<p> <p>
Our flagship feature. Caddy enables HTTPS by default, and automatically procures and renews certificates for all your sites. Our flagship feature, powered by <a href="https://github.com/caddyserver/certmagic">CertMagic</a>. Caddy is the first and only major server that enables HTTPS by default, and automatically procures and renews certificates for all your sites.
</p> </p>
<p> <p>
Fully-native, integrated auto-HTTPS is far superior to any solution that requires external tooling or cron jobs. Caddy's certificate maintenance is the best in the industry because it is more robust, reliable, and scalable than any other solution. Fully-native, integrated auto-HTTPS is far superior to any solution that requires external tooling or cron jobs. Caddy's certificate maintenance is the best in the industry because it is more robust, reliable, and scalable than any other solution. Caddy simplifies your infrastructure instead of complexifying it.
</p> </p>
<p> <p>
You can try deploying 100,000 sites with Certbot and a cron job&mdash;but if that doesn't fall over by itself, the web server will. Only Caddy is designed to massively scale TLS certificates both horizontally and vertically. Sure, you can try deploying 100,000 sites with Certbot and a cron job&mdash;but if that doesn't fall over by itself, the web server will. Only Caddy is designed to massively scale TLS certificates both horizontally and vertically.
</p> </p>
<p> <p>
Never manually generate a CSR again. Never click a link in an email to download a certificate. Never (mis)configure your web server to use them. Never miss reminders to renew your certificates, one-by-one, every few months before they expire. You won't even have to think about certificates or TLS. Never manually generate a CSR again. Never click a link in an email to download a certificate. Never (mis)configure your web server to use them. Never miss reminders to renew your certificates, one-by-one, every few months before they expire. You won't even have to think about certificates or TLS.
@ -461,7 +461,7 @@
<div class="feature-row"> <div class="feature-row">
<h4>Compliance</h4> <h4>Compliance</h4>
<div class="benefits"> <div class="benefits">
Caddy's <i>defaults</i> are secure without any additional configuration, and passes compliance tests across various industries. Caddy's TLS <i>defaults</i> are secure without any additional configuration, and passes compliance tests across various industries.
</div> </div>
<ul class="detail"> <ul class="detail">
<li>PCI DSS compliant</li> <li>PCI DSS compliant</li>
@ -470,8 +470,110 @@
<li>Industry best practices</li> <li>Industry best practices</li>
</ul> </ul>
</div> </div>
<div class="feature-row">
<h4>On-Demand TLS</h4>
<div class="benefits">
Serving domains that aren't yours? Or have lots of them? No problem! With just a few lines of config, On-Demand TLS gets certificates dynamically during TLS handshakes, scaling your deployments to tens of thousands of certs. This functionality is a Caddy exclusive.
</div>
</div>
<div class="feature-row">
<h4>Certificate issuers</h4>
<div class="benefits">
Get certificates from any issuing authority in a way compatible with them. Certificate issuers take a CSR and return a certificate resource. Most sites will simply use ACME to get certificates. But Caddy can also issue its own self-signed certificates for internal use, testing, or development. Caddy's issuer sources are pluggable, so Caddy can automate certificates from any issuer modules.
</div>
<ul class="detail">
<li>ACME</li>
<li>Internal (self-signed)</li>
<li class="nonstandard">Microsoft Active Directory Certificate Services</li>
</ul>
</div>
<div class="feature-row">
<h4>Certificate managers</h4>
<div class="benefits">
Unlike issuers, which take a CSR and return a certificate that Caddy has to manage, certificate managers are modules that can return always-valid certificates on-demand; that is, they are managing the certificates for us. Caddy can get interface with HTTP endpoints or Tailscale to get certificates in this manner, with other ways available through plugins.
</div>
<ul class="detail">
<li>HTTP</li>
<li>Tailscale</li>
</ul>
</div>
<div class="feature-row">
<h4>Cluster coordination</h4>
<div class="benefits">
Across all Caddy instances configured with the same storage, Caddy automatically coordinates and shares resources across the cluster. This includes certificate operations and the certificates themselves, OCSP staples, and session ticket keys. This results in reduced latency for your clients and higher scalability.
</div>
<ul class="detail">
<li>Obtaining &amp; renewing certificates</li>
<li>Loading existing certificates</li>
<li>OCSP staples</li>
<li>Session ticket keys (STEKs)</li>
</ul>
</div>
<div class="feature-row">
<h4>Redirect HTTP to HTTPS</h4>
<div class="benefits">
By default, HTTP requests will be redirected to HTTPS.
</div>
</div>
<div class="feature-row">
<h4>OCSP</h4>
<div class="benefits">
OCSP indicates when certificates are revoked. Servers should staple OCSP responses to certificates to provide clients with better security and privacy. Caddy is the first and only server to do this automatically and by default. It also caches responses to weather OCSP responder outages, and shares them across its cluster. This can all be disabled if needed.
</div>
<div class="detail">
Automatic OCSP stapling with caching
</div>
</div>
<div class="feature-row">
<h4>Must-Staple</h4>
<div class="benefits">
Caddy can obtain certificates that force OCSP stapling if the CA supports it. This grants a higher degree of security in the case of revocation.
</div>
</div>
<div class="feature-row">
<h4>Session ticket hardening</h4>
<div class="benefits">
TLS connections are pointless if an attacker steals the key to encrypt session tickets. Caddy has been <a href="https://jhalderm.com/pub/papers/forward-secrecy-imc16.pdf">academically cited</a> as the only server to rotate these keys regularly to limit attack windows.
</div>
<div class="detail">
Automatic STEK rotation
</div>
</div>
<div class="feature-row">
<h4>Key types</h4>
<div class="benefits">
You can customize the type of key used for your certificates.
</div>
<ul class="detail">
<li>ed25519</li>
<li>p256</li>
<li>p384</li>
<li>rsa2048</li>
<li>rsa4096</li>
</ul>
</div>
<div class="feature-row">
<h4>Certificate lifetimes</h4>
<div class="benefits">
<p>Most ACME clients assume 90-day certificates, or don't expect certificates shorter than 7 days. Caddy can successfully manage certificates with lifetimes on the order of hours and minutes.</p>
<p>Instead of hard-coding a certain age before renewing, Caddy computes the age relative to the lifespan of each certificate, called a Renewal Window Ratio. By default, Caddy renews certificates after 2/3 of their usable lifetime. This ratio works for most validity periods, but can be adjusted.</p>
</div>
<div class="detail">
Any lifetime
</div>
</div>
<div class="feature-row">
<h4>Built-in throttling</h4>
<div class="benefits">
Caddy conforms to best practices and doesn't blast CAs with requests for certificates; instead, each order is carefully timed to avoid overwhelming CA servers.
</div>
</div>
</div> </div>
<h3 class="purple">ACME</h3>
</div> </div>
</section> </section>

52
new/index.html
View file

@ -6,6 +6,7 @@
<link rel="stylesheet" href="/resources/css/vendor/asciinema-player-3.6.1.css"> <link rel="stylesheet" href="/resources/css/vendor/asciinema-player-3.6.1.css">
<script src="/resources/js/vendor/asciinema-player-3.6.1.min.js"></script> <script src="/resources/js/vendor/asciinema-player-3.6.1.min.js"></script>
<script src="/resources/js/home.js"></script>
<link rel="stylesheet" href="/resources/css/marketing.css"> <link rel="stylesheet" href="/resources/css/marketing.css">
<link rel="stylesheet" href="/resources/css/home.css"> <link rel="stylesheet" href="/resources/css/home.css">
@ -342,6 +343,57 @@
</p> </p>
</div> </div>
</div> </div>
<div class="testimonials">
<div class="testimonial-col">
<div class="testimonial">
<img class="testimonial-picture" src="https://pbs.twimg.com/profile_images/1624497316366528512/fBMXDuiZ_400x400.jpg">
<div class="testimonial-content">
<div class="testimonial-quote">
Caddy is awesome.
</div>
<div class="testimonial-name">
Firstname lastname
</div>
<div class="testimonial-role">
9000x developer, Bigcorp
</div>
</div>
</div>
</div>
<div class="testimonial-col">
<div class="testimonial">
<img class="testimonial-picture" src="https://pbs.twimg.com/profile_images/1624497316366528512/fBMXDuiZ_400x400.jpg">
<div class="testimonial-content">
<div class="testimonial-quote">
Caddy is awesome.
</div>
<div class="testimonial-name">
Firstname lastname
</div>
<div class="testimonial-role">
9000x developer, Bigcorp
</div>
</div>
</div>
</div>
<div class="testimonial-col">
<div class="testimonial">
<img class="testimonial-picture" src="https://pbs.twimg.com/profile_images/1624497316366528512/fBMXDuiZ_400x400.jpg">
<div class="testimonial-content">
<div class="testimonial-quote">
Caddy is awesome.
</div>
<div class="testimonial-name">
Firstname lastname
</div>
<div class="testimonial-role">
9000x developer, Bigcorp
</div>
</div>
</div>
</div>
</div>
</div> </div>
</section> </section>

5
new/resources/css/features.css
View file

@ -57,7 +57,10 @@
.feature-row .benefits { .feature-row .benefits {
color: var(--text-color-muted); color: var(--text-color-muted);
font-weight: 500; }
.feature-row .benefits p:first-child {
margin-top: 0;
} }
.feature-row .detail { .feature-row .detail {

58
new/resources/css/home.css
View file

@ -321,6 +321,64 @@ div.ap-wrapper:fullscreen div.ap-player {
.testimonials {
display: grid;
grid-auto-columns: minmax(0, 1fr);
grid-auto-flow: column;
gap: 25px;
position: relative;
}
.testimonials::before {
content: "";
background: linear-gradient(0deg, rgba(255,255,255,1) 0%, rgba(255,255,255,0) 45%, rgba(255,255,255,0) 55%, rgba(255,255,255,1) 100%);
position: absolute;
top: 0;
bottom: 0;
left: 0;
right: 0;
pointer-events: none;
}
.testimonial-picture {
width: 60px;
border-radius: 50%;
}
.testimonial {
display: flex;
align-items: flex-start;
gap: 1em;
border: 1px solid rgb(174, 181, 185);
border-radius: 5px;
padding: 1em;
}
.testimonial-quote {
margin-bottom: 1em;
}
.testimonial-name,
.testimonial-role {
font-size: 90%;
}
.testimonial-name {
font-weight: bold;
margin-bottom: .5em;
}
.testimonial-name::before {
content: '—';
}
.testimonial-role {
color: var(--text-color-muted);
font-style: italic;
}
.demobox { .demobox {
position: relative; position: relative;
color: #003e4b; color: #003e4b;

3
new/resources/js/common.js
View file

@ -104,6 +104,9 @@ function nextTheme() {
setTheme(theme); setTheme(theme);
} }
// hoversplash effect! // hoversplash effect!
on('mouseover', '.button:not(.cool), button:not(.cool)', (e) => { on('mouseover', '.button:not(.cool), button:not(.cool)', (e) => {
const elem = document.createElement('span'); const elem = document.createElement('span');

5
new/resources/js/home.js Normal file
View file

@ -0,0 +1,5 @@
ready(async function() {
const resp = await fetch("/resources/testimonials.json");
const testimonials = await resp.json();
console.log(testimonials);
});

10
new/resources/testimonials.json Normal file
View file

@ -0,0 +1,10 @@
[
{
"name": "First last",
"role": "9999x developer",
"company": "Bigcorp",
"picture": "https://...",
"quote": "Caddy is cool.",
"link": "https://..."
}
]