Joined November 2015
- Tweets 5,859
- Following 102
- Followers 10,115
- Likes 7,275
264 Photos and videos
Pinned Tweet
Caddy v2.11.4 is now available, featuring some security patches and a few other enhancements. Thanks to all who contributed! github.com/caddyserver/caddy…
2
8
36
4,721
Caddy Web Server retweeted
Jun 9
It's so darn simple to set up, and it handles setting up Let's Encrypt certs and renewal automatically for HTTPS.
In the most simple example, this is all you need for the config to start serving HTTPS over the wire from an app process.
2
4
19
1,339
Caddy Web Server retweeted
Jun 9
I really dislike Nginx, I prefer using @caddyserver , I used it to create my own personal local proxy cli that sets up a Caddy server with .local domains to use for projects since I don't have Herd doing that for me anymore.
github.com/Maxiviper117/dev-…
1
1
9
1,141
Caddy Web Server retweeted
📚I turned a real app server migration into a Caddy @caddyserver article series.
Part 1 is about why I reorganized my public self-hosted app server: cleaner configs, reusable snippets, static releases, metrics, logs, Coraza WAF, and operational habits.
Series: Caddy Public Front Door
medium.com/@qf3l3k/why-i-reo…
#Caddy #SelfHosting #Homelab #DevOps
2
2
479
Caddy Web Server retweeted
I've been really enjoying using @caddyserver and Cove from @austinginder to run a local WordPress environment.
I put together a Cove menubar so I can easily start/stop and see at a glance what's running.
github.com/RobbyMcCullough/c…
4
1
8
992
We encourage thoughtful and genuine contributions to our project!
Jun 7
"This is my first security report ever, I honestly apologize for any mistakes."
And after reading it, I believe it, and will have near infinite patience and mentorship for this person. More of this, please!
4
1,052
Caddy Web Server retweeted
Jun 4
🐘 FrankenPHP 1.12.4 is out: a security hardening release.
Highlights:
- Underscore header spoofing blocked at the server layer. The bundled @caddyserver 2.11.4 now ignores header names containing underscores, closing a class of $_SERVER spoofing.
- Bundled @MercureRealTime 0.24.2 security fixes: SSE field injection (CWE-93), reserved-topic forgery, Last-Event-ID disclosure, DoS amplification caps.
- Worker-mode crash and data-race fixes: ext-parallel, metrics, save/close handler.
Every user should upgrade.
github.com/php/frankenphp/re…
10
33
1,729
Good news about the "HTTP/2 Bomb" attack discovered recently
Jun 4
We observed others testing it against our caddy instances and it never seemed to work 🤷♂️
- R
2
13
2,580
To our knowledge, this attack has not been successfully demonstrated on Caddy. And it is likely most/all Go servers are safe from it.
Introducing HTTP/2 Bomb: a remote DoS in nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. A single client pins 32GB of server memory in 10s. Found by Codex.
Blog post: blog.calif.io/p/codex-discov…
PoCs: github.com/califio/publicati…
2
6
34
4,526
Caddy Web Server retweeted
Jun 3
"We have had to reject more than 75% of security reports because they were AI slop spam (or just lazy/incorrect)."
Caddy v2.11.4 is now available, featuring some security patches and a few other enhancements. Thanks to all who contributed! github.com/caddyserver/caddy…
1
1
8
966
Caddy Web Server retweeted
Jun 3
The backstory: at @OhDearApp we're adding the option for customers to bring their own certificate for their status page domain. Caddy fetches those from our backend with its get_certificate HTTP getter. 💡
1
1
5
1,203
Caddy Web Server retweeted
Jun 3
I open-sourced a tiny @caddyserver module: it caches the TLS certificates Caddy fetches over HTTP, so they're served from memory instead of re-fetched on every single handshake. 🔥
github.com/ohdearapp/caddy-g…
2
7
52
5,519
Caddy Web Server retweeted
May 27
4
9
1,674
Caddy Web Server retweeted
May 22
It's simple
75
728
14,651
618,033
May 23
Sorry if we replied late to your email asking to do business😕
May 22
I just found that Gmail has been flagging multiple sponsorship requests for months and putting them directly in my spam box 😱😰💀
6
1,743
May 23
A useful tool for all you TLS/SSH nerds out there
1
8
3,024
