Replacing HAProxy With Caddy v2
In this post, we will go over why we replaced a stable piece of technology like HAProxy with a new kid on the block, Caddy.
Prior to v0.6.2, HAProxy was responsible for the following things.
- Reverse proxying to CourseLit’s back-end and front-end apps.
- Gzipping the outgoing traffic
- HTTPS and SSL termination
The very thing that sold us on Caddy is the automatic HTTPS. As per their own website:
What this means is, we don’t have to manage our own SSL certificates. Caddy will do it on its own.
In case of HAProxy, we had to manually obtain the free SSL certificate from Let’s Encrypt, hereafter called LE, by running Certbot and mount those on a Docker volume so that the container running HAProxy can use it. We had programmed these task in the CourseLit installation script itself so that our users do not have to do those things.
But there were two problems even after automating the tasks of obtaining SSL certificates from LE.
- LE certificates expire after 90 days and you have to renew it.
- LE does not provided certificates for development environments.
Due to #1, CourseLit users are required to run the installation script again with the same settings they provided when they first set up the app. That would renew the certificate. Automatic renewal of SSL certificate via Certbot never worked for us. On top of that, in order to obtain the certificate from LE the Certbot needs to communicate to its server over port 80 but the port is used by CourseLit as well to we had to shutdown the app in order to renew the certificate. This was too much for our non-technical users. We want the installation and maintenance processes to be as smooth and polished as possible.
Due to #2, we had to manage two HAProxy configurations i.e. Dev and Production. In the dev configuration, the HAProxy server was started without any HTTPS configuration. Maintaining two configurations put additional load on the development as we had to support two configurations. We were managing our own custom HAProxy based Docker image due to this.
By employing Caddy, we were able to get rid of our custom HAProxy based container as Caddy can provide SSL certificates for developer environments as well. Also our users no longer have to worry about renewing certificates (hopefully) manually. So that is a sigh of relief for everyone.
We hope you’ll like this release. Happy tutoring.