From 7183805135d94b6d1bd8ed33603786bbb7e2d16a Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 10 Nov 2023 16:41:53 -0700 Subject: [PATCH] Add citations --- new/index.html | 105 +++++++++++++++++++++----------- new/resources/css/home.css | 17 ++++++ new/resources/css/marketing.css | 2 +- 3 files changed, 89 insertions(+), 35 deletions(-) diff --git a/new/index.html b/new/index.html index 0807ae1..abe2531 100644 --- a/new/index.html +++ b/new/index.html @@ -70,15 +70,18 @@ Mercedes-Benz - - Sourcegraph - Tailscale Les-Tilleuls + + Framer + + + Sourcegraph + FusionAuth @@ -172,9 +175,7 @@
-

- The most advanced HTTPS server in the world -

+

The most advanced HTTPS server in the world

@@ -198,18 +199,22 @@ Caddy's TLS defaults are secure and pass PCI, HIPAA, and NIST compliance requirements. Yes, defaults: no hassle required.

-

HTTPS for localhost ๐Ÿ 

We mean it when we say Caddy serves every site on HTTPS. Even localhost and internal IPs are served with TLS using the intermediate of a fully-automated, self-managed CA that is automatically installed into most local trust stores.

-
-

Cluster coordination ๐ŸŒ

+

Cluster coordination ๐ŸŒ

- Simply configure multiple Caddy instances with the same storage, and they will automatically coordinate certificate management and share resources such as keys and OCSP staples! + Simply configure multiple Caddy instances with the same storage, and they will automatically coordinate certificate management as a fleet and share resources such as keys and OCSP staples! +

+
+
+

Fewer moving parts โš™๏ธ

+

+ Simplify your infrastructure! Caddy saves money, increases developer productivity, and reduces problems in production.

@@ -268,7 +273,7 @@

Powered by open source Smallstep libraries, Caddy becomes a self-managing certificate authority.

- Smallstep +
@@ -291,6 +296,7 @@ http://localhost {

If you configure sites with local or internal addresses, Caddy will serve them over HTTPS using a locally-trusted certificate authority with short-lived, auto-renewing certificates. It even offers to install your unique root into your local trust stores for you.

+ Smallstep
@@ -385,9 +391,7 @@ internal.example.com {
-

- A forward-thinking reverse proxy -

+

A forward-thinking reverse proxy

Caddy's proxy was designed to be as forward-compatible as possible and has major batteries included: load balancing, active and passive health checks, dynamic upstreams, retries, pluggable transports, and of course, best-in-class TLS security.

@@ -478,9 +482,7 @@ reverse_proxy https://service.example.com {
-

- Production-grade static file server -

+

Production-grade static file server

Serving static files is a tried-and-true method of delivering sites to numerous clients efficiently. Caddy has a robust file server that can be combined with other middleware features for the ultimate effortless website.

@@ -558,9 +560,7 @@ root * /var/www
-

- Flexible configuration compatible with any workflow -

+

Flexible configuration compatible with any workflow

Configure your server your way. Caddy's native configuration format is JSON, and with Caddy's config adapters, you can use any config format you prefer. All configuration is posted through a RESTful admin API, and Caddy's CLI helps you work with config files easily.

@@ -689,9 +689,7 @@ reverse_proxy /api/* localhost:9002
-

- Unparalleled extensibility -

+

Unparalleled extensibility

Caddy is the only server in the world with its novel, modular architecture. At its core, Caddy is a configuration manager that runs apps like an HTTP server, internal certificate authority, TLS certificate manager, process supervisor, and more.

@@ -714,7 +712,7 @@ reverse_proxy /api/* localhost:9002

Easy to develop

- Writing Caddy plugins is as easy as writing a Go package. + Writing Caddy plugins is as easy as writing a Go package. It's a comfortable and familiar process for any Go programmer.

@@ -724,29 +722,68 @@ reverse_proxy /api/* localhost:9002
-

- The gold standard web server -

+

The gold standard web server

- Caddy keeps your sites up when other servers let you down. + Caddy has the most robust TLS stack on the market. With stronger memory safety guarantees than OpenSSL (Apache & NGINX) and more advanced certificate automation logic than any other server or utility, Caddy keeps your sites online through problems when other servers... won't. +

+

+ Caddy was the first server to fully automate public certificate management—so we've been doing this longer than anyone. With more than 50 million certificates under management, Caddy has set the gold standard for other servers to live up to.

-

Dynamically provision certificates

+

OCSP stapling saves the day

- With On-Demand TLS, only Caddy obtains, renews, and maintains certificates on-the-fly during TLS handshakes. Perfect for customer-owned domains. + Caddy automatically staples OCSP responses and caches them to weather outages. In 2018, many popular sites went down for users of mainstream browsers because crucial OCSP infrastructure had an extended outage. Only Caddy staples and caches OCSP responses by default, so all Caddy sites were unaffected.

-

Dynamically provision certificates

+

On guard against revocation

- With On-Demand TLS, only Caddy obtains, renews, and maintains certificates on-the-fly during TLS handshakes. Perfect for customer-owned domains. + In 2020, a mass certificate revocation event left many sysadmins scrambling to renew their certificates ahead of schedule. Caddy automatically renews certificates that get revoked, and all Caddy sites were unaffected. (This was before ARI existed.)

-

Dynamically provision certificates

+

Stands tall during audits

- With On-Demand TLS, only Caddy obtains, renews, and maintains certificates on-the-fly during TLS handshakes. Perfect for customer-owned domains. + Companies have deployed Caddy in front of their site just hours before important audits—potentially saving their compliance status—because of Caddy's safe defaults and "batteries included" approach. +

+
+
+
+
+ +
+
+

Recommended by experts

+

+ Academic and industry experts recommend Caddy, which has been cited in peer-reviewed journals for its security defaults, best practices, and its uniquely advanced feature set. +

+
+
+ +

+ "Servers running Caddy exhibit nearly ubiquitous HTTPS deployment and use modern TLS configurations. ... We hope to see other popular server software follow Caddy's lead." +

+

+ —Josh Aas, Richard Barnes, Benton Case, Zakir Durumeric, Peter Eckersley, Alan Flores-Lรณpez, J. Alex Halderman, Jacob Hoffman-Andrews, James Kasten, Eric Rescorla, Seth Schoen, and Brad Warren. 2019. Let's Encrypt: An Automated Certificate Authority to Encrypt the Entire Web. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS '19). Association for Computing Machinery, New York, NY, USA, 2473โ€“2487. https://doi.org/10.1145/3319535.3363192 +

+
+
+ +

+ "TLS must be enabled by default ... and the Caddy web server is a good and usable example." +

+

+ —Katharina Krombholz, Wilfried Mayer, Martin Schmiedecker, and Edgar Weippl. 2017. "I Have No Idea What I'm Doing" - On the Usability of Deploying HTTPS. In 26th USENIX Security Symposium (USENIX Security 17), USENIX Association, Vancouver, BC, 1339-1356. Retrieved from https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/krombholz +

+
+
+ +

+ "No popular server software does [session ticket key rotation], with the exception of Caddy." +

+

+ —Drew Springall, Zakir Durumeric, and J. Alex Halderman. 2016. Measuring the Security Harm of TLS Crypto Shortcuts. In Proceedings of the 2016 Internet Measurement Conference (IMC '16), Association for Computing Machinery, Santa Monica, California, USA, 33-47. DOI:https://doi.org/10.1145/2987443.2987480

diff --git a/new/resources/css/home.css b/new/resources/css/home.css index 0f3a8a2..7b0361d 100644 --- a/new/resources/css/home.css +++ b/new/resources/css/home.css @@ -421,9 +421,26 @@ div.ap-wrapper:fullscreen div.ap-player { +.smallstep { + max-width: 150px; + margin-top: 1em; +} +.gold { + color: gold; + background: linear-gradient(63deg, rgba(212,167,36,1) 8%, rgba(251,228,63,1) 50%, rgba(241,218,57,1) 75%); + -webkit-background-clip: text; + background-clip: text; + -webkit-text-fill-color: transparent; +} +.col .cite { + font-size: 75%; +} +img.cite { + max-width: 100%; +} .demobox { diff --git a/new/resources/css/marketing.css b/new/resources/css/marketing.css index 3e623df..432a175 100644 --- a/new/resources/css/marketing.css +++ b/new/resources/css/marketing.css @@ -295,7 +295,7 @@ h3.plain { color: white; } -.cols .col p { +.col p { font-family: Inter; font-size: 90%; line-height: 1.5;