HA Proxy already exists and will do both. You can even redirect Layer 4 HTTP/HTTPS Ports to another reverse proxy server if you want to get inception levels of crazy.

Sure, but c'mon, HAProxy is the 800lb gorilla in this case when you just need something simple.

FWIW, it doesn't handle your use case of Layer 4, but for the people at Layer 7, another option is good ol' Apache: it is so flexible and extensible it is almost a problem, people tend to not know it long ago went event-oriented with mpm_event, and it supports ACME internally (as a module, but a first-party module that is seamlessly integrated). (I do appreciate, though, that it is critically NOT written in a memory safe language, lol, but neither is nginx.)

Layer 4 and 7? HAProxy will do that no problem.

> Competition is good for everyone!

Definitely!

But see how in your project the very first paragraph explains why it exists, and what it does differently. This is what I think is missing from Dito. It doesn't have to be super in depth.

I do disagree with your argument against Caddy, though. How often do you realistically rebuild your services? If it's anytime you would upgrade, then it seems manageable. xcaddy makes this trivial, anyway. Though you don't really need to use it. There's a convenient pro-tip[1] about doing this with a static main.go file instead.

Good luck with your project!

[1]: https://github.com/caddyserver/xcaddy#warning-pro-tip

Boulevard has to be compiled at some point. Wouldn’t it extremely simple to setup a GitHub Action to build Caddy in the way you desire?

Yes, it can be compiled and packaged so that I can one day install it as any other package, in my case on FreeBSD.

And of course it's not just about avoid recompilation, there are a lot of features I want to add.

> - Caddy plugins mean I have to download xcaddy and rebuild the server. I really do not want to rebuild services on my servers just because I need a simple layer 4 reverse proxy (e.g. so that I can terminate TLS connections in front of my IRC server).

I mean, you don't havse to "rebuild services" -- if you need the plugin, just deploy the binary with the plugin. It's not like it changes (other than upgrades, which you'd do regardless of the plugin).

If the plugin is downloadable from caddy's site, it can also be updated in place along with the caddy binary. (There's an option to keep the same plugins)

> Caddy plugins mean I have to download xcaddy and rebuild the server. I really do not want to rebuild services on my servers just because I need a simple layer 4 reverse proxy

That's why containers exist.

You would be surprised by how many infrastructures have software running without any container :) I'm running FreeBSD on my servers so containers are out, but even if I was Linux, why would I use containers for base services?

> why would I use containers for base services?

This is a supported feature of podman which can generate systemd units to make system services.

But, as for advantages (system has some of them too), sandboxing, resource constraints, ease of distribution, not being broken by system updates (glibc update on RHEL broke some Go binaries iirc).

My rule of thumb is that only system software (e.g. DE, firewall, drivers, etc) belong on the base system, everything else is going in a container. This is very easy to do now on modern Linux distros.

DE?

Presumably “desktop environment” e.g. KDE plasma or Gnome. You don’t really want to be containerising those.

Yeh. I know people have run DE/Compositors in containers, but it doesn't really have any benefits outside of testing.

I think they meant use a container to build caddy with xcaddy.

It is essentially a one liner to cross compile caddy for all your use cases as long as you have access to a container runtime to build it.

You can use kamal-proxy, recently released. It handles SSL and zero downtime deployments. It’s small and from what I checked the code is easy to read and understand.

Which Caddy plugins are you using?