mirrors/caddy-website
1
0
Fork 0
mirror of https://github.com/caddyserver/website.git synced 2025-04-21 12:36:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Continue home and features pages

Browse source
This commit is contained in:
Matthew Holt 2023-10-10 12:03:33 -06:00 committed by Francis Lavoie
parent 5dbd53c0ee
commit cb4141e9c1
No known key found for this signature in database
GPG key ID: C5204D4F28147FC8
6 changed files with 186 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

118
new/features.html
View file

@ -527,7 +527,7 @@
<div class="feature-row">
<h4>Must-Staple</h4>
<div class="benefits">
Caddy can obtain certificates that force OCSP stapling if the CA supports it. This grants a higher degree of security in the case of revocation.
Caddy can obtain certificates that force OCSP stapling if the CA supports it. This may grant a higher degree of security in the case of revocation.
</div>
</div>
<div class="feature-row">
@ -545,24 +545,32 @@
You can customize the type of key used for your certificates.
</div>
<ul class="detail">
<li>ed25519</li>
<li>p256</li>
<li>p384</li>
<li>rsa2048</li>
<li>rsa4096</li>
<li>Ed25519</li>
<li>ECDSA P256</li>
<li>ECDSA P384</li>
<li>RSA 2048</li>
<li>RSA 4096</li>
</ul>
</div>
<div class="feature-row">
<h4>Certificate lifetimes</h4>
<div class="benefits">
<p>Most ACME clients assume 90-day certificates, or don't expect certificates shorter than 7 days. Caddy can successfully manage certificates with lifetimes on the order of hours and minutes.</p>
<p>Instead of hard-coding a certain age before renewing, Caddy computes the age relative to the lifespan of each certificate, called a Renewal Window Ratio. By default, Caddy renews certificates after 2/3 of their usable lifetime. This ratio works for most validity periods, but can be adjusted.</p>
</div>
<div class="detail">
Any lifetime
</div>
</div>
<div class="feature-row">
<h4>Intelligent error handling</h4>
<div class="benefits">
If Caddy can't get a certificate, errors are logged and Caddy will backoff exponentially and retry as long as needed until it succeeds (typically up to 30 days but could be longer). Caddy makes every reasonable effort to keep your certificate renewed.
</div>
<div class="detail">
Exponential backoff
</div>
</div>
<div class="feature-row">
<h4>Built-in throttling</h4>
<div class="benefits">
@ -573,6 +581,102 @@
<h3 class="purple">ACME</h3>
<p>
Caddy's ACME client is best-in-class, with higher reliability and more production experience than any other integrated ACME client available today. Caddy has been using ACME since before the public availability of Let's Encrypt, and Caddy works with any ACME-compatible CA.
</p>
<div class="feature-list">
<div class="feature-row">
<h4>Compatibility</h4>
<div class="benefits">
Some ACME clients are only tested with Let's Encrypt. Caddy is guaranteed compatible with all ACME-capable CAs.
</div>
<div class="detail">
All RFC 8555-compliant certificate authorities, such as:
<ul>
<li>Let's Encrypt</li>
<li>ZeroSSL</li>
<li>Google Trust Services</li>
<li>BuyPass</li>
<li>DigiCert</li>
<li>GlobalSign</li>
<li>SSL.com</li>
<li>Smallstep</li>
</ul>
</div>
</div>
<div class="feature-row">
<h4>Test endpoints</h4>
<div class="benefits">
By default, Caddy will fall back to a CA's test or staging endpoint (if there is one) after a failed attempt at getting a certificate to avoid hitting CA-enforced production rate limits. This could also be an ACME server you set up solely for the purpose of validating DNS configurations.
</div>
<div class="detail">
Let's Encrypt (others configurable)
</div>
</div>
<div class="feature-row">
<h4>External account binding</h4>
<div class="benefits">
Optionally configure External Account Binding (EAB) to enable Caddy to work with CAs that require you to have a separate account with them.
</div>
</div>
<div class="feature-row">
<h4>Challenge types</h4>
<div class="benefits">
Caddy supports all major ACME challenge types for Web PKI and can also be extended to support others.
</div>
<ul class="detail">
<li>HTTP-01</li>
<li>TLS-ALPN-01</li>
<li>DNS-01</li>
</ul>
</div>
<div class="feature-row">
<h4>Alternate challenge ports</h4>
<div class="benefits">
While certain ACME challenges must use the standardized ports 80 and 443, Caddy supports listening for these on alternate ports if you are forwarding them through a router.
</div>
<ul class="detail">
<li>HTTP (default 80)</li>
<li>TLS-ALPN (default 443)</li>
</ul>
</div>
<div class="feature-row">
<h4>DNS challenge integrations</h4>
<div class="benefits">
Solve the DNS challenge with integrations for dozens of DNS providers. <b>This list is incomplete;</b> <a href="https://github.com/caddy-dns">see the full list of DNS providers</a>.
</div>
<ul class="detail">
<li class="nonstandard">ACME-DNS</li>
<li class="nonstandard">AliDNS</li>
<li class="nonstandard">Cloudflare</li>
<li class="nonstandard">DigitalOcean</li>
<li class="nonstandard">DNSPod</li>
<li class="nonstandard">DuckDNS</li>
<li class="nonstandard">DynDNS</li>
<li class="nonstandard">EasyDNS</li>
<li class="nonstandard">Gandi</li>
<li class="nonstandard">GoDaddy</li>
<li class="nonstandard">Google Cloud DNS</li>
<li class="nonstandard">Hetzner</li>
<li class="nonstandard">Linode</li>
<li class="nonstandard">Name.com</li>
<li class="nonstandard">Namecheap</li>
<li class="nonstandard">Namesilo</li>
<li class="nonstandard">Netlify</li>
<li class="nonstandard">OVH</li>
<li class="nonstandard">Porkbun</li>
<li class="nonstandard">PowerDNS</li>
<li class="nonstandard">RFC 2136</li>
<li class="nonstandard">Route 53</li>
<li class="nonstandard">Scaleway</li>
<li class="nonstandard">Vercel</li>
<li class="nonstandard">Vultr</li>
<li><a href="https://github.com/caddy-dns">See all...</a></li>
</ul>
</div>
</div>
</div>
</section>

71
new/index.html
View file

@ -159,7 +159,7 @@
<div class="sponsorship-primer">
<h3>software <b>assurance</b></h3>
<p>
Some text here that explains sponsorships
Sponsorships aren't just donations. They provide your business with benefits
</p>
<a href="/sponsor" class="button purple">See sponsorships</a>
</div>
@ -345,54 +345,9 @@
</div>
<div class="testimonials">
<div class="testimonial-col">
<div class="testimonial">
<img class="testimonial-picture" src="https://pbs.twimg.com/profile_images/1624497316366528512/fBMXDuiZ_400x400.jpg">
<div class="testimonial-content">
<div class="testimonial-quote">
Caddy is awesome.
</div>
<div class="testimonial-name">
Firstname lastname
</div>
<div class="testimonial-role">
9000x developer, Bigcorp
</div>
</div>
</div>
</div>
<div class="testimonial-col">
<div class="testimonial">
<img class="testimonial-picture" src="https://pbs.twimg.com/profile_images/1624497316366528512/fBMXDuiZ_400x400.jpg">
<div class="testimonial-content">
<div class="testimonial-quote">
Caddy is awesome.
</div>
<div class="testimonial-name">
Firstname lastname
</div>
<div class="testimonial-role">
9000x developer, Bigcorp
</div>
</div>
</div>
</div>
<div class="testimonial-col">
<div class="testimonial">
<img class="testimonial-picture" src="https://pbs.twimg.com/profile_images/1624497316366528512/fBMXDuiZ_400x400.jpg">
<div class="testimonial-content">
<div class="testimonial-quote">
Caddy is awesome.
</div>
<div class="testimonial-name">
Firstname lastname
</div>
<div class="testimonial-role">
9000x developer, Bigcorp
</div>
</div>
</div>
</div>
<div class="testimonial-col"></div>
<div class="testimonial-col"></div>
<div class="testimonial-col"></div>
</div>
</div>
</section>
@ -468,6 +423,24 @@
{{include "/includes/footer.html"}}
<template id="tpl-testimonial">
<div class="testimonial">
<img class="testimonial-picture">
<div class="testimonial-content">
<div class="testimonial-quote">
</div>
<div class="testimonial-name">
</div>
<div class="testimonial-role">
</div>
</div>
</div>
</template>
<script>
AsciinemaPlayer.create('/resources/321140.cast', $('#video-demo'), {
preload: true,

7
new/resources/css/features.css
View file

@ -67,10 +67,15 @@
font-weight: 500;
}
.feature-row ul.detail {
.feature-row ul.detail,
.feature-row .detail ul {
margin-left: 1em;
}
.feature-row .detail ul {
margin-top: 1em;
}
.feature-row ul li {
margin-bottom: .5em;
}

6
new/resources/css/home.css
View file

@ -324,10 +324,11 @@ div.ap-wrapper:fullscreen div.ap-player {
.testimonials {
--testimonial-spacing: 25px;
display: grid;
grid-auto-columns: minmax(0, 1fr);
grid-auto-flow: column;
gap: 25px;
gap: var(--testimonial-spacing);
position: relative;
}
.testimonials::before {
@ -351,9 +352,12 @@ div.ap-wrapper:fullscreen div.ap-player {
border: 1px solid rgb(174, 181, 185);
border-radius: 5px;
padding: 1em;
margin: var(--testimonial-spacing) 0;
}
.testimonial-quote {
margin-bottom: 1em;
font-size: 16px;
line-height: 1.4;
}
.testimonial-name,
.testimonial-role {

17
new/resources/js/home.js
View file

@ -1,5 +1,16 @@
ready(async function() {
const resp = await fetch("/resources/testimonials.json");
const testimonials = await resp.json();
const resp = fetch("/resources/testimonials.json").then(async resp => {
const testimonials = await resp.json();
console.log(testimonials);
ready(function() {
for (let i = 0; i < testimonials.length; i++) {
const testimonial = testimonials[i];
const tpl = cloneTemplate('#tpl-testimonial');
$('.testimonial-picture', tpl).src = testimonial.picture || "";
$('.testimonial-quote', tpl).innerText = `"${testimonial.quote}"`;
$('.testimonial-name', tpl).innerText = testimonial.name || "";
$('.testimonial-role', tpl).innerText = testimonial.role || "";
$(`.testimonial-col:nth-child(${i%3 + 1})`).append(tpl);
}
});
});

28
new/resources/testimonials.json
View file

@ -3,8 +3,34 @@
"name": "First last",
"role": "9999x developer",
"company": "Bigcorp",
"picture": "https://...",
"picture": "https://pbs.twimg.com/profile_images/1624497316366528512/fBMXDuiZ_400x400.jpg",
"quote": "Caddy is cool.",
"link": "https://..."
},
{
"name": "Brad Warren",
"role": "Lead Engineer of Certbot",
"company": "Electronic Frontier Foundation (EFF)",
"picture": "https://sea1.discourse-cdn.com/letsencrypt/user_avatar/community.letsencrypt.org/bmw/144/7797_2.png",
"quote": "I think we should consider making Caddy the default ACME client recommendation. … It allows for better integration between the TLS server and the ACME management of those certificates. … [ACME clients with] Apache and NGINX are inherently more error prone and brittle than having the TLS server manage its certificates itself. … Caddy is written in a memory-safe language. Adoption of memory-safe programming languages is something that both ISRG and the broader computer security community have been encouraging more and more lately.",
"link": "https://community.letsencrypt.org/t/should-our-default-client-recommendation-be-caddy-if-not-why-not/199949?u=mholt"
},
{
"name": "Josh Aas",
"role": "Executive Director",
"company": "Let's Encrypt",
"picture": "https://sea1.discourse-cdn.com/letsencrypt/user_avatar/community.letsencrypt.org/josh/144/10641_2.png",
"quote": "Caddy is impressive. This is what we want, setting up a secure website.",
"link": "https://www.youtube.com/watch?v=OE5UhQGg_Fo"
},
{
"name": "Stripe",
"role": "Global Leader of Fintech",
"quote": "With its extensible architecture and on-line config API, Caddy powers many of Stripe's internal systems."
},
{
"name": "Robert Melton",
"role": "Software Developer",
"quote": "Our client was in deep trouble: they were about to fail PCI compliance. We tossed Caddy in front hours before the deadline and went from 40 to 0 security errors in just minutes. … We have put over 1,000 domains on Caddy so far."
}
]