Servers with Matt from Caddy

Welcome to Syntax. This is a podcast with the tastiest web development treats rid Out there, we've got a really great show for you today. A little bit of a different show, specifically focusing on servers, rid Which has always been a pain point of mine of managing servers and load balancing and SSLs and proxying and running multiple apps. And we have Matt from Caddy Server here ready. To answer all of our questions and and talk about what Caddy is and whatnot. So excited for that. We got 3 awesome sponsors today. First 1 is LogRocket, does rid Online JavaScript session replay. 2nd 1 is FreshBooks online invoicing and accounting. And third 1 is Cloudinary, which does rid All of your image transformations, hosting, resizing, they do video as well, so check them out.

Hey, Matt. Thanks for coming on. Hey, Wes And, Scott Hey. Thank you. This will be fun. Yeah. Absolutely. Do you wanna give us, like, or maybe I should I'll I'll give my little How I found out about you years ago, and then I'll I'll let you give a little rundown of of who you are and what you do. So I just looked it up. Rid. 6 years ago, I was listening to a podcast called, Floss Weekly, and they had you on talking about this thing called Cabbie Server. And rid At the time, I was just putting together my course platform, which is it runs on Nginx, And and there's there's sort of, like, 2 big web servers out there. There's Nginx, and there's Apache. And then you were on this podcast talking about this this new rid Server was called Caddy Server, and I thought, oh, man. That's really, really cool. I followed you on Twitter. And then over the years, I've just been drinking in and rid absorb all the information about how web servers work from here. And I'm happy to finally have you on the show. So thanks so much for coming on. Great. Yeah. That's that was a long time ago. Man, Things have changed. Yeah. I couldn't believe I couldn't believe how long it was. So why don't you give us a quick rundown of of who you are and what ready. Yeah. So yeah. My name is Matt Holt. I,

I work on the CADDY web server full time. Thanks to sponsors. And I started Caddy as an undergrad in college because I needed a there were only like Yeah. It's like 2 main web servers at the time. I mean, there were a couple of there were a few others, but Honestly, none of them were super great for what I needed.

The web was changing and the web servers weren't.

And so I decided to write my own. I had gotten in to go In early 2010s when it kinda was first released. And and so while working on classes full time, I decided to just write a web server to fulfill my needs rid that I had. And, and so that was how Caddy was born.

Just kind of a a little open source project for fun that I put on Hacker News. And, turns out a lot of other people kinda had had similar needs and, there's a lot of stale development in the web server space.

So So it's kinda fun to bring something a little bit fresh and new. Yeah. There's a ton of other alternatives, you know, that are used that as well that have kinda grown in popularity, but think Kaddy is one of the first to kinda, like, majorly disrupt the space.

So, it was kinda fun and and still still fun working on that. That's awesome. So,

rid Like, let me ask you. Like, why would you want to build a web server? Like, what was wrong with the existing

solutions out there? Rid I know myself by running Nginx server is every time I need to add a new domain name or anything like that, it's such a pain in the butt. And it's it's kinda scary, to be honest, because If you screw it up, the your your website is down. So, like, why did you build your your own web server and yeah. Yeah. There's, a lot of of a lot of things converge, I think, on the timing of everything. So Go is this kinda new and up and coming language back in, like, 2011. It was rid It was about 2013 or 2014 at this point where I started looking at this and for a web server. And Go standard library made writing web servers really easy and, like, it's A really high quality code there from the Go team, to build on.

As a developer doing, making a lot of rid Little sites at the time for school and and work at the time.

I needed ways to quickly spin up prototype websites and other little sites that didn't involve, like, just this kind of clunky configuration, of traditional servers. And I needed features the traditional service didn't really have that I would have to like spin up an entire separate back end for in in some Like, if I wanted to render markdown, why is that such a pain, with existing web servers when, like, Markdown was really popular already at the time, and so and that was one example.

Anyway, so I just decided to go ahead and just rid Just write a web server that kinda incorporated some new technologies. And in addition, I also was concerned with the fact that, this is just after, like, the Snowden revelations and the the push for HTTPS, and and encryption across the web. And so I was concerned that it was too difficult.

And conveniently, Let's Encrypt was on the rise at rid time about 2014, 2015.

And so I keyed into that.

Also, I was concerned about the whole idea of writing Vulnerable edge facing, like, critical infrastructure code in c and, like, deploying that to edges where a lot of untrusted clients are connecting.

And so Go doesn't have a lot of the memory safety vulnerabilities that c programs do. I mean, you remember, like, Heartbleed? Rid That was kind of the famous security case back in, what is it, 2014 when you could just

Query, connect to a web server and have it leak its private keys. Mhmm. Mhmm. Yeah. For our audience who is listening, this was, rid Was this a vulnerability in Linux or This was a vulnerability

in open SSL, which was a c program. Okay. It was a c program. And and because it's written in c, it's really hard to write safe code.

Go doesn't have, and other modern languages like Rust Stuff don't have vulnerabilities like this where you can't you can't escape outside of your buffers and, like, and leak

rid Private memory information so easily. Oh, okay. I I always wondered that. I remember when that that rolled out, and I had to run some upgrades on my server. And I was like, I understand this. Like, I understand that somebody could ping this, and they get these, like, dumps back. And if you get enough of them, you could see private keys, and, like, That seems bad.

That that seems bad.

I I you know, I thought that was a good thing that you brought that up because this was my introduction rid to Caddy was that we were redoing our auth system and wanting to have a a local reverse proxy with an SSL certificate, And I was like, well, I guess I gotta start generating my own SSL certificates, and then I gotta figure out how to have a a server to use those SSL. And then you came along, Matt, with with Gaddy. Was it like, oh, it's a couple lines of config, and the whole thing will just spit out SSL certificates for you, Which is, for me, one of the biggest pain points in the world of web development to to give some context here for anybody who is not around before Let's Encrypt.

Before Let's Encrypt, the process of getting an SSL certificate, not like a self signed one for local development, but an SSL certificate for Your entire application, involved you going through the the worst interfaces known to man in any of these domain hosts Because for some reason, their SSL purchasing systems also, they cost a ton of money to get a wildcard SSL. It was, like, $200.

100 of dollars

per year. Yeah. Yeah. For a wildcard SSL. And that was like that was just the thing you had to do, and then of installing it and creating it correctly, it was a whole day thing. It was like, okay. I guess I'm gonna carve out time to redo my SSL certificates today. So for those of you who weren't around before then, what Let's Encrypt was was a a system that basically allowed you to create SSL certificates for free.

There were some caveats on that about, like, time that they were valid for and things like that, but It was pretty game changing when Let's Encrypt came out. So it seems like you you came along at the right time to take advantage of that ease of use of generating SSL certificates,

And man, it really paid off because it's one of my favorite aspects of Caddy. Yeah. Yeah. The, the automatic SSL or or actually as we call it now is, it definitely is it's flagship feature and it's the 1st and only web server to use HTTPS By default, like you don't need to turn on HTTPS.

It will just implicitly do that with your your configuration.

And yeah, that that's hugely important. Let's Encrypt, they took this process that was bloated and enterprise y and slow and tedious and really risky and insecure if you think about it. Like, traditionally, the way to verify that you control the domain name was, like, send an email and you had to click a link in an email, which isn't fishy at all. And then Really? Yeah. And then, you downloaded your certificate chain. You have to choose the right bundle for your server and, like, Configure server properly. It was

the worst. Yeah. Don't make a mistake either. You're psychos now. You're putting it in hands of people like me.

Rid Yeah. So so yeah. The the ACME protocol, which came out of research at U Michigan.

Go blue. University of

Michigan and some other industry collaboration. The the ACME protocol is is the protocol that lets you encrypt, deploys production, which allows the automation of of these certificates. And so, yeah, Vocadie implemented the client side of that protocol.

And significantly, this all works because Let's Encrypt is a trusted authority. Anyway, the timing there with with Caddy was just really was really good

it's a really hugely useful feature. Yeah. And I should even say, like, I use Let's Encrypt on my course websites, rid And I don't have it automated at all. Like, I have a little bit. There's, like, there's, like, a bot that comes with it and whatnot in it. They autoredo and whatnot, but then You have to, like, put a cron job to restart the Nginx server. Otherwise, it will get the the old server. And, like, sometimes, I wake up on Sunday morning sometimes, and, like, one of my websites needs, like, a restart. I'm like, oh, such such a pain. Yeah. I'm prime candidate for for something like this. Like, even though Let's Encrypt is free and you can automate it, there's still a lot of that could go wrong. And I was like, Why is this not just baked into,

the web server? It needs to be baked in. And and I should actually I need to say something like, the the the early tooling around Let's Encrypt and, like, Certbot and whatnot are great transition tools.

However, I do not recommend I can't honestly recommend Certbot for permanent long time use in production, especially at scale. I think it's a great and super important tool to transition existing sites, especially the long tail of small sites you can't rely.

Like, all these tools, they obtain a certificate from Let's Encrypt, and then you have to schedule your own, like, renewals rid and stuff and just hope it doesn't have errors with retry logic that you can't script easily.

What you what everyone nobody wants one certificate.

Everyone needs renewals of certificates. And so that's why, like, Caddy and and these baked in solutions are really the only way to go because you can run a command and get a certificate, but it's gonna expire in 90 days. You better renew it in, like, 60.

So, yeah, it has to be baked in. I think Caddy is really kind of the The best way to do that.

Yeah. There are I need these new, like, classes of tools that are just like, you know what? SSL is something that we all need.

We all need to do it, and it shouldn't be on the developers to have to you know, it shouldn't be on our cognitive load to make sure these things, You know, are secure.

And so any modern platform that includes an SSL generation, like, for instance, we use render .com is our host. Right? Mhmm. We wanna set up a subdomain for it. It just generates the SSL for us. Right? Then, you know, it's like, rid As your service is not doing that in in 2021, I probably won't be using it because I just don't wanna have to deal with anything else. So, fact that Caddy Caddy can do that out of the box is like, with literally no config. I mean, it it was fantastic just how easy that that rid

All you need to do is tell it your domain name and

and it will do it. So before we get into the server side of things, let's, talk about one of our sponsors Which is LogRocket. Now LogRocket is a perfect place to see all of your errors and exceptions happening in real time as they did it In a session scrubbable video replay. Seriously, it's so cool because you can see exactly what happened when a user clicked on something And it turned your website into an encrypted mess, maybe. I don't know. Maybe it accidentally encrypted your website somehow. Not the good type of encryption, but just jumbled it. Who knows? But LogRocket will be able to see those types of things happen. As in any type of issue or error that comes across your website, it's gonna rid Scrubba will video replay where you get the network requests.

You get the error logs. You get all the things and more to be able to see exactly rid how the user somehow managed to do that to your website. You know those users, they'd be crazy. So you're gonna head over to logrocket.comforward/ syntax, rid Sign up and get 14 days for free. Check it out. Thank you so much for LogRocket for sponsoring Syntax. Alright. So my question is, rid A lot of our listeners

are creating node applications. And with the node application, you can go get a box at Linode or DigitalOcean or rid Or any of these these places that give you a Linux server that you can just log in to, and and you can do whatever you want on that. Rid. That's what I host my personal website on as well. There seems to be a bit of a shift over to people using services, like, like Scott said, render, digital ocean app platform, rid Nelify, Vercel, things like that. But a lot of people, especially once you get at scale, it's much cheaper just to run this stuff yourself.

Why does somebody even need a web rid server if when you're developing locally, you can just create a web server with Node. Js. So, like like, why does there need to be the secondary layer

of rid A Caddy server or Nginx server in front of your application. What is that for? Yeah. Good question. I think it depends what you're doing. Like, Like if you are genuinely just writing a little, like, just a, I don't know, some dinky little note app that you're just kinda developing with or experimenting with you, you don't need Server in front of it or anything.

Servers like Catty in particular are really useful when It specializes in things that a lot of language frameworks and other like backend platforms may not Do very well or very easily.

So a really common reason that people will deploy Caddy is is actually just to get HTTPS.

Rid Even locally, Caddy will serve your local sites, you know, 127001 or local host or whatever over HTTPS.

Do that using self signed certificates that auto trust into your in your system. So that's a common reason,

because often sites will behave differently over rid Yes. And they will, over h t p, especially if using advanced web API features. You need the Yeah. Like webcam, audio, all of those need to be done over a rid your origin, which localhost is a secure origin, but if you're using, like I use west.dev locally to run all my websites instead of localhost. And if that's the case, then you have to run a SSL locally because it's not local host. Right? It's not secure origin.

Yep. Exactly.

Rid. And even, like, same site or, secure h t p only cookies won't even set in local host. Oh, you're right. Yeah. So you need that rid dotdev or dot whatever. I use dotdev too. So

Yeah. I wish

dotdev wasn't a real TLD, to be honest. Yeah. Yeah. Right. Rid I I own the I own the domain, like level of tutorials dot dev and level of tutorials. I was like, well, I own it, so it's not yeah. No risk of going anywhere else. Yeah. Yeah. Definitely smart.

Yeah. So that's one reason. Another reason too is a lot of people, if they're hosting services out of like, Well, so they're hosting multiple services. I guess it doesn't matter where, whether it's at home or in production. Just being able to multiplex These different services or reverse proxy them. So in other words, you open a single port, you know, at your host, say 443, the TLS port, And you can serve different back end applications from it. The the proxy caddy in this case can decide Which service to proxy to based on like the request path or headers or remote IP or or any of these other features.

So that's often really useful, especially if you're doing this, you know, on a single port.

Yeah. I think that's the rid. A huge killer feature that a lot of people don't realize is that if you are somebody who has a little $5 a month rid server or literally even like, I've got a little Synology here that runs Linux, and, like, I can run a web server on that thing and just host my apps inside my own home. Rid If you're someone like that, you can host as many apps as you want on a single box without having to pay over and over again. Rid And then you can also do this is one thing that I I really missed about just, like, using PHP.

It's like you can create, I'm using quotes here, folders Where, like, you could do test westapps.comforward/apponeforward/app2forward/apps3.

And rid On all of these different URLs or different even different domain names, you can say, okay. When somebody hits this domain name, proxy the app, The node app that's running on port 777 through port 443.

But then when somebody visits forward slash app to proxy the Ruby app That's running on on this port through that, and that it just, like, it just it's like a traffic cop being like, alright. You it's your turn to Push this through. It's your turn to serve up this app. Right? Mhmm. Yeah. Exactly. And it also works really well with containers. You see this a lot with people spinning up multiple containers of of apps services. Yeah. Oh, yes. So if if somebody's running, like, Docker a couple Docker images on a single Mhmm. Box, right, they can run domain names in Different paths for that. Yeah. There's even plug ins to to automate that. Like, you spin up a new container and Caddy will automatically start proxying to it, stuff like that. Rid. That's what I've wanted for the longest time. So in in node land, we use this thing called PM 2, or a lot of people use I use another one called ready. Forever. And what it does is it watches your process, and if the thing breaks for whatever reason, it'll try to restart it. Or if there You can also see all the logs that are associated with it, and I'm like, this thing is awesome for running multiple apps. It would be so nice if it integrated with rid. Something like Kati, where it also gave me, like, folder structures where I could just, like, drop

different node apps rid. That have start commands in their package JSON into different folders, and it would just automatically run them for me sort of like a a Heroku or something. Yeah. That'd be cool. Rid That actually is one thing that might be useful to a lot of, you know, the back end app developers out there is that Caddy's, API is is programmable, but has a config API. You don't have to use files at all. So if you're writing a program that wants to integrate with the web server and, like, update its configuration on the fly in real time, rid Gracefully, you can do that, with Kaddy's JSON API.

So we see a lot of, like, integrators or businesses doing that rid To to great effect. Oh, so you could, like, you could automate all that. Yeah. It's actually really cool. The other way to configure is through the with like a Caddy file. Right? Yeah. Most people do use Caddy file, the full text file. Kinda like a I don't know if it's like a Docker file or just a little, like, or like an NGINX config, but but like a simpler syntax. Like, in my opinion, it's yeah. It's pretty easy to read and write and it's good for for most most sites, but

but, yeah, under the hood, it's just converted to JSON config or used with the API. Yeah. To illustrate, because a lot of people rid. Start to roll their eyes when they hear config file, not because config files are bad and they're fantastic, but, like, another config file in the project. Right? But I I wanna emphasize that we we have our config file for level up tutorials to get an SSL certificate, a reverse proxy to our local host are is essentially 4 lines of relevant code. The one is which just says local certs to let us know that we're using local certs rid for our SSL, and then the other one is level up tutorials .dev brackets reverse proxy and then to the local host port 3,000. Rid. That's it. And then I run Caddy run, and Caddy goes, and it it gets us going. Right? I mean, it it's that easy. So the config file

Is really if you're not doing a ton with it, it is effortlessly small. Yeah. You can actually do semi advanced configs with the caddy file. Rid Yeah. For for like really advanced stuff and automation and programming, we recommend the the JSON API directly. But, yeah, the Kaddy file, a lot of people choose Kaddy because it's just so easy to write. It's just your site name, example.com, hit enter, and then, like, what you want it to do, like file server or reverse proxy. I mean Yeah. And anyone who's written an NGINX config or even an Apache config.

Knows just how much fun that is. I remember getting into was that WAMP, MAMP, MAMP, And having to, like, dive into the Apache configs inside of NAMP and just being like, just don't

wanna do this. Yeah. Yellow. I just have, like sometimes I wake up in the middle of the night and have a nightmare of my NAP server being a yellow. Oh, go green. Like, no. Go green. Like, every time I would restart it, I would, like, hold my browser. I was like, green. Rid Green. Apache green. No. Dude, I'm right there with you. That's hilarious. Here it's green. Yeah.

I know that, Zane. Rid I I will I will say, a common trip up point though, a lot of people do get tripped up. Like, most of our questions on our forum aren't even so much about CADDY Specifically, they're about system administration. Mhmm. So a lot of, like, people trying to set a caddy up on Linux and having difficulty.

Really, it's just a struggle with Linux Or or Windows or whatever system, more than the web server itself. It does it does pay to know how to administer a system. Like, there's definitely value there. Rid But the Caddie itself, like, once you know how to, like, run a system, Caddie should make it very much a breeze. Another thing I was gonna say that a server is good for, and I'd be curious to hear your ready. Your ideas on this is that sometimes when you're run running like a node app and you've got, like, an images folder,

sometimes it's better to let your ready. Your caddy server or Nginx serve up those images from your image folder instead of just passing the request onto your node app, and then your node app Serves up the images. Is it is it better just to have your like, a a proper web server serve up the images instead of your Ruby or Node app? Rid Yeah. That's a good good point. Yeah. So,

in some cases, Caddy and any web server using the Go standard library rid Take advantage of some optimizations with some system calls to to just pipe data directly from, like, a ready. IO to a network socket without basically, yeah, it can be faster.

It also can just be simpler. Like Typically, the the less you offload to your back end, the better.

That way your back end can focus on the business logic and stuff like that.

Ready. Enforce some security policies before it hits your back end. That's another common,

use case. What kind of security policies would people be implementing at that level?

So a lot of people will set headers, like security headers. Other people will block IP addresses or set up rate limiting.

Okay. Or authentication even. Caddy has some great authentication plug ins

developed mostly by third parties. Yeah. So that's rid Something you can do at a at a Caddy level is do rate limiting. So somebody at a certain IP can only hit this app or endpoint or whatever, 5 times within 10 seconds.

Yeah. So there's there's currently a a third party plug in. So if you don't know much about Caddie. You should know it's very extensible. It comes with a core set of features that are very useful, but a huge benefit of it is that it's rid Easily extensible and very modular design. So so there are third party plug ins for rate limiting that I'm hoping to actually write Kind of more of an official one here this year.

Mhmm. But, yeah, you can you can do do all that with Caddy, for sure. That's cool. It's funny. One thing in the React

just set

Oh, yeah. You got a browser making requests rid To well, to ultimately just like a single page and then the web server needs to figure out which content to actually load. The web servers can rewrite requests.

So you can have this really nice, like user facing URL structure or whatever is you need for your JavaScript friend and or whatever. Rid A common and simple example of rewriting is to, like, to show users URLs that don't have file extensions. So if you are serving a static file like the HTML files or rid. Your web server implicitly add that and then serve the content as if it originally came in like that. That's super popular in, like, PHP world as well. Sometimes you websites

with .PHP on the end. You're like, you could just flip on a setting that turns that off. You know?

Rid. Yeah. And by the way, serving PHP with Caddy is one line with config. Really? Oh, nice. The FPM running? Yeah.

Rid What is the Caddy stack for that call? Because it's a LAMP stack with, Apache. So it's the

c l m p? The CLMP? Yeah. I don't I don't know. I never thought about it. We're gonna have to rename Caddy to have something that starts with a, A vowel. A vowel here. Yeah.

Yeah.

The clump stack.

I don't love the name caddy, to be honest. It just kinda stuck. I I chose it because it's, like, kinda does Everything for you. Takes care of all chores, you know, and Yeah. Lets you focus on what, yeah, what you do. So anyway That's a good name.

Speaking of doing stuff for you, we've got one of our sponsors today, which is FreshBooks at freshbooks.comforward/ syntax.

FreshBooks is the all in one cloud accounting caddy server for you.

And, what FreshBooks does is it allows you to rid. Create all of your invoices, send them to your clients, send late payment reminders, just overview, look at who owes you money, rid Take payments via credit card and a number of other options. You can import expenses from your bank account. It's awesome. If you're running a business or even just doing a couple little side jobs, Sign up for FreshBooks, and you won't regret it because your books are gonna be in order. Check it out, freshbooks.comforward/ syntax, and use syntax in the how did you hear about it section.

Rid Shout out to FreshBooks for making, tax time easier. Right? Yeah. That's tax time for me right now, and it's It's still not fun, but it makes it way easier because I just have to export everything and give it to my account, and I don't have to chase around. Air, you deal with it.

Alright. Let's talk about, load balancing.

Like, this Kaddy does load balancing. Can you explain to us what what a load balancer is and why you might need it? Yeah. So the idea is that, if you've got

multiple back end applications or or multiple instances of a single application, The load balancer takes in all the all the requests or connections and then, will, as evenly as possible, distribute the load between these back ends So that you can scale horizontally, I think is how they describe it.

Instead of having 1 back end instance of your back end that is like Really heavily loaded with every single request, especially if it's doing, like, database and other kinds of IO or processing intensive stuff.

Rid it's gonna add a lot of latency to your to your clients.

If you can, like, write your app, it's just a way that you can deploy 5 instances of it or 10 or whatever, however many.

And they each take 1 tenth of the load, 1 tenth or 1 fiftieth or whatever of the load, then your application will run faster and scale better as it grows.

So a lot of, like, growing startups, and and services will use a load balanced, infrastructure.

And so, yeah, the idea is that Kaggle will take in these requests. And then based on a load balancing policy, of which there are quite a few, You can choose 1.

If you have a preference, it will just evenly distribute the load. Yeah. What's it take to implement something like Load bouncing. Because to me that it seems like the black magic. Like, you you don't know what exactly is going on there. It it seems like higher level computer stuff. Is it is that tough to implement?

You know, honestly, load balancing is I think it was the easiest part of the reverse proxy to implement. The hardest part was Streaming logic, which I actually borrowed most of that from the ghost standard library. Mhmm. But the load balancing is actually pretty easy.

There's various policies Like, various ways to do it. Right? You can round robin, which is like, if you have back end a, b, c, and d, just you go in that order. A, then the next one is b, the next one is c, etcetera.

There's least number of connections. You choose the back end that has the least number of active requests or connections to it. There's random. You can do random just randomly choose 1. And then there's a whole bunch of others. They all implement the same interface Or basically, they take in a request and they output the back end to use.

And so each load balancing, Like the logic is only a few lines long. Like generally, I'd say 5 to 25 lines of code.

You just, you have to keep a little bit of state.

As long as you do that in a thread safe way, like in an atomic way, it's, it's pretty straightforward.

Like, round robin is just incrementing an unsigned integer and then modulate modulus the number back ends and you're that's it. Like, that

Very clearly explained in a way that's like, oh. Yeah. Okay. Yeah. Okay. Yeah. Oh. Yeah. So It has a cool name for how simple it is. Loadbound.

Yeah. It's really useful. I'm curious what you think of the ongoing, like, productization or servers re Server to zation of a lot of these things. Like, I feel like running a Linux server and managing it yourself is rid. Either becoming a bit of a lost art or is just going the way of, like, oh, I know. I just use this thing, and it and it works.

Do you count yourself in Caddy in as part of That movement where, like, no, we do the hard stuff for you. Or, do you think that server administration is a bit of a lost art? I think of it like, So I grew up playing the cello.

And I think playing I feel like playing classical instruments is becoming a lost art. And I feel like running a web server is very much Similar type of thing, which is such a shame because it's really such an a young art still.

I think there will always be unbeatable value in self managing your Linux, like your your servers.

Hosted services are great if you are willing to give up certain freedom and and pay for it and and that kind of thing if you want the convenience.

They run on servers, so they themselves still need servers. So, like, Caddy Somebody has to make these things. Right. So Caddy could be that server, for example.

There's no reason like Netlify or something couldn't use Kaddy. I don't know why they aren't, honestly.

Been trying to get the big integrators to use it. But anyways, Some actually do, by the way. We do have Caddy instances that are serving tens of thousands of sites.

Wow. Yeah. And managing SSL or TLS search for all of them. Yeah. But, But yeah. Like even serverless platforms or infrastructures, they they still use servers. So it really is just a matter of what are you willing to give up And what are you gaining? At the end of the day though, I I'm a huge advocate for learning how to use a computer and just manage it yourself. I think that's gonna be really important, especially as data privacy and and and flexibility and freedom, you know, is is like challenged more and more.

As we see large companies making more, I don't know, profitable or profiteering decisions or, like, more controversial decisions.

Yeah. It's nice to be in control.

Being able to find your own water or run your own server at some point will probably be useful rid Yeah. In in your career, I think it's funny. Like, I think the same thing about people using phones much more than computers rid. Recently, like, I look at, all of my friends who either work desk jobs or or don't work technical jobs, They don't use a computer outside of sitting at their desk or at home at all. It's all done on the phone, and part of that's awesome. Like, it's rid. Another type of computer. And then part of it is just, like, there's, like, this whole generation of people that don't have skills to create stuff on a desktop. Not to say that there there isn't apps and stuff rid like that on it. But I think being good at a desktop computer and being fast and efficient is so much better than Just using a phone for absolutely everything, and I mourn that a little when I see my friends just use their phone entirely.

Yeah. It's funny you say that, Wes. I I've Recently, like, Courtney, I would ask her, like, about something about her computer or whatever. She'd be like, I don't know. I don't have it set up. And they're like, okay. Here's what's gonna happen. I'm going to just turn into a system administrator here, and I'm going to provision you equipment.

And I'm gonna provision you equipment. I'm gonna maintain it. I'm gonna manage it, whatever. Don't gotta worry about anything. And then that way, when I want you to use 1 password for something, it's just there. Right? You know?

Yeah. It kills me because I'm like, rid As I'm saying this, I'm saying inside it. Am I the one that's out of touch? Yeah. Right. Yeah.

Yeah. I mean, I think I think if you want homogeneity is that the word? Hom homogen if you wanna homogenize, like, the Internet yeah.

Yeah. You're asking the wrong people, but yeah. Yeah. We can't pronounce anything.

If you wanna homogenize the Internet, then use rid Then everything will be the same. Makes sense. Yeah. Everything will go down at the same time. Everything will you know? Anyway yeah. AWS east goes down, whatever. Everybody's toast.

It's the entire Internet. It's it's true. My AWS went down the other day, and a bunch of my email was down. And I went downstairs, and I was telling my wife how stressed out I was because I was getting hundreds of emails from people being like, it's broken. And she's like, yeah. I know.

Rid All of these things are down, and I was like, oh, man. Like, this AWS is like I was like regular person, like my wife.

She's like, I know. The servers are down. You know? Like, it was such a big thing, and I was just like, wow.

It's transcended, like, my world of of AWS going down. And, like, obviously, it affects everybody because half the Internet is hosted on this thing. Yeah.

I love finding out that services are down when you can't, like, rid Unlock your door. Turn on your lights. There you go.

Yes. It's funny. You mentioned image hosting at one point. The easy solution for Image hosting would be just use one of our sponsors, which is Cloudinary.

Now Cloudinary is the best way to manage and store all of your videos and Images in the cloud and transform them as you need. Let me tell you. We use Cloudinary for just about all of our images on LevelUp tutorials, and we have for so long because rid. It's insanely easy to just upload with a URL. Like, you hate implementing JavaScript into your application? You hate writing a lot of code? Cloudera's got you covered. Use the slurp URLs.

I call them the slurp URLs.

Yeah. I think I do too. At this point, we came up with slurp, and with that slurp slurp, rid. We get the the image basically uploaded automatically, and you can pass in some parameters into the URL like an auto. Right? F underscore auto is rid is the boss, so to say. It gives you the format that the browser like, the best format possible that the browser can handle, giving you the smallest possible image size, rid getting you the fastest possible loading for all of your images. And who wants to write the code do that themselves? I don't. There's also all sorts of really neat tools like Just giving you quality auto, maybe you're serving up too high of quality. You can also really get minute in the details and pass in a specific width, height, rid Specific quality, specific format, you can even transform. You can turn it into a old Western cowboy CBF photo if you want.

You can do so much with Cloudinary and more. So head on over to cloudinary dot come and click the link in our show notes and, let them know that you heard about Cloudinary from Syntax. Thanks so much for Cloudinary for sponsoring. So we talked about servers, load balancers,

reverse proxies. There's there's a list on the website of everything Caddy does, and I'm just looking at them. Like, rid I don't know what half these things are. Like, what is a sidecar proxy?

Oh, you know, I honestly don't a 100% know either. I think it has something to do with, like, service meshes, which To me are over engineering for most applications, so I don't use them personally. But I think they they like a sidecar proxy tag along with a container and as you deploy a bunch of containers and some sort of yeah.

Rid But people use it for that out here, I've been told, so I put it on the website. That that's good to know. What about Cron Jobs? Is is Cron Jobs something that happens At an OS level, or is that something that happens on a web server?

Yeah. So CronJob I mean, you're talking about, like, actual cron jobs, it's a it's a Linux service.

Yeah. Yeah. It just runs past on a schedule.

And CADDY can do that. They're the idea is that CADDY is an application platform actually for any programs written in Go. Because Kaddy Kaddy actually has two main functions. It starts apps and stops apps. And it takes care of all the config management rid like reloading and changing config and the whole config API.

Like it does that, but at its core, the HTTP server is just an app that it starts and stops. It knows nothing else about the HTTP server, at its core.

So there are apps and third party modules different things. For example, running tasks or processes on a on a schedule or or based on events or whatever. So

You could think of it kinda like a Chrome replacement with that kind of plug in. Okay. Yeah. It's just a very, like, general purpose type thing. I wanted to ask about just Go in general, the programming language. Because, Scott, what was the thing that you're using that's the ES builder? Yeah. ES build. Yeah. Rid ES build is a JavaScript bundler that's built in Go, and we're starting to see this a lot lately where rid Something needs to be very fast.

It gets rebuilt in either Rust or in Go. So, like, why is Go so fast? You kinda rid Talked about it earlier in terms of why it's good because of the the memory stuff. But, like, like, what makes Go so good and and do you enjoy programming in it? Yeah.

After a decade in PHP and c plus plus and Python, I guess, was excited about Go because I was able to learn it in I was able to, like, be productive in it in about a couple of weeks, a week or two.

I mean, my code was not very Go like or or very great after just 2 weeks. But like I was able to, like, write some with some programs in it. And, rid So it's it's a fun language. It's a very simple language in terms of like just yeah. Just getting started with it doesn't have a ton of keywords and and stuff, rid Standard Library is amazing. So it just made doing a lot of tasks that were kind of painful in PHP, especially when I was starting to write like Long running programs and things that needed to do a lot of computation.

If by the end of college, my college experience in through all of grad school, I was writing all my programs in Go. And they were consistently using the same algorithms, like, that we talked about in our classes or whatever. They're consistently I finished them sooner and they ran faster and used less memory and, like, CPU resources than my classmates who did it in, like, Java or it took them forever if they're writing in, like, c.

So so Go yeah. It just kinda made development a breeze. Well, what did your teacher think about You doing it in Go? Some of them didn't know, because you but but other users were like, oh, well, that was interesting. I don't know. They didn't seem to mind.

Oh, that's really cool. Is Go a typed language? It is strongly typed. Yes. Cool.

Rid. I I think I need to check out either Rust or Go. I just keep hearing awesome things about it. And now hearing you talk about how easy it is, and rid. The standard lib is a big one for me because, like, we have the opposite in in JavaScript. They're the worst. Virtually is no standard lib. Rid You have to NPM install literally everything, and then it's just it's so nice when

everything is built in and really clean. Because PHP also has a massive standard lib, but it's it's all over the place. At least when I used it many moons ago, I think maybe it's gotten better since then. I think Go standard lib is Definitely its most compelling one of its most compelling point. Interesting. I gotta check that out, and I wanna spend some time with Go. I I spent some time recently with Russ just for fun, not not like rid Serious, serious, but it made me a lot better TypeScript developer just working in types. So, like because JavaScript is just, you know, yellow most of the time. So For getting into something like that, I I wanna spend some time with Go a little bit here and and see. Because the syntax looks nice. It looks like something that, like, It's probably a little bit more friendly to JavaScript developers than Rust.

Yeah. It's a very comfy syntax. Like, Rust is cool. I think Rust is great, but man, rid. I have submitted syntax. It scares me. Like, it's hard for me to write Rust code. It's scary. Yeah. Yeah. It's scary. Man, I'm just looking at the list of rid Standard lib in go, and there's a SMTP package that's standard

of the JSON built in. That's like the one thing that JavaScript does have. There's an entire image package for creating GIFs and JPEGs,

time zone time zones. Go's time package is awesome. Yeah? Working with Time and Go is less painful than any other language. It's still, like, time is hard, but

yeah. Yeah. Time is hard.

I agree. I actually I've been running my Linux server for a couple years, and I've been noticing over the years that my rid. Time stamps have been get coming off. And then I had to go down the rabbit hole of, like eventually, my time stamps were, like, half an hour off of from when it happened, which can cause major issues Yeah.

Especially when you're doing search stuff. So I figured out what to do. I had to, like, Install this, like or turn on this, like, syncing thing in Linux.

I'm not sure what it was called, but now now it every Every now and then, it syncs with actual clocks, to make sure that it's it's not not out of sync. Yeah. I also like those concurrency model. That's what it's

Well, I think it's a much better paradigm than, promises and callback and stuff,

for the most part. Is it the pipes? Is that what it is? The tubes? Am I thinking of something different?

You're thinking of synchronization, Basically, you can think of concurrency like that.

Spinning up a thread is so easy. Just go function name.

Yeah. Synchronizing is just really great with Go has channels, which work kinda like pipes. And and then Go's streaming interfaces are also really famous.

Their read and write methods, are just a really a breeze to work with. Really, yeah, really good for writing good streaming code. Rid It's a good all around systems language.

Awesome. I'm just looking at examples here on on the Internet.

Maybe next time I have, like, a day or so, I'm gonna build A little a tiny little app in Go. I think it'd be fun to learn some other language.

Let's write a contract generator in Go. We can both write it, and then we can both talk about our experience with it. Rid Oh, that's a good idea. Weston Scott, try a new language. Yeah. I like it.

Beautiful.

Is there anything else about Caddy server or anything in general that we didn't touch upon that you'd like to touch upon before we wrap this up?

I think well, I think we're gonna be able to use it. Less less expired certificates, less problems.

It it does actually scale really well. Like if if you are writing like a service that is Growing and and you need to scale to like tens of thousands of sites.

Other certificate management solutions probably won't cut it very well, rid But Caddy Caddy should be able to do it pretty smoothly. So it has this cool feature that, like, you can actually obtain certificates during a TLS handshake that needs it, is really cool. So you don't even need to, like like, preconfigure it, in that sense. It's just kinda Oh.

You should have an allowed list of of names that you wanted to be able to get certificates for so people can't abuse that. But but yeah. I mean, that's a useful thing. So yeah. I think more people should use it to increase the reliability of security on the web. Yeah. It has a lot of hidden features. Rid I just explore it. I I would encourage exploring its its documentation and and and whatnot.

I have a question. I saw this debate on Twitter the other day. Rid Does every single website ever need to be have it as a self certificate, or is it okay if 1 website I'm not gonna tell you my thoughts on it. I'm curious what you think because you're in in this more. Yeah. Sure.

I'm just painting the target here on the back of my head for the rid The, I don't honestly think that why this controversy holds any water.

Yeah. I think every website, every public It should be on TLS. If you're traversing an untrusted network, you should use encryption.

Yeah. You should use good TLS.

I actually I have a site for this. Does my site need https.com?

And it's just yeah. Is it just yes?

Basically. It does explain why. But, yes, I think every site does. Even if you think it's benign information, Whatever Whatever shows up on the user's computer is executed and rendered, and and that's kind of a rid Kind of a scary idea, if you're not protecting against that, infection.

Like, your if your ISP ready. Decides that you're only on the $30 a month plan, and they start injecting ads into your HTML pages. Like, that's happened before. Rid Yeah. Airlines do it all the time, and that's really annoying, especially as, like, a web developer to have like, I have enough problem with people with Chrome extensions rid. Monkeying with the output of to the DOM and having this, like, third party, which you may or may not know, rid Is goofing with your your output is is such a pain. Right? Not to mention a security issue, even if it's just a pancake recipe, you know, and rid BigPancake is tracking you and and switching out what type of syrup needs to be shown. Like, you think, like, oh, that will never happen, but That's the kind of stuff that would happen if if we weren't able to stop that with with, certs and everything.

Yeah. And there's another, Kind of more maybe I don't know if humanitarian is the right word, but, a more important reason too is that we don't encrypt everything, then we paint targets on, like, what is actually sensitive.

Because if we're only encrypting the sensitive things, we make those become targets and those posts become more of more interest. And so If we're not going to encrypt because, well, my content isn't sensitive or private, it that's kind of Not doing the more vulnerable population a favor, you know.

Also, it's not for you to decide what's private or sensitive. It actually is a matter of rid The client, like, someone visiting your site from regions that are that have more political issues With regards to information freedom, like China or or Iran or North Korea, you know, people visiting your site, if even possible, from those regions. Like, it might not be a problem if someone in the US or more the the free countries of the world visit those sites.

But if if someone in a a vulnerable area visits your site and you don't offer encryption, you're putting that person at risk. You know? And and that's kind of Like, it's not your place to say, oh, it's I don't need to encrypt. I don't I don't need any you know that. Yeah. Yeah. You're right. That's a really good way to put it. I like that. Please encrypt everything.

Yes. Absolutely. Especially because, like, rid. That's what your project does. It just it just makes it so easy. Like, I remember when it first came out, it's like you should, but, like, it's too hard. You know? Like but now, It it's not. It's just it's automatic. It just just works. Mhmm.

And, it's not something you don't really have to sweat anymore. It just I've been amazed. I remember when rid. Chrome said it was gonna, like, start showing sites as insecure. I was like, that's not gonna go over well at all. And I was amazed at how quickly all these sites rid Quickly snapped your attention Yeah. And and rolled out. Cool. Cool. Alright. Well, let's move into Another section of the show where we call it sick picks.

Scott, do you have a sick pick for us today?

Oh, do I have a sick pick? I'm very sure that I do.

So I don't I don't know about US, but our old house is old and has a lot of dust and who knows what in it. We recently got a couple of new air purifiers. I think I mentioned them already once on the show. But we got this new air purifier that is I'm gonna tell you off the jump.

It's expensive. This is not a a cheap air purifier, but This thing is very, very good. It's called an Allen BreatheSmart.

It's very funny because my whole family has been referring to this thing as Allen, rid as, like, a member of our family. So we're like, oh, like, Landon will oh, Landon will be pushing the buttons. I'll be like, Landon, be nice to Alan, please.

So this this air freshener is crazy good. And so, like I said, not cheap. It's, like, $450, and it rid is the best error refresher that we've seen, we've tried, does the right things right, and it's not trying to do too much. Like, there's some fancy ones you'll find on, like, Instagram.

Right? These people aren't spending their their money making Alan better on Instagram ads. Like, rest. We've got a bunch of these out there once. So, I really like this Allen thing. It has been fantastic for us. We've noticed a significant improvement in our air quality rid over the course of time using it. And the best part about this thing besides the fact that it it works really well, Wes, you're gonna appreciate this. It has a night mode for the LEDs on the top of it because we have 1 running in our bedroom all the time. Last thing I want is 1 more bright blue LED in the bedroom. Let me know that it's on. Like, I don't care. We have a fan in our bedroom, and it beeps super loud when you change something on it. And it's got these, like, rid Bright as the sun, LEDs in it. And I'm just like

we have a a waffle maker. And the waffle maker, when it reaches temp, it goes beep ready. And it's it's a commercial waffle maker, so it's loud because it's meant to be using a kitchen. And, our dog hits the deck whenever he hears beeps because rid because he thinks it's gonna be, a fire alarm, and he's so scared of fire alarms. So I had to, like, take this it's called a Pie Piezo buzzer or something like that? Yep.

And, I learned you can just snip them out. And and now I'm like, oh, I gotta go through rid Everything in our house to snip these things out. Yep. So this is Allen. Check it out. It's not 2 l's. It's a l e n. Yeah. Yeah. Yeah. It's not Alan Alan, but we call him Alan, so it's all good.

Matt, did you come prepared with a sick pick? Or Yeah.

I was actually thinking just yesterday how much I love my vacuum.

Oh, nice. Oh. Oh, man. We love vacuums on here. Yeah. Excited to hear this. Oh, do do people talk about vacuums a lot here? Well, I'll just throw my We we actually do. Yes. I'll throw my towel in the ring then is, I love my LG. It's a stick vacuum. Oh, yeah. The stick vacuums. So I grew up on like this really old Kirby and it, like, it was fine. But finally, it got like a new vacuum and amazing. It's this little it has, like, a power tool battery and so you just hold it in your hand and you can, like and it works so well. And in fact, it's hard floors and carpets and furniture and corners and,

mine is like a teen teen echo or teen co or something.

Have you ever used it on your kitchen countertop?

Kitchen countertop?

Yeah. No. I I usually wipe the kitchen countertop onto the floor, and then I vacuum the floor. But you could, I guess. Well, was just, like, literally yesterday chatting with a buddy of mine, and he just got a stick vacuum like this. I was like, I use mine for everything. I even use it to get crumbs off of the kitchen counter, and he was flipping out because he's like, I just did that. I thought that was so weird. I think it's kinda gross. I hope he, like, disinfects it afterward. Oh, of course. Yeah. Yeah. No. No. This is this is a crumb removal process. This is not the final, shine and disinfect it. Yes. Absolutely.

Yeah. Man, I keep talking to Caitlin about these stick vacuums, and she was like, really? Like, is that the only vacuum out there? And I'm like, yes. God says that's his only vacuum. And now you come along and say that this is your only vacuum,

I think it's time for the boss household to My sister's house had a central vac, and I was always so jealous. I'm like, this is amazing. You just plug the hose in and then it just like works and, you know, it turns on and off automatically and it's quiet.

But then I kinda realized why Morehouse don't have central vacs because, like, big vacuums are they're even better because there's nothing, like Yeah. Tethering you down. Yeah.

Take it to the car if you want. Yeah. Then you got a a fancy dust buster. Yep. I grew up with CentralVac,

and You feel like a crab fisherman trying to get the hose.

Like, it's such a huge, heavy hose. And then, like, my mom would, like, rid. Angry vacuum all the time. Like, that's like, I have this, like, anxiety over angry vacuuming, and she would just, like, voo, like, pull the Pull the vacuum to, like, go into the next room, and I'd be like, don't get caught in the bite, you know, like, on the crab fisherman shows where they can, like, get caught in the bite of the rope and go overboard. Like, it's the Same thing with the central fact.

I am going to oh, shoot. What was it? I just had it. Oh, yeah. I'm going to sick pick an app that works with my drone. So long time ago, I got this Tello drone as As part of, like, a YouTube collab I did with IBM. Yeah. Yeah. Yeah. And Scott's salty about it, but I'm I apologize. And I thought this is gonna be bad if I bring this up, but I'm gonna do it anyways. Rid Anyway, so we've had this Telo drone. I've had it on my shelf for a couple years, and and my kids noticed it. And they say, hey. Ready. Can we fly the drone? And I said, absolutely. So we we brought this thing out, and I I downloaded the app again. And I found out they have like a edu app, an education app, and it's for kids.

And it's kind of like the Mozilla rid Scratch, where you snap together these different commands. And it's it's almost like a a learn to program, but fly the drone. Ready. You can give it a lift off command and up 3 over to turn down. And I just, like, gave it to one of my kids and I was like, she's 5. I was like, alright. Like, rid. This is kinda like coding. They have, like, a practice drone because, like, it cut your fingers off if you actually use the real drone. You can hook it up to the real one as well, but rid. This is just like a a simulated one, and you have to, like, fly and and reach and fly through a hoop and all this stuff. And rid. I was just like, this is so cool. This is, like, one of the first times I've like, my kids have been old enough to, like, start peering into what rid Coding is? Mhmm. And I was like, this is this is really cool. So the drone is called Tello. The bat it's not that good. The battery runs out in, like, don't know. 6 minutes of flying it, so it's not as fun as ever, but the education app is is really, really cool.

That's neat. Shamelessly plugs. Matt, do you have anything to plug other than the Caddy or you can just plug Caddy if you'd like?

Yeah. Well, plug that I do accept sponsorships. I work on it full time and I rely on sponsorships.

So, you know, VRSL being the the primary sponsor and I've got rid It'd be great to have some some, you know, additional security there, to keep the project going, especially if you're using it in production. The other thing is Let's Encrypt, safety. So that's a really good thing to support as well. So You should, be aware of that and consider donating to that cause as well. Nice. Yeah. Level Up Tutorials is a sponsor of Caddy,

we appreciate all your hard work, and I strongly encourage anybody to to sponsor because it'll save you a ton of time. Yes. Thank you. And,

I don't remember which sponsors are private and public, so I don't say I don't say too much, on the air, but I'm glad you you do. Thank you very much for that. You can sponsor me on on GitHub at github.com/mholt, m h o l t. Or, you can sponsor Let's Encrypt, and the ISRG through their website.

Beautiful. Cool. Well, thank you so oh, I gotta shamelessly plug my own stuff. Westboss.comforward/courses.

Rid. If you wanna learn JavaScript, CSS, Node, React, GraphQL, all that good stuff, use coupon code syntax for $10 off.

Rid. Yeah. Thank you so much for coming on. This was very enlightening. It's fun to do a show about this type of stuff. Is this it's something that I I'm kinda in, but also as, like, Front end web developers are full stack web devs. We don't touch this stuff all the time, and it's sometimes a little scary. So it's it's nice to be able to talk to someone who knows what they're doing.

Yeah. This was fun. I enjoyed our conversation today. Awesome. Thank you so much.

Head on over to syntax.fm for a read. Full archive of all of our shows. And don't forget to subscribe in your podcast player or drop a review if you like this show.

Rid.