Cutlery/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-05-24 02:02:26 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated v2: FAQ (markdown)

Matt Holt 2020-04-10 10:04:40 -06:00
parent 1d093a1a54
commit 3e04b4bb6b
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
v2:-FAQ.md

@ -1,3 +1,7 @@
_Note: These docs may be sligthly outdated._
---
### How do I configure Caddy 2?
Caddy's primary mode of configuration is a REST API, which accepts a JSON document. The JSON structure is described [interactively in the docs](https://caddyserver.com/docs/json/). The advantages of exposing this low-level structure are 1) it has near-parity with actual memory initialization, 2) it allows us to offer wrappers over this configuration to any degree of convenience that is needed, and 3) it performs very well under rapid config changes.
@ -91,7 +95,7 @@ Already, this is more expressive power than most web servers offer with their na
But in most web servers, to make logic this complex feasible, you'll generally call out to Lua or some extra DSL. For example, in NGINX you could use a Lua module to express this logic. Traefik 2.0 has [yet another kind of clunky-looking custom DSL](https://blog.containo.us/back-to-traefik-2-0-2f9aa17be305#d22e) just for this.
Caddy 2 solves this in a novel way with [Starlark expressions](https://godoc.org/go.starlark.net/starlark#Eval). Starlark is a familiar dialect of Python! So, no new DSLs to learn and no VMs to slow things down:
Caddy 2 solves this in a novel way with CEL and/or [Starlark expressions](https://godoc.org/go.starlark.net/starlark#Eval). Starlark is a familiar dialect of Python! So, no new DSLs to learn and no VMs to slow things down:
```python
req.host == 'example.com' ||
@ -102,6 +106,8 @@ Starlark performs at least as well as NGINX+Lua (more performance tests ongoing,
In summary: Caddy 2 config is declarative, but can be imperative where that is useful.
(Update: we ended up shipping CEL first, but it's still experimental. Starlark may come later.)
### What is Caddy 2 licensed as?
Caddy 2 is licensed under the Apache 2.0 open source license. There are no official Caddy 2 distributions that are proprietary.
@ -143,4 +149,4 @@ Or with the Caddyfile, using a global options block at the top:
## Can we get some access controls on the admin endpoint?
Yeah, that's coming. For now, you can use a permissioned unix socket for some basic security.
Depends what specific requirements and threat models are. Most users won't need this, unless arbitrary, untrusted code is running on your machine (yikes!) in which case all bets are off anyway, and it's beyond any one user space process' ability to protect you; you'll have to configure your OS environment with special protections in that case. (Technically, websites run arbitrary untrusted code on your machine in web browsers, but modern web browsers enforce CORS and have other sandboxing measures which help protect you, and this issue is not specific to Caddy. Furthermore, how many of you are running a web browser on a production web server?) If you want to, you can enable the enforcement strict Origin checking and/or use a permissioned unix socket for some basic security if your threat model dictates.