From 5819cf9e5af56ea8e4c448e5ad57677d4cbca8e4 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Tue, 10 Oct 2023 12:03:33 -0600
Subject: [PATCH] Continue home and features pages

---
 new/features.html               | 118 ++++++++++++++++++++++++++++++--
 new/index.html                  |  71 ++++++-------------
 new/resources/css/features.css  |   7 +-
 new/resources/css/home.css      |   6 +-
 new/resources/js/home.js        |  19 +++--
 new/resources/testimonials.json |  28 +++++++-
 6 files changed, 186 insertions(+), 63 deletions(-)

diff --git a/new/features.html b/new/features.html
index 114ca17..65a0662 100644
--- a/new/features.html
+++ b/new/features.html
@@ -527,7 +527,7 @@
 						<div class="feature-row">
 							<h4>Must-Staple</h4>
 							<div class="benefits">
-								Caddy can obtain certificates that force OCSP stapling if the CA supports it. This grants a higher degree of security in the case of revocation.
+								Caddy can obtain certificates that force OCSP stapling if the CA supports it. This may grant a higher degree of security in the case of revocation.
 							</div>
 						</div>
 						<div class="feature-row">
@@ -545,24 +545,32 @@
 								You can customize the type of key used for your certificates.
 							</div>
 							<ul class="detail">
-								<li>ed25519</li>
-								<li>p256</li>
-								<li>p384</li>
-								<li>rsa2048</li>
-								<li>rsa4096</li>
+								<li>Ed25519</li>
+								<li>ECDSA P256</li>
+								<li>ECDSA P384</li>
+								<li>RSA 2048</li>
+								<li>RSA 4096</li>
 							</ul>
 						</div>
 						<div class="feature-row">
 							<h4>Certificate lifetimes</h4>
 							<div class="benefits">
 								<p>Most ACME clients assume 90-day certificates, or don't expect certificates shorter than 7 days. Caddy can successfully manage certificates with lifetimes on the order of hours and minutes.</p>
-								
 								<p>Instead of hard-coding a certain age before renewing, Caddy computes the age relative to the lifespan of each certificate, called a Renewal Window Ratio. By default, Caddy renews certificates after 2/3 of their usable lifetime. This ratio works for most validity periods, but can be adjusted.</p>
 							</div>
 							<div class="detail">
 								Any lifetime
 							</div>
 						</div>
+						<div class="feature-row">
+							<h4>Intelligent error handling</h4>
+							<div class="benefits">
+								If Caddy can't get a certificate, errors are logged and Caddy will backoff exponentially and retry as long as needed until it succeeds (typically up to 30 days but could be longer). Caddy makes every reasonable effort to keep your certificate renewed.
+							</div>
+							<div class="detail">
+								Exponential backoff
+							</div>
+						</div>
 						<div class="feature-row">
 							<h4>Built-in throttling</h4>
 							<div class="benefits">
@@ -572,6 +580,102 @@
 					</div>
 
 					<h3 class="purple">ACME</h3>
+
+					<p>
+						Caddy's ACME client is best-in-class, with higher reliability and more production experience than any other integrated ACME client available today. Caddy has been using ACME since before the public availability of Let's Encrypt, and Caddy works with any ACME-compatible CA.
+					</p>
+
+					<div class="feature-list">
+						<div class="feature-row">
+							<h4>Compatibility</h4>
+							<div class="benefits">
+								Some ACME clients are only tested with Let's Encrypt. Caddy is guaranteed compatible with all ACME-capable CAs.
+							</div>
+							<div class="detail">
+								All RFC 8555-compliant certificate authorities, such as:
+								<ul>
+									<li>Let's Encrypt</li>
+									<li>ZeroSSL</li>
+									<li>Google Trust Services</li>
+									<li>BuyPass</li>
+									<li>DigiCert</li>
+									<li>GlobalSign</li>
+									<li>SSL.com</li>
+									<li>Smallstep</li>
+								</ul>
+							</div>
+						</div>
+						<div class="feature-row">
+							<h4>Test endpoints</h4>
+							<div class="benefits">
+								By default, Caddy will fall back to a CA's test or staging endpoint (if there is one) after a failed attempt at getting a certificate to avoid hitting CA-enforced production rate limits. This could also be an ACME server you set up solely for the purpose of validating DNS configurations.
+							</div>
+							<div class="detail">
+								Let's Encrypt (others configurable)
+							</div>
+						</div>
+						<div class="feature-row">
+							<h4>External account binding</h4>
+							<div class="benefits">
+								Optionally configure External Account Binding (EAB) to enable Caddy to work with CAs that require you to have a separate account with them.
+							</div>
+						</div>
+						<div class="feature-row">
+							<h4>Challenge types</h4>
+							<div class="benefits">
+								Caddy supports all major ACME challenge types for Web PKI and can also be extended to support others.
+							</div>
+							<ul class="detail">
+								<li>HTTP-01</li>
+								<li>TLS-ALPN-01</li>
+								<li>DNS-01</li>
+							</ul>
+						</div>
+						<div class="feature-row">
+							<h4>Alternate challenge ports</h4>
+							<div class="benefits">
+								While certain ACME challenges must use the standardized ports 80 and 443, Caddy supports listening for these on alternate ports if you are forwarding them through a router.
+							</div>
+							<ul class="detail">
+								<li>HTTP (default 80)</li>
+								<li>TLS-ALPN (default 443)</li>
+							</ul>
+						</div>
+						<div class="feature-row">
+							<h4>DNS challenge integrations</h4>
+							<div class="benefits">
+								Solve the DNS challenge with integrations for dozens of DNS providers. <b>This list is incomplete;</b> <a href="https://github.com/caddy-dns">see the full list of DNS providers</a>.
+							</div>
+							<ul class="detail">
+								<li class="nonstandard">ACME-DNS</li>
+								<li class="nonstandard">AliDNS</li>
+								<li class="nonstandard">Cloudflare</li>
+								<li class="nonstandard">DigitalOcean</li>
+								<li class="nonstandard">DNSPod</li>
+								<li class="nonstandard">DuckDNS</li>
+								<li class="nonstandard">DynDNS</li>
+								<li class="nonstandard">EasyDNS</li>
+								<li class="nonstandard">Gandi</li>
+								<li class="nonstandard">GoDaddy</li>
+								<li class="nonstandard">Google Cloud DNS</li>
+								<li class="nonstandard">Hetzner</li>
+								<li class="nonstandard">Linode</li>
+								<li class="nonstandard">Name.com</li>
+								<li class="nonstandard">Namecheap</li>
+								<li class="nonstandard">Namesilo</li>
+								<li class="nonstandard">Netlify</li>
+								<li class="nonstandard">OVH</li>
+								<li class="nonstandard">Porkbun</li>
+								<li class="nonstandard">PowerDNS</li>
+								<li class="nonstandard">RFC 2136</li>
+								<li class="nonstandard">Route 53</li>
+								<li class="nonstandard">Scaleway</li>
+								<li class="nonstandard">Vercel</li>
+								<li class="nonstandard">Vultr</li>
+								<li><a href="https://github.com/caddy-dns">See all...</a></li>
+							</ul>
+						</div>
+					</div>
 					
 
 				</div>
diff --git a/new/index.html b/new/index.html
index b89ff13..88a5e0b 100644
--- a/new/index.html
+++ b/new/index.html
@@ -159,7 +159,7 @@
 					<div class="sponsorship-primer">
 						<h3>software <b>assurance</b></h3>
 						<p>
-							Some text here that explains sponsorships
+							Sponsorships aren't just donations. They provide your business with benefits
 						</p>
 						<a href="/sponsor" class="button purple">See sponsorships</a>
 					</div>
@@ -345,54 +345,9 @@
 					</div>
 
 					<div class="testimonials">
-						<div class="testimonial-col">
-							<div class="testimonial">
-								<img class="testimonial-picture" src="https://pbs.twimg.com/profile_images/1624497316366528512/fBMXDuiZ_400x400.jpg">
-								<div class="testimonial-content">
-									<div class="testimonial-quote">
-										Caddy is awesome.
-									</div>
-									<div class="testimonial-name">
-										Firstname lastname
-									</div>
-									<div class="testimonial-role">
-										9000x developer, Bigcorp
-									</div>
-								</div>
-							</div>
-						</div>
-						<div class="testimonial-col">
-							<div class="testimonial">
-								<img class="testimonial-picture" src="https://pbs.twimg.com/profile_images/1624497316366528512/fBMXDuiZ_400x400.jpg">
-								<div class="testimonial-content">
-									<div class="testimonial-quote">
-										Caddy is awesome.
-									</div>
-									<div class="testimonial-name">
-										Firstname lastname
-									</div>
-									<div class="testimonial-role">
-										9000x developer, Bigcorp
-									</div>
-								</div>
-							</div>
-						</div>
-						<div class="testimonial-col">
-							<div class="testimonial">
-								<img class="testimonial-picture" src="https://pbs.twimg.com/profile_images/1624497316366528512/fBMXDuiZ_400x400.jpg">
-								<div class="testimonial-content">
-									<div class="testimonial-quote">
-										Caddy is awesome.
-									</div>
-									<div class="testimonial-name">
-										Firstname lastname
-									</div>
-									<div class="testimonial-role">
-										9000x developer, Bigcorp
-									</div>
-								</div>
-							</div>
-						</div>
+						<div class="testimonial-col"></div>
+						<div class="testimonial-col"></div>
+						<div class="testimonial-col"></div>
 					</div>
 				</div>
 			</section>
@@ -468,6 +423,24 @@
 
 		{{include "/includes/footer.html"}}
 
+
+		<template id="tpl-testimonial">
+			<div class="testimonial">
+				<img class="testimonial-picture">
+				<div class="testimonial-content">
+					<div class="testimonial-quote">
+
+					</div>
+					<div class="testimonial-name">
+
+					</div>
+					<div class="testimonial-role">
+
+					</div>
+				</div>
+			</div>
+		</template>
+
 		<script>
 			AsciinemaPlayer.create('/resources/321140.cast', $('#video-demo'), {
 				preload: true,
diff --git a/new/resources/css/features.css b/new/resources/css/features.css
index e9fe3e4..35feb61 100644
--- a/new/resources/css/features.css
+++ b/new/resources/css/features.css
@@ -67,10 +67,15 @@
 	font-weight: 500;
 }
 
-.feature-row ul.detail {
+.feature-row ul.detail,
+.feature-row .detail ul {
 	margin-left: 1em;
 }
 
+.feature-row .detail ul {
+	margin-top: 1em;
+}
+
 .feature-row ul li {
 	margin-bottom: .5em;
 }
diff --git a/new/resources/css/home.css b/new/resources/css/home.css
index 6f76979..d4df1b5 100644
--- a/new/resources/css/home.css
+++ b/new/resources/css/home.css
@@ -324,10 +324,11 @@ div.ap-wrapper:fullscreen div.ap-player {
 
 
 .testimonials {
+	--testimonial-spacing: 25px;
 	display: grid;
 	grid-auto-columns: minmax(0, 1fr);
 	grid-auto-flow: column;
-	gap: 25px;
+	gap: var(--testimonial-spacing);
 	position: relative;
 }
 .testimonials::before {
@@ -351,9 +352,12 @@ div.ap-wrapper:fullscreen div.ap-player {
 	border: 1px solid rgb(174, 181, 185);
 	border-radius: 5px;
 	padding: 1em;
+	margin: var(--testimonial-spacing) 0;
 }
 .testimonial-quote {
 	margin-bottom: 1em;
+	font-size: 16px;
+	line-height: 1.4;
 }
 .testimonial-name,
 .testimonial-role {
diff --git a/new/resources/js/home.js b/new/resources/js/home.js
index a6ec8bb..23e5638 100644
--- a/new/resources/js/home.js
+++ b/new/resources/js/home.js
@@ -1,5 +1,16 @@
-ready(async function() {
-	const resp = await fetch("/resources/testimonials.json");
-  	const testimonials = await resp.json();
+const resp = fetch("/resources/testimonials.json").then(async resp => {
+	const testimonials = await resp.json();
 	console.log(testimonials);
-});
\ No newline at end of file
+
+	ready(function() {
+		for (let i = 0; i < testimonials.length; i++) {
+			const testimonial = testimonials[i];
+			const tpl = cloneTemplate('#tpl-testimonial');
+			$('.testimonial-picture', tpl).src = testimonial.picture || "";
+			$('.testimonial-quote', tpl).innerText = `"${testimonial.quote}"`;
+			$('.testimonial-name', tpl).innerText = testimonial.name || "";
+			$('.testimonial-role', tpl).innerText = testimonial.role || "";
+			$(`.testimonial-col:nth-child(${i%3 + 1})`).append(tpl);
+		}
+	});
+});
diff --git a/new/resources/testimonials.json b/new/resources/testimonials.json
index c256c87..319284d 100644
--- a/new/resources/testimonials.json
+++ b/new/resources/testimonials.json
@@ -3,8 +3,34 @@
 		"name": "First last",
 		"role": "9999x developer",
 		"company": "Bigcorp",
-		"picture": "https://...",
+		"picture": "https://pbs.twimg.com/profile_images/1624497316366528512/fBMXDuiZ_400x400.jpg",
 		"quote": "Caddy is cool.",
 		"link": "https://..."
+	},
+	{
+		"name": "Brad Warren",
+		"role": "Lead Engineer of Certbot",
+		"company": "Electronic Frontier Foundation (EFF)",
+		"picture": "https://sea1.discourse-cdn.com/letsencrypt/user_avatar/community.letsencrypt.org/bmw/144/7797_2.png",
+		"quote": "I think we should consider making Caddy the default ACME client recommendation. … It allows for better integration between the TLS server and the ACME management of those certificates. … [ACME clients with] Apache and NGINX are inherently more error prone and brittle than having the TLS server manage its certificates itself. … Caddy is written in a memory-safe language. Adoption of memory-safe programming languages is something that both ISRG and the broader computer security community have been encouraging more and more lately.",
+		"link": "https://community.letsencrypt.org/t/should-our-default-client-recommendation-be-caddy-if-not-why-not/199949?u=mholt"
+	},
+	{
+		"name": "Josh Aas",
+		"role": "Executive Director",
+		"company": "Let's Encrypt",
+		"picture": "https://sea1.discourse-cdn.com/letsencrypt/user_avatar/community.letsencrypt.org/josh/144/10641_2.png",
+		"quote": "Caddy is impressive. This is what we want, setting up a secure website.",
+		"link": "https://www.youtube.com/watch?v=OE5UhQGg_Fo"
+	},
+	{
+		"name": "Stripe",
+		"role": "Global Leader of Fintech",
+		"quote": "With its extensible architecture and on-line config API, Caddy powers many of Stripe's internal systems."
+	},
+	{
+		"name": "Robert Melton",
+		"role": "Software Developer",
+		"quote": "Our client was in deep trouble: they were about to fail PCI compliance. We tossed Caddy in front hours before the deadline and went from 40 to 0 security errors in just minutes. … We have put over 1,000 domains on Caddy so far."
 	}
 ]
\ No newline at end of file