Matt, I really do appreciate the work you and others have put into Caddy - it's a fantastic piece of software which has served me well for the past year and a bit.
Having said that, this change has put me in a position where I have to invest either time or money into a solution for a problem which I didn't have yesterday, and switching to NGINX seems like the path least likely to cause issues in the future.
Having to build my own version of Caddy for every update is a cost I'm not willing to pay. Since I'm being forced to invest in something, it may as well be NGINX, and I suspect I'm not alone in this.
In terms of cash, $1200 a year is a lot to me personally, I'm a student, I have no income, and I'm trying to bootstrap a startup. $1200 could feed me for a year. Even when I had my PhD stipend, $1200 was a months stipend.
I originally chose to use Caddy over NGINX because it made https easy: just download, configure, run. If I have to remove the sponsor code and build it myself, it loses the advantage it had over NGINX because now I've got to spent time creating a build script and updating it whenever Caddy makes changes. With NGINX, sure, I'll have to configure it and letsencrypt, but I'll only ever have to do that once.
What on earth bootstrapped startup needs ~24 Caddy licenses? If you're operating at that scale and not generating revenue, your business won't last long anyway...
I do love the HN community sometimes, that's two people who've told me my startup will fail because I've decided Caddy's commercial licence isn't a sensible option for me, yet neither has actually understood the details of the change.
It's $100/month for 2 instances, you can only pay annually, so $1,200 is the minimum you can pay and it nets you two instances, not 24.
If it was $100 for a year and included 5 license to cover live and dev environments, I'd probably have just bitten the bullet and paid for it. I don't really care for the "basic email support" being offered, I just want to serve web traffic.
I don't think a small nudge to actually pay for the thing that benefits you, or have a small note somewhere that you're not paying for it that someone might--gasp!--see, is as big a deal as the histrionics throughout this thread suggest. You don't have a problem because there's an HTTP header, you have a problem because this makes you feel uncomfortable and you want to hide it, and that strikes me as a very different thing.
You can also pay-the-man. That's an option, too. Personally, if I "really [did] appreciate the work [mholt] and others have put into Caddy," I'd be doing that long before I go switch web server stacks, because wow that's not a lot of money if I'm doing anything where I actually care about a HTTP header, but I prioritize not freeloading where I can so that's probably "just a worldview thing".
> I don't think a small nudge to actually pay for the thing that benefits you, or have a small note somewhere that you're not paying for it that someone might--gasp!--see, is as big a deal as the histrionics throughout this thread suggest. You don't have a problem because there's an HTTP header,
The problem with the HTTP header is that it reveals details about which www server you're running to the user, who may be a potential attacker. This makes it easier for a potential attacker to select tools with which to attack you. Apache and Nginx (and most likely other web servers) offer config settings which disable emitting information about the software and version in use. There are other ways to guess the software/version but it becomes harder.
This is an actual security problem, not some issue of feelings.
Or perhaps I'm a student with no income trying to write a thesis at the same time as bootstrap a startup, and can't afford to spend $100/month on a reverse proxy? The new EULA states I'm not allowed to use the personal build, so I have little choice in that matter.
Your "worldview" doesn't seem to extend past the end of your own nose.
The startup has extremely limited resources, it's a bootstrap, as I explained. The licence prohibits us from using the personal licence, and there is a time cost involved in building and maintaining our own version. $1200 a year is not good value for us when NGINX will do the job for free.
I never claimed that no one should pay for anything, and I wish the people working on Caddy the best of luck. I think it's a fantastic piece of software and, as I have said several times, I am very grateful for the effort that has been put into making the project what it is.
However the change means that I have to act or be left with an out-of-date internet facing server. If you cannot see why I am annoyed at being given no choice but to spend time or money on solution because Caddy has introduced a new commercial licence, then I will not convince you of anything.
Having said that, this change has put me in a position where I have to invest either time or money into a solution for a problem which I didn't have yesterday, and switching to NGINX seems like the path least likely to cause issues in the future.
Having to build my own version of Caddy for every update is a cost I'm not willing to pay. Since I'm being forced to invest in something, it may as well be NGINX, and I suspect I'm not alone in this.