{"id":16366849,"url":"https://github.com/centminmod/centminmod-caddy-v2","last_synced_at":"2026-02-17T10:30:19.013Z","repository":{"id":80279545,"uuid":"262440923","full_name":"centminmod/centminmod-caddy-v2","owner":"centminmod","description":null,"archived":false,"fork":false,"pushed_at":"2020-05-11T15:04:40.000Z","size":329,"stargazers_count":42,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-12-31T01:42:04.178Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/centminmod.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-08T22:25:08.000Z","updated_at":"2024-11-27T19:14:36.000Z","dependencies_parsed_at":null,"dependency_job_id":"aca0daad-4834-434f-974a-94dc1d9df878","html_url":"https://github.com/centminmod/centminmod-caddy-v2","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/centminmod%2Fcentminmod-caddy-v2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/centminmod%2Fcentminmod-caddy-v2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/centminmod%2Fcentminmod-caddy-v2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/centminmod%2Fcentminmod-caddy-v2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/centminmod","download_url":"https://codeload.github.com/centminmod/centminmod-caddy-v2/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239828594,"owners_count":19703902,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-11T02:47:44.876Z","updated_at":"2026-02-17T10:30:18.975Z","avatar_url":"https://github.com/centminmod.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Caddy v2 Install On Centmin Mod LEMP Stack\n\nBelow outlined steps are for private Caddy v2 server testing on Centmin Mod LEMP stack for evaluation of Caddy server as a candidate for integration into Centmin Mod LEMP stack builds based on Caddy v2 server's performance and scalability. Centmin Mod LEMP stack uses Nginx mainline branch custom built binaries by default with long term plans to integrate other web servers including Litespeed/OpenLitespeed and Apache.\n\nThis guide is unsupported and subject to revisions over time and currently based on my first few hours of using newly released Caddy v2 server.\n\nPrevious Caddy benchmarks\n\n* https://community.centminmod.com/threads/caddy-http-2-server-benchmarks.5170/\n* https://community.centminmod.com/threads/caddy-http-2-server-benchmarks-part-2.12873/\n* https://community.centminmod.com/threads/caddy-0-11-5-tls-1-3-http-2-https-benchmarks-part-1.16779/\n\n## Installation requirements and configuration\n\n### 1. Setup /etc/hosts local DNS override for test dummy domain names \n\nFor `ngx.domain.com` and `caddy.domain.com`\n\nChange `192.168.0.18` to your server's IP address\n\n```\n# /etc/hosts\n192.168.0.18 ngx.domain.com\n192.168.0.18 caddy.domain.com\n```\n\n### 2. Install Centmin Mod 123.09beta01 LEMP stack on CentOS 7 64bit server \n\nWith default PHP 7.3 (php-fpm) and MariaDB 10.3 MySQL server\n\nAs per [official install page instructions](https://centminmod.com/install.html) or you can try advanced install guide at [https://servermanager.guide/117/centmin-mod-advanced-customised-installation-guide/](https://servermanager.guide/117/centmin-mod-advanced-customised-installation-guide/).\n\n```\nyum -y update; curl -O https://centminmod.com/betainstaller73.sh \u0026\u0026 chmod 0700 betainstaller73.sh \u0026\u0026 bash betainstaller73.sh\n```\n\n### 3. Create Nginx non-HTTPS (port 80) \u0026 HTTPS (port 443) vhost sites\n\nCentmin Mod Nginx can create Nginx vhost sites via `centmin.sh` shell based menu or via `nv` command line. For this guide, I will use `nv` command line:\n\n```\nnv\n\nUsage: /usr/bin/nv [-d yourdomain.com] [-s y|n|yd|le|led|lelive|lelived]\n\n  -d  yourdomain.com or subdomain.yourdomain.com\n  -s  ssl self-signed create = y or n or https only vhost = yd\n  -s  le - letsencrypt test cert or led test cert with https default\n  -s  lelive - letsencrypt live cert or lelived live cert with https default\n\n  example:\n\n  /usr/bin/nv -d yourdomain.com -s y\n  /usr/bin/nv -d yourdomain.com -s n\n  /usr/bin/nv -d yourdomain.com -s yd\n  /usr/bin/nv -d yourdomain.com -s le\n  /usr/bin/nv -d yourdomain.com -s led\n  /usr/bin/nv -d yourdomain.com -s lelive\n  /usr/bin/nv -d yourdomain.com -s lelived\n```\n\nFor self-signed ECDSA 256bit SSL certificate instead of default self-signed RSA 2048bit SSL certificates, add `SELFSIGNEDSSL_ECDSA='y'` to Centmin Mod persistent config file at /etc/centminmod/custom_config.inc which can override Centmin Mod defaults globally. This command will create both non-HTTPS (port 80) \u0026 HTTPS (port 443) vhost sites for Nginx with pwgen randomly generated pure-ftpd virtual FTPS username/password.\n\n```\necho \"SELFSIGNEDSSL_ECDSA='y'\" \u003e\u003e /etc/centminmod/custom_config.inc\nnv -d ngx.domain.com -s y -u $(pwgen -1cnys 31)\n```\n\nIf using real domains that have DNS resolving to server IP and want live Letsencrypt SSL certificates with both non-HTTPS + HTTPS, then use `-s lelive`:\n\n```\necho \"LETSENCRYPT_DETECT='y'\" \u003e\u003e /etc/centminmod/custom_config.inc\necho \"DUALCERTS='y'\" \u003e\u003e /etc/centminmod/custom_config.inc\nnv -d ngx.domain.com -s lelive -u $(pwgen -1cnys 31)\n```\n\nIf using real domains that have DNS resolving to server IP and want live Letsencrypt SSL certificates with HTTPS default only, then use `-s lelived`:\n\n```\necho \"LETSENCRYPT_DETECT='y'\" \u003e\u003e /etc/centminmod/custom_config.inc\necho \"DUALCERTS='y'\" \u003e\u003e /etc/centminmod/custom_config.inc\nnv -d ngx.domain.com -s lelived -u $(pwgen -1cnys 31)\n```\n\n* The first variable `LETSENCRYPT_DETECT='y'` enables regular RSA 2048bit SSL certificates via Letsencrypt.\n* While second variable `DUALCERTS='y'` enables dual RSA 2048bit + ECDSA 256bit SSL certificate mode with a second Letsencrypt SSL certificated being obtained that is ECDSA 256bit based. Dual SSL certificates allow Centmin Mod Nginx to serve better performance based ECDSA 256bit SSL certificates to web browser and clients that support such certificates while falling back to traditional standard RSA 2048bit SSL certificates for older web browser and clients that do not support ECDSA 256bit. \n\n### 4. Install Caddy v2 via COPR EPEL 7 YUM repository\n\nInstall Caddy v2 via COPR EPEL 7 YUM repo ensuring to disable EPEL repo to prevent installing EPEL's Caddy v1.x version.\n\n```\nyum-config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/caddy/caddy/repo/epel-7/group_caddy-caddy-epel-7.repo\nyum -y install caddy --disablerepo=epel\ncaddy trust\nsed -i 's|^:80|http://caddy.domain.com:81\\n\\nheader x-powered-by \"caddy centminmod\"\\nencode gzip\\n|' /etc/caddy/Caddyfile\nmkdir -p /var/log/caddy\nchown caddy:caddy /var/log/caddy\nservice caddy start\nservice caddy status\nchkconfig caddy on\n```\n\nCopy Caddy default index.html to caddy-index.html file for both Caddy default public web root and Nginx site's default public web root and setup some command shortcuts for Caddy service commands like Centmin Mod Nginx's service commands have.\n\n```\ncp -a /usr/share/caddy/index.html /usr/share/caddy/caddy-index.html\ncp -a /usr/share/caddy/index.html /home/nginx/domains/ngx.domain.com/public/caddy-index.html\necho \"service caddy stop\" \u003e/usr/bin/caddystop ; chmod 700 /usr/bin/caddystop\necho \"service caddy start\" \u003e/usr/bin/caddystart ; chmod 700 /usr/bin/caddystart\necho \"service caddy status\" \u003e/usr/bin/caddystatus ; chmod 700 /usr/bin/caddystatus\necho \"service caddy restart\" \u003e/usr/bin/caddyrestart ; chmod 700 /usr/bin/caddyrestart\necho \"service caddy reload\" \u003e/usr/bin/caddyreload ; chmod 700 /usr/bin/caddyreload\n```\n\nCheck Caddy logging and config\n\n```\njournalctl -u caddy --no-pager\ncurl -s localhost:2019/config/ | jq\n```\n\n### 5. Configure Caddy v2 Caddyfile non-HTTPS (port 81) \u0026 HTTPS (port 4444) local internal self-signed SSL certificates \n\nBackup default Caddyfile\n\n```\ncp -a /etc/caddy/Caddyfile /etc/caddy/Caddyfile-backup\n```\n\nOverwrite /etc/caddy/Caddyfile with below config using default Caddy public web root `/usr/share/caddy` just for testing purposes right now and configure non-HTTPS (port 81) \u0026 HTTPS (port 4444) local internal self-signed SSL certificates. For proper comparison with Nginx, try to keep equivalent response headers for both Caddy and Nginx as Caddy previously in 0.1x and 1.x releases have been known to have a performance drop as you add more HTTP headers to Caddy's responses.\n\n```\n{\n    http_port   81\n    https_port  4444\n    #experimental_http3\n}\n\nhttp://caddy.domain.com:81 {\n\n    header x-powered-by \"caddy centminmod\"\n    header X-Content-Type-Options nosniff\n    header X-XSS-Protection \"1; mode=block\"\n    encode gzip\n    \n    # Set this path to your site's directory.\n    root * /usr/share/caddy\n    \n    # Enable the static file server.\n    file_server\n    \n    # Or serve a PHP site through php-fpm:\n    # php_fastcgi localhost:9000\n    log {\n        output file /var/log/caddy/access_http.log {\n            roll_size 100mb\n            roll_keep 10\n            roll_keep_for 720h\n        }\n        format single_field common_log\n        level INFO\n    }\n}\n\nhttps://caddy.domain.com:4444 {\n\n    tls internal\n    header x-powered-by \"caddy centminmod\"\n    header X-Content-Type-Options nosniff\n    header X-XSS-Protection \"1; mode=block\"\n    encode gzip\n    \n    # Set this path to your site's directory.\n    root * /usr/share/caddy\n    \n    # Enable the static file server.\n    file_server\n    \n    # Or serve a PHP site through php-fpm:\n    # php_fastcgi localhost:9000\n    log {\n        output file /var/log/caddy/access_https.log {\n            roll_size 100mb\n            roll_keep 10\n            roll_keep_for 720h\n        }\n        format single_field common_log\n        level INFO\n    }\n}\n```\n\nRestart Caddy server using previously created command line shortcuts\n\n```\ncaddyrestart\ncaddystatus\n```\n\n### 6. CSF Firewall Configuration\n\nCentmin Mod LEMP stack installs [CSF Firewall](https://centminmod.com/csf_firewall.html) as a wrapper to iptables so you need to configure the TCP/UDP ports for custom ports.\n\nFor TCP/UDP ports 80,443,81,4444 for IPv4 and IPv6 whitelisting. TCP inbound whitelisting already has port 80, 81, 443 added. UDP ports are if you want to test HTTP/3 over QUIC.\n\n```\negrep '^TCP_|^TCP6_|^UDP_|^UDP6_' /etc/csf/csf.conf\nsed -i \"s/TCP_IN = \\\"/TCP_IN = \\\"4444,/g\" /etc/csf/csf.conf\nsed -i \"s/TCP6_IN = \\\"/TCP6_IN = \\\"4444,/g\" /etc/csf/csf.conf\nsed -i \"s/TCP_OUT = \\\"/TCP_OUT = \\\"4444,/g\" /etc/csf/csf.conf\nsed -i \"s/TCP6_OUT = \\\"/TCP6_OUT = \\\"4444,/g\" /etc/csf/csf.conf\nsed -i \"s/UDP_IN = \\\"/UDP_IN = \\\"80,443,81,4444,/g\" /etc/csf/csf.conf\nsed -i \"s/UDP6_IN = \\\"/UDP6_IN = \\\"80,443,81,4444,/g\" /etc/csf/csf.conf\nsed -i \"s/UDP_OUT = \\\"/UDP_OUT = \\\"80,443,81,4444,/g\" /etc/csf/csf.conf\nsed -i \"s/UDP6_OUT = \\\"/UDP6_OUT = \\\"80,443,81,4444,/g\" /etc/csf/csf.conf\negrep '^TCP_|^TCP6_|^UDP_|^UDP6_' /etc/csf/csf.conf\ncsf -ra\n```\n\n### 7. Verify Nginx \u0026 Caddy sites are working\n\nCheck Caddy and Nginx versions\n\n```\ncaddy version\nnginx -V\n```\n\n```\ncaddy version\nv2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8=\n```\n\n```\nnginx -V\nnginx version: nginx/1.17.10 (060520-051553-centos7-virtualbox-kvm-54698e1)\nbuilt by gcc 8.3.1 20190311 (Red Hat 8.3.1-3) (GCC) \nbuilt with OpenSSL 1.1.1g  21 Apr 2020\nTLS SNI support enabled\n```\n\u003e configure arguments: --with-ld-opt='-Wl,-E -L/usr/local/zlib-cf/lib -L/usr/local/lib -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/zlib-cf/lib:/usr/local/lib -flto=2 -fuse-ld=gold' --with-cc-opt='-I/usr/local/zlib-cf/include -I/usr/local/include -m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -flto=2 -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -fcode-hoisting -Wno-cast-function-type -Wno-format-extra-args -Wp,-D_FORTIFY_SOURCE=2' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --build=060520-051553-centos7-virtualbox-kvm-54698e1 --with-compat --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.2 --add-module=../ngx_cache_purge-2.5 --add-dynamic-module=../ngx_devel_kit-0.3.0 --add-dynamic-module=../set-misc-nginx-module-0.32 --add-dynamic-module=../echo-nginx-module-0.61 --add-module=../redis2-nginx-module-0.15 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.18 --add-module=../srcache-nginx-module-0.32rc1 --add-dynamic-module=../headers-more-nginx-module-0.33 --with-pcre-jit --with-zlib=../zlib-cloudflare-1.3.0 --with-http_ssl_module --with-http_v2_module --with-openssl=../openssl-1.1.1g --with-openssl-opt='enable-ec_nistp_64_gcc_128 enable-tls1_3 -fuse-ld=gold'\n\nFor Caddy HTTPS on port 4444 at `https://caddy.domain.com:4444/caddy-index.html`\n\n```\ncurl -skD - -H \"Accept-Encoding: gzip\" https://caddy.domain.com:4444/caddy-index.html -o /dev/null\n```\n\nFor Nginx HTTPS on port 443 at `https://ngx.domain.com/caddy-index.html`\n\n```\ncurl -skD - -H \"Accept-Encoding: gzip\" https://ngx.domain.com/caddy-index.html -o /dev/null\n```\n\nFor Caddy HTTPS on port 81 at `http://caddy.domain.com:81/caddy-index.html`\n\n```\ncurl -skD - -H \"Accept-Encoding: gzip\" http://caddy.domain.com:81/caddy-index.html -o /dev/null\n```\n\nFor Nginx HTTPS on port 80 at `http://ngx.domain.com/caddy-index.html`\n\n```\ncurl -skD - -H \"Accept-Encoding: gzip\" http://ngx.domain.com/caddy-index.html -o /dev/null\n```\n\nExample output\n\nFor Caddy HTTPS on port 4444 at `https://caddy.domain.com:4444/caddy-index.html`\n\n```\ncurl -skD - -H \"Accept-Encoding: gzip\" https://caddy.domain.com:4444/caddy-index.html -o /dev/null\nHTTP/1.1 200 OK\nContent-Encoding: gzip\nContent-Type: text/html; charset=utf-8\nEtag: \"q9xapl9fm\"\nLast-Modified: Wed, 06 May 2020 18:44:09 GMT\nServer: Caddy\nVary: Accept-Encoding\nX-Content-Type-Options: nosniff\nX-Powered-By: caddy centminmod\nX-Xss-Protection: 1; mode=block\nDate: Fri, 08 May 2020 19:09:02 GMT\nTransfer-Encoding: chunked\n```\n\nFor Nginx HTTPS on port 443 at `https://ngx.domain.com/caddy-index.html`\n\n```\ncurl -skD - -H \"Accept-Encoding: gzip\" https://ngx.domain.com/caddy-index.html -o /dev/null                                              \nHTTP/1.1 200 OK\nDate: Fri, 08 May 2020 19:10:16 GMT\nContent-Type: text/html; charset=utf-8\nLast-Modified: Wed, 06 May 2020 18:44:09 GMT\nTransfer-Encoding: chunked\nConnection: keep-alive\nVary: Accept-Encoding\nETag: W/\"5eb30579-2fc2\"\nServer: nginx centminmod\nX-Powered-By: centminmod\nX-Xss-Protection: 1; mode=block\nX-Content-Type-Options: nosniff\nContent-Encoding: gzip\n```\n\n## Caddy vs Centmin Mod Nginx HTTP/2 HTTPS Benchmarks\n\n**Test Parameters**\n\nUsing [h2load tester](https://nghttp2.org/documentation/h2load-howto.html)\n\n* h2load HTTP/2 HTTPS load tests at 150, 500 and 1,000 user concurrency at different number of requests and max concurrent stream parameters\n* h2load HTTP/3 HTTPS load tests at 150, 500 and 1,000 user concurrency at different number of requests and max concurrent stream parameters\n\nCentmin Mod LEMP stack already installs nghttp2 so has access to h2load HTTP/2 load testing tool.\n\nOn Virtualbox CentOS 7.8 guest OS on Windows 10 Pro laptop\n\n```\nlscpu\nArchitecture:          x86_64\nCPU op-mode(s):        32-bit, 64-bit\nByte Order:            Little Endian\nCPU(s):                2\nOn-line CPU(s) list:   0,1\nThread(s) per core:    1\nCore(s) per socket:    2\nSocket(s):             1\nNUMA node(s):          1\nVendor ID:             GenuineIntel\nCPU family:            6\nModel:                 142\nModel name:            Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz\nStepping:              9\nCPU MHz:               2904.000\nBogoMIPS:              5808.00\nHypervisor vendor:     KVM\nVirtualization type:   full\nL1d cache:             32K\nL1i cache:             32K\nL2 cache:              256K\nL3 cache:              4096K\nNUMA node0 CPU(s):     0,1\nFlags:                 fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc eagerfpu pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single fsgsbase avx2 invpcid rdseed clflushopt md_clear flush_l1d\n\nfree -mlt\n              total        used        free      shared  buff/cache   available\nMem:           1837         434        1007          22         396        1184\nLow:           1837         830        1007\nHigh:             0           0           0\nSwap:          2047           0        2047\nTotal:         3885         434        3055\n```\n\nh2load HTTP/2 HTTPS test for Caddy HTTPS on port 4444 at `https://caddy.domain.com:4444/caddy-index.html`\n\n\n##### HTTP/2 HTTPS Benchmarks\n\n| server | h2load HTTP/2 | requests/s | ttfb min | ttfb avg | ttfb max | cipher | protocol | successful req | failed req |\n| ---| --- |--- |--- |--- |--- |--- |--- |---|---|\n| caddy v2 | t1 c150 n1000 m50  | 959.57 | 213.30ms | 696.74ms | 1.03s | ECDHE-ECDSA-AES256-GCM-SHA384  | h2 TLSv1.2 | 100% | 0% |\n| caddy v2 | t1 c500 n2000 m100  | 990.03 | 711.60ms | 1.36s | 1.98s | ECDHE-ECDSA-AES256-GCM-SHA384  | h2 TLSv1.2 | 100% | 0% |\n| caddy v2 | t1 c1000 n10000 m100  | 1049.00 | 965.65ms | 3.34s | 6.53s | ECDHE-ECDSA-AES256-GCM-SHA384  | h2 TLSv1.2 | 68.89% | 31.11% |\n| nginx 1.17.10 | t1 c150 n1000 m50  | 2224.74 | 158.04ms | 300.22ms | 440.22ms | ECDHE-ECDSA-AES128-GCM-SHA256  | h2 TLSv1.2 | 100% | 0% |\n| nginx 1.17.10 | t1 c500 n2000 m100  | 1600.52 | 583.80ms | 861.70ms | 1.23s | ECDHE-ECDSA-AES128-GCM-SHA256  | h2 TLSv1.2 | 100% | 0% |\n| nginx 1.17.10 | t1 c1000 n10000 m100  | 1912.05 | 949.61ms | 2.98s | 5.16s | ECDHE-ECDSA-AES128-GCM-SHA256  | h2 TLSv1.2 | 100% | 0% |\n\nCaddy at 150 user concurrency\n\n```\nh2load -t1 -c150 -n1000 -m50 -H \"Accept-Encoding:gzip\" https://caddy.domain.com:4444/caddy-index.html\nstarting benchmark...\nspawning thread #0: 150 total client(s). 1000 total requests\nTLS Protocol: TLSv1.2\nCipher: ECDHE-ECDSA-AES256-GCM-SHA384\nServer Temp Key: ECDH P-256 256 bits\nApplication protocol: h2\nprogress: 10% done\nprogress: 20% done\nprogress: 30% done\nprogress: 40% done\nprogress: 50% done\nprogress: 60% done\nprogress: 70% done\nprogress: 80% done\nprogress: 90% done\nprogress: 100% done\n\nfinished in 1.04s, 959.57 req/s, 4.86MB/s\nrequests: 1000 total, 1000 started, 1000 done, 1000 succeeded, 0 failed, 0 errored, 0 timeout\nstatus codes: 1000 2xx, 0 3xx, 0 4xx, 0 5xx\ntraffic: 5.07MB (5311507) total, 35.41KB (36257) headers (space savings 86.67%), 5.00MB (5240000) data\n                     min         max         mean         sd        +/- sd\ntime for request:   128.60ms    929.16ms    588.95ms    196.65ms    60.80%\ntime for connect:    84.69ms    580.50ms    282.73ms    125.63ms    78.67%\ntime to 1st byte:   213.30ms       1.03s    696.74ms    217.35ms    52.67%\nreq/s           :       5.83       32.80        8.22        4.19    92.67%\n```\n\nCaddy at 500 user concurrency\n\n```\nh2load -t1 -c500 -n2000 -m100 -H \"Accept-Encoding:gzip\" https://caddy.domain.com:4444/caddy-index.html\nstarting benchmark...\nspawning thread #0: 500 total client(s). 2000 total requests\nTLS Protocol: TLSv1.2\nCipher: ECDHE-ECDSA-AES256-GCM-SHA384\nServer Temp Key: ECDH P-256 256 bits\nApplication protocol: h2\nprogress: 10% done\nprogress: 20% done\nprogress: 30% done\nprogress: 40% done\nprogress: 50% done\nprogress: 60% done\nprogress: 70% done\nprogress: 80% done\nprogress: 90% done\nprogress: 100% done\n\nfinished in 2.02s, 990.03 req/s, 5.04MB/s\nrequests: 2000 total, 2000 started, 2000 done, 2000 succeeded, 0 failed, 0 errored, 0 timeout\nstatus codes: 2000 2xx, 0 3xx, 0 4xx, 0 5xx\ntraffic: 10.17MB (10667322) total, 103.34KB (105822) headers (space savings 80.55%), 9.99MB (10480000) data\n                     min         max         mean         sd        +/- sd\ntime for request:   135.58ms       1.38s    718.29ms    366.74ms    53.25%\ntime for connect:   538.04ms    778.90ms    666.76ms     62.41ms    61.00%\ntime to 1st byte:   711.60ms       1.98s       1.36s    395.53ms    55.20%\nreq/s           :       2.00        5.61        3.15        1.01    64.60%\n```\n\nCaddy at 1000 user concurrency with 10k requests where only 68.89% of requests succeeded and 31.11% of requests failed which artificially inflate requests/second throughput numbers\n\n```\nh2load -t1 -c1000 -n10000 -m100 -H \"Accept-Encoding:gzip\" https://caddy.domain.com:4444/caddy-index.html \nstarting benchmark...\nspawning thread #0: 1000 total client(s). 10000 total requests\nTLS Protocol: TLSv1.2\nCipher: ECDHE-ECDSA-AES256-GCM-SHA384\nServer Temp Key: ECDH P-256 256 bits\nApplication protocol: h2\nprogress: 10% done\nprogress: 20% done\nprogress: 30% done\nprogress: 40% done\nprogress: 50% done\nprogress: 60% done\n\nfinished in 6.57s, 1049.00 req/s, 5.30MB/s\nrequests: 10000 total, 10000 started, 6889 done, 6889 succeeded, 3111 failed, 3111 errored, 0 timeout\nstatus codes: 6945 2xx, 0 3xx, 0 4xx, 0 5xx\ntraffic: 34.84MB (36530787) total, 189.12KB (193656) headers (space savings 89.75%), 34.43MB (36098360) data\n                     min         max         mean         sd        +/- sd\ntime for request:   224.18ms       5.31s       2.17s       1.41s    51.46%\ntime for connect:   480.14ms       2.38s       1.15s    536.69ms    69.60%\ntime to 1st byte:   965.65ms       6.53s       3.34s       1.85s    52.83%\nreq/s           :       0.00       10.35        2.89        2.99    82.60%\n```\n\nh2load HTTP/2 HTTPS test for Nginx HTTPS on port 443 at `https://ngx.domain.com/caddy-index.html`\n\nNginx at 150 user concurrency\n\n```\nh2load -t1 -c150 -n1000 -m50 -H \"Accept-Encoding:gzip\" https://ngx.domain.com/caddy-index.html\nstarting benchmark...\nspawning thread #0: 150 total client(s). 1000 total requests\nTLS Protocol: TLSv1.2\nCipher: ECDHE-ECDSA-AES128-GCM-SHA256\nServer Temp Key: ECDH P-256 256 bits\nApplication protocol: h2\nprogress: 10% done\nprogress: 20% done\nprogress: 30% done\nprogress: 40% done\nprogress: 50% done\nprogress: 60% done\nprogress: 70% done\nprogress: 80% done\nprogress: 90% done\nprogress: 100% done\n\nfinished in 449.49ms, 2224.74 req/s, 11.32MB/s\nrequests: 1000 total, 1000 started, 1000 done, 1000 succeeded, 0 failed, 0 errored, 0 timeout\nstatus codes: 1000 2xx, 0 3xx, 0 4xx, 0 5xx\ntraffic: 5.09MB (5336350) total, 202.15KB (207000) headers (space savings 26.86%), 4.87MB (5104000) data\n                     min         max         mean         sd        +/- sd\ntime for request:     9.33ms    276.56ms    115.17ms     71.07ms    61.90%\ntime for connect:    86.76ms    377.81ms    183.10ms     75.91ms    82.00%\ntime to 1st byte:   158.04ms    440.22ms    300.22ms     84.40ms    60.67%\nreq/s           :      13.71       44.23       24.21        8.72    72.67%\n```\n\nNginx at 500 user concurrency\n\n```\nh2load -t1 -c500 -n2000 -m100 -H \"Accept-Encoding:gzip\" https://ngx.domain.com/caddy-index.html\nstarting benchmark...\nspawning thread #0: 500 total client(s). 2000 total requests\nTLS Protocol: TLSv1.2\nCipher: ECDHE-ECDSA-AES128-GCM-SHA256\nServer Temp Key: ECDH P-256 256 bits\nApplication protocol: h2\nprogress: 10% done\nprogress: 20% done\nprogress: 30% done\nprogress: 40% done\nprogress: 50% done\nprogress: 60% done\nprogress: 70% done\nprogress: 80% done\nprogress: 90% done\nprogress: 100% done\n\nfinished in 1.25s, 1600.52 req/s, 8.15MB/s\nrequests: 2000 total, 2000 started, 2000 done, 2000 succeeded, 0 failed, 0 errored, 0 timeout\nstatus codes: 2000 2xx, 0 3xx, 0 4xx, 0 5xx\ntraffic: 10.19MB (10682500) total, 404.30KB (414000) headers (space savings 26.86%), 9.74MB (10208000) data\n                     min         max         mean         sd        +/- sd\ntime for request:    82.91ms    583.83ms    310.77ms    160.24ms    51.75%\ntime for connect:   459.89ms    664.50ms    552.15ms     36.49ms    89.00%\ntime to 1st byte:   583.80ms       1.23s    861.70ms    189.58ms    55.60%\nreq/s           :       3.25        6.85        4.86        1.07    56.00%\n```\n\nNginx at 1000 user concurrency with 10k requests all succeeded\n\n```\nh2load -t1 -c1000 -n10000 -m100 -H \"Accept-Encoding:gzip\" https://ngx.domain.com/caddy-index.html\nstarting benchmark...\nspawning thread #0: 1000 total client(s). 10000 total requests\nTLS Protocol: TLSv1.2\nCipher: ECDHE-ECDSA-AES128-GCM-SHA256\nServer Temp Key: ECDH P-256 256 bits\nApplication protocol: h2\nprogress: 10% done\nprogress: 20% done\nprogress: 30% done\nprogress: 40% done\nprogress: 50% done\nprogress: 60% done\nprogress: 70% done\nprogress: 80% done\nprogress: 90% done\nprogress: 100% done\n\nfinished in 5.23s, 1912.05 req/s, 9.73MB/s\nrequests: 10000 total, 10000 started, 10000 done, 10000 succeeded, 0 failed, 0 errored, 0 timeout\nstatus codes: 10000 2xx, 0 3xx, 0 4xx, 0 5xx\ntraffic: 50.87MB (53339000) total, 1.97MB (2070000) headers (space savings 26.86%), 48.68MB (51040000) data\n                     min         max         mean         sd        +/- sd\ntime for request:     5.25ms       2.53s       1.24s    606.34ms    67.13%\ntime for connect:   603.67ms       3.59s       1.75s       1.19s    68.00%\ntime to 1st byte:   949.61ms       5.16s       2.98s       1.20s    56.40%\nreq/s           :       1.93       10.52        4.08        2.06    80.80%\n```\n\n# Nginx vhost config file\n\n`nv` command line auto generated Nginx HTTP/2 HTTPS vhost config file at `/usr/local/nginx/conf/conf.d/ngx.domain.com.ssl.conf`\n\n```\n# Centmin Mod Getting Started Guide\n# must read http://centminmod.com/getstarted.html\n# For HTTP/2 SSL Setup\n# read http://centminmod.com/nginx_configure_https_ssl_spdy.html\n\n# redirect from www to non-www  forced SSL\n# uncomment, save file and restart Nginx to enable\n# if unsure use return 302 before using return 301\n# server {\n#       listen   80;\n#       server_name ngx.domain.com www.ngx.domain.com;\n#       return 302 https://$server_name$request_uri;\n# }\n\nserver {\n  listen 443 ssl http2 reuseport;\n  server_name ngx.domain.com www.ngx.domain.com;\n\n  ssl_dhparam /usr/local/nginx/conf/ssl/ngx.domain.com/dhparam.pem;\n  ssl_certificate      /usr/local/nginx/conf/ssl/ngx.domain.com/ngx.domain.com.crt;\n  ssl_certificate_key  /usr/local/nginx/conf/ssl/ngx.domain.com/ngx.domain.com.key;\n  include /usr/local/nginx/conf/ssl_include.conf;\n\n  # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/\n  #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/ngx.domain.com/origin.crt;\n  #ssl_verify_client on;\n  http2_max_field_size 16k;\n  http2_max_header_size 32k;\n  http2_max_requests 5000;\n  # mozilla recommended\n  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;\n  ssl_prefer_server_ciphers   on;\n  #add_header Alternate-Protocol  443:npn-spdy/3;\n\n  # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts\n  #add_header Strict-Transport-Security \"max-age=31536000; includeSubdomains;\";\n  #add_header X-Frame-Options SAMEORIGIN;\n  add_header X-Xss-Protection \"1; mode=block\" always;\n  add_header X-Content-Type-Options \"nosniff\" always;\n  #add_header Referrer-Policy \"strict-origin-when-cross-origin\";\n  #add_header Feature-Policy \"accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'\";\n  #spdy_headers_comp 5;\n  ssl_buffer_size 1369;\n  ssl_session_tickets on;\n  \n  # enable ocsp stapling\n  #resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;\n  #resolver_timeout 10s;\n  #ssl_stapling on;\n  #ssl_stapling_verify on;\n  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/ngx.domain.com/ngx.domain.com-trusted.crt;  \n\n# ngx_pagespeed \u0026 ngx_pagespeed handler\n#include /usr/local/nginx/conf/pagespeed.conf;\n#include /usr/local/nginx/conf/pagespeedhandler.conf;\n#include /usr/local/nginx/conf/pagespeedstatslog.conf;\n\n  # limit_conn limit_per_ip 16;\n  # ssi  on;\n\n  access_log /home/nginx/domains/ngx.domain.com/log/access.log combined buffer=256k flush=5m;\n  error_log /home/nginx/domains/ngx.domain.com/log/error.log;\n\n  include /usr/local/nginx/conf/autoprotect/ngx.domain.com/autoprotect-ngx.domain.com.conf;\n  root /home/nginx/domains/ngx.domain.com/public;\n  # uncomment cloudflare.conf include if using cloudflare for\n  # server and/or vhost site\n  #include /usr/local/nginx/conf/cloudflare.conf;\n  include /usr/local/nginx/conf/503include-main.conf;\n\n  location / {\n  include /usr/local/nginx/conf/503include-only.conf;\n\n# block common exploits, sql injections etc\n#include /usr/local/nginx/conf/block.conf;\n\n  # Enables directory listings when index file not found\n  #autoindex  on;\n\n  # Shows file listing times as local time\n  #autoindex_localtime on;\n\n  # Wordpress Permalinks example\n  #try_files $uri $uri/ /index.php?q=$uri\u0026$args;\n\n  }\n\n  include /usr/local/nginx/conf/pre-staticfiles-local-ngx.domain.com.conf;\n  include /usr/local/nginx/conf/pre-staticfiles-global.conf;\n  include /usr/local/nginx/conf/staticfiles.conf;\n  include /usr/local/nginx/conf/php.conf;\n  \n  include /usr/local/nginx/conf/drop.conf;\n  #include /usr/local/nginx/conf/errorpage.conf;\n  include /usr/local/nginx/conf/vts_server.conf;\n}\n```\n\n# HTTP/3 HTTPS Tests\n\nCaddy v2 has [experimental HTTP/3 HTTPS](https://caddyserver.com/docs/caddyfile/options) support and Cloudflare has released a [Nginx HTTP/3 patch for Nginx 1.16.1](https://community.centminmod.com/threads/centmin-mod-nginx-with-cloudflare-http-3-nginx-patch.18482/) stable version. Both HTTP/3 implementations are at very early stages so not really suited for production right now.\n\nWhile Centmin Mod Nginx uses 1.17 mainline branch, I've made a private Centmin Mod 123.09beta01 branch with Cloudflare Nginx HTTP/3 patch support to test specifically Nginx 1.16.1 stable builds with HTTP/3. I will use [nghttp2's HTTP/3 QUIC](https://github.com/nghttp2/nghttp2/tree/quic) supported branch to do h2load HTTP/3 TLSv1.3 tests in the future against both Caddy v2 and Nginx 1.16.1. Will update this readme with tests when available.\n\nh2load HTTP/3 HTTPS testing tool.\n\n```\nh2load-http3 --version\nh2load nghttp2/1.41.0-DEV\n```\n\nCentmin Mod Nginx 1.16.1 build with [Cloudflare HTTP/3 over QUIC patches](https://github.com/cloudflare/quiche/tree/master/extras/nginx) using BoringSSL + [Cloudflare Quiche library](https://github.com/cloudflare/quiche)\n\nNote the `--with-http_v3_module --with-openssl=../quiche/deps/boringssl --with-quiche=../quiche` options\n\n```\nnginx -V\nnginx version: nginx/1.16.1 (090520-135334-centos7-virtualbox-kvm-d9e4773-quiche-85ca070)\nbuilt by gcc 8.3.1 20190311 (Red Hat 8.3.1-3) (GCC) \nbuilt with OpenSSL 1.1.0 (compatible; BoringSSL) (running with BoringSSL)\nTLS SNI support enabled\n```\n\u003e configure arguments: --with-ld-opt='-Wl,-E -L/usr/local/zlib-cf/lib -L../quiche/deps/boringssl/.openssl/lib -L/usr/local/lib -ljemalloc -Wl,-z,relro -Wl,-rpath,../quiche/deps/boringssl/.openssl/lib:/usr/local/zlib-cf/lib:/usr/local/lib' --with-cc-opt='-I../quiche/deps/boringssl/.openssl/include -I/usr/local/zlib-cf/include -I/usr/local/include -m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -fcode-hoisting -Wno-cast-function-type -Wno-format-extra-args -Wp,-D_FORTIFY_SOURCE=2' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --build=090520-113914-centos7-virtualbox-kvm-d9e4773-quiche-85ca070 --with-compat --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.2 --add-module=../ngx_cache_purge-2.5 --add-module=../ngx_devel_kit-0.3.0 --add-module=../set-misc-nginx-module-0.32 --add-module=../echo-nginx-module-0.61 --add-module=../redis2-nginx-module-0.15 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.18 --add-module=../srcache-nginx-module-0.31 --add-module=../headers-more-nginx-module-0.33 --with-pcre-jit --with-zlib=../zlib-cloudflare-1.3.0 --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-openssl=../quiche/deps/boringssl --with-quiche=../quiche\n\nTest `ngx.domain.com` site test over curl with HTTP/3 support built using Cloudflare Quiche library.\n\n```\ncurl-http3 --http3 -skD - -H \"Accept-Encoding: gzip\" https://ngx.domain.com/caddy-index.html -o /dev/null          \nHTTP/3 200\ndate: Sat, 09 May 2020 15:01:22 GMT\ncontent-type: text/html; charset=utf-8\nlast-modified: Wed, 06 May 2020 18:44:09 GMT\nvary: Accept-Encoding\netag: W/\"5eb30579-2fc2\"\nserver: nginx centminmod\nx-powered-by: centminmod\nalt-svc: h3-27=\":443\"; ma=86400\nx-xss-protection: 1; mode=block\nx-content-type-options: nosniff\ncontent-encoding: gzip\n```\n\nh2load HTTP/3 TLSv1.3 test \n\n##### HTTP/3 HTTPS Benchmarks\n\n| server | h2load HTTP/3 | requests/s | ttfb min | ttfb avg | ttfb max | cipher | protocol | successful req | failed req |\n| ---| --- |--- |--- |--- |--- |--- |--- |---|---|\n| caddy v2 | t1 c150 n1000 m50  | 594.60 | 230.02ms | 590.87ms | 1.65s | TLS_AES_128-GCM_SHA256  | h3-27 TLSv1.3 | 100% | 0% |\n| caddy v2 | t1 c500 n2000 m100  | 333.49 | 353.84ms | 1.89s | 5.98s | TLS_AES_128-GCM_SHA256  | h3-27 TLSv1.3 | 100% | 0% |\n| caddy v2 | t1 c1000 n10000 m100  | failed | failed | failed | failed | -  | - | 0% | 100% |\n| nginx 1.16.1 patch | t1 c150 n1000 m50  | 1856.67 | 213.84ms | 333.80ms | 510.07ms | TLS_AES_128-GCM_SHA256  | h3-27 TLSv1.3 | 100% | 0% |\n| nginx 1.16.1 patch | t1 c500 n2000 m100  | 842.13 | 325.78ms | 834.50ms | 1.59s | TLS_AES_128-GCM_SHA256  | h3-27 TLSv1.3 | 100% | 0% |\n| nginx 1.16.1 patch | t1 c1000 n10000 m100  | 847.89 | 657.03ms | 3.58s | 9.09s | TLS_AES_128-GCM_SHA256  | h3-27 TLSv1.3 | 100% | 0% |\n\nAgainst Nginx 1.16.1 patched with Cloudflare HTTP/3 support which have lower performance than Nginx 1.17.10 HTTP/2 HTTPS right now.\n\n```\nh2load-http3 -t1 -c150 -n1000 -m50 -H \"Accept-Encoding:gzip\" https://ngx.domain.com/caddy-index.html\nstarting benchmark...\nspawning thread #0: 150 total client(s). 1000 total requests\nTLS Protocol: TLSv1.3\nCipher: TLS_AES_128_GCM_SHA256\nServer Temp Key: X25519 253 bits\nApplication protocol: h3-27\nprogress: 10% done\nprogress: 20% done\nprogress: 30% done\nprogress: 40% done\nprogress: 50% done\nprogress: 60% done\nprogress: 70% done\nprogress: 80% done\nprogress: 90% done\nprogress: 100% done\n\nfinished in 538.60ms, 1856.67 req/s, 9.32MB/s\nrequests: 1000 total, 1000 started, 1000 done, 1000 succeeded, 0 failed, 0 errored, 0 timeout\nstatus codes: 1000 2xx, 0 3xx, 0 4xx, 0 5xx\ntraffic: 5.02MB (5265200) total, 136.72KB (140000) headers (space savings 55.13%), 4.87MB (5104000) data\n                     min         max         mean         sd        +/- sd\ntime for request:   260.61ms    421.05ms    334.73ms     40.78ms    62.80%\ntime for connect:    84.07ms    210.35ms    147.01ms     35.29ms    56.00%\ntime to 1st byte:   213.84ms    510.07ms    333.80ms     72.01ms    64.00%\nreq/s           :      11.62       16.33       13.83        1.42    60.00%\n```\n\n```\nh2load-http3 -t1 -c500 -n2000 -m100 -H \"Accept-Encoding:gzip\" https://ngx.domain.com/caddy-index.html\nstarting benchmark...\nspawning thread #0: 500 total client(s). 2000 total requests\nTLS Protocol: TLSv1.3\nCipher: TLS_AES_128_GCM_SHA256\nServer Temp Key: X25519 253 bits\nApplication protocol: h3-27\nprogress: 10% done\nprogress: 20% done\nprogress: 30% done\nprogress: 40% done\nprogress: 50% done\nprogress: 60% done\nprogress: 70% done\nprogress: 80% done\nprogress: 90% done\nprogress: 100% done\n\nfinished in 2.37s, 842.13 req/s, 4.24MB/s\nrequests: 2000 total, 2000 started, 2000 done, 2000 succeeded, 0 failed, 0 errored, 0 timeout\nstatus codes: 2000 2xx, 0 3xx, 0 4xx, 0 5xx\ntraffic: 10.06MB (10548000) total, 273.44KB (280000) headers (space savings 55.13%), 9.74MB (10208000) data\n                     min         max         mean         sd        +/- sd\ntime for request:     5.23ms       1.93s    372.74ms    293.49ms    86.60%\ntime for connect:   160.48ms       1.59s    654.79ms    386.72ms    59.40%\ntime to 1st byte:   325.78ms       1.59s    834.50ms    342.22ms    55.20%\nreq/s           :       1.69        7.62        4.27        1.45    73.00%\n```\n\n```\nh2load-http3 -t1 -c1000 -n10000 -m100 -H \"Accept-Encoding:gzip\" https://ngx.domain.com/caddy-index.html\nstarting benchmark...\nspawning thread #0: 1000 total client(s). 10000 total requests\nTLS Protocol: TLSv1.3\nCipher: TLS_AES_128_GCM_SHA256\nServer Temp Key: X25519 253 bits\nApplication protocol: h3-27\nprogress: 10% done\nprogress: 20% done\nprogress: 30% done\nprogress: 40% done\nprogress: 50% done\nprogress: 60% done\nprogress: 70% done\nprogress: 80% done\nprogress: 90% done\nprogress: 100% done\n\nfinished in 11.79s, 847.89 req/s, 4.25MB/s\nrequests: 10000 total, 10000 started, 10000 done, 10000 succeeded, 0 failed, 0 errored, 0 timeout\nstatus codes: 10000 2xx, 0 3xx, 0 4xx, 0 5xx\ntraffic: 50.17MB (52608000) total, 1.34MB (1400000) headers (space savings 55.13%), 48.68MB (51040000) data\n                     min         max         mean         sd        +/- sd\ntime for request:    84.10ms      11.14s       1.38s       1.18s    81.60%\ntime for connect:   407.04ms       8.84s       2.90s       2.54s    84.90%\ntime to 1st byte:   657.03ms       9.09s       3.58s       2.31s    66.40%\nreq/s           :       0.85        7.88        2.97        1.62    78.80%\n```\n\nCaddy v2 HTTP/3 with `experimental_http3` enabled\n\n```\ncurl-http3 --http3 -skD - -H \"Accept-Encoding: gzip\" https://caddy.domain.com:4444/caddy-index.html -o /dev/null\nHTTP/3 200\nx-xss-protection: 1; mode=block\netag: \"q9xapl9fm\"\ncontent-type: text/html; charset=utf-8\nlast-modified: Wed, 06 May 2020 18:44:09 GMT\ncontent-encoding: gzip\nx-powered-by: caddy centminmod\nalt-svc: h3-27=\":4444\"; ma=2592000\nx-content-type-options: nosniff\nvary: Accept-Encoding\nserver: Caddy\n```\n\nh2load HTTP/3 TLSv1.3 test against Caddy v2 HTTP/3\n\n```\nh2load-http3 -t1 -c150 -n1000 -m50 -H \"Accept-Encoding:gzip\" https://caddy.domain.com:4444/caddy-index.html\nstarting benchmark...\nspawning thread #0: 150 total client(s). 1000 total requests\nTLS Protocol: TLSv1.3\nCipher: TLS_AES_128_GCM_SHA256\nServer Temp Key: ECDH P-256 256 bits\nApplication protocol: h3-27\nprogress: 10% done\nprogress: 20% done\nprogress: 30% done\nprogress: 40% done\nprogress: 50% done\nprogress: 60% done\nprogress: 70% done\nprogress: 80% done\nprogress: 90% done\nprogress: 100% done\n\nfinished in 1.68s, 594.60 req/s, 3.19MB/s\nrequests: 1000 total, 1000 started, 1000 done, 1000 succeeded, 0 failed, 0 errored, 0 timeout\nstatus codes: 1000 2xx, 0 3xx, 0 4xx, 0 5xx\ntraffic: 5.36MB (5618450) total, 295.90KB (303000) headers (space savings -11.81%), 5.00MB (5240000) data\n                     min         max         mean         sd        +/- sd\ntime for request:    37.03ms       1.29s    426.29ms    234.26ms    75.70%\ntime for connect:    90.36ms       1.62s    371.05ms    396.46ms    91.33%\ntime to 1st byte:   230.02ms       1.65s    590.87ms    404.86ms    86.00%\nreq/s           :       3.93       24.03        9.59        4.19    74.67%\n```\n\n```\nh2load-http3 -t1 -c500 -n2000 -m100 -H \"Accept-Encoding:gzip\" https://caddy.domain.com:4444/caddy-index.html\nstarting benchmark...\nspawning thread #0: 500 total client(s). 2000 total requests\nTLS Protocol: TLSv1.3\nCipher: TLS_AES_128_GCM_SHA256\nServer Temp Key: ECDH P-256 256 bits\nApplication protocol: h3-27\nprogress: 10% done\nprogress: 20% done\nprogress: 30% done\nprogress: 40% done\nprogress: 50% done\nprogress: 60% done\nprogress: 70% done\nprogress: 80% done\nprogress: 90% done\nprogress: 100% done\n\nfinished in 6.00s, 333.49 req/s, 1.79MB/s\nrequests: 2000 total, 2000 started, 2000 done, 2000 succeeded, 0 failed, 0 errored, 0 timeout\nstatus codes: 2000 2xx, 0 3xx, 0 4xx, 0 5xx\ntraffic: 10.72MB (11237500) total, 591.80KB (606000) headers (space savings -11.81%), 9.99MB (10480000) data\n                     min         max         mean         sd        +/- sd\ntime for request:    34.81ms       5.64s    965.59ms    846.91ms    71.80%\ntime for connect:   120.68ms       4.71s       1.15s    965.09ms    86.80%\ntime to 1st byte:   353.84ms       5.98s       1.89s       1.08s    76.80%\nreq/s           :       0.67        7.85        2.50        1.52    78.80%\n```\n\nAt 1000 user concurrency like HTTP/2 HTTPS tests, Caddy seems to fail with the `ERR_DRAINING` message which apparently means h2load received a `CONNECTION_CLOSE` frame from Caddy = Caddy crashed ???\n\n```\nh2load-http3 -t1 -c1000 -n10000 -m100 -H \"Accept-Encoding:gzip\" https://caddy.domain.com:4444/caddy-index.html \nstarting benchmark...\nspawning thread #0: 1000 total client(s). 10000 total requests\nTLS Protocol: TLSv1.3\nCipher: TLS_AES_128_GCM_SHA256\nServer Temp Key: ECDH P-256 256 bits\nApplication protocol: h3-27\nprogress: 10% done\nprogress: 20% done\nprogress: 30% done\nngtcp2_conn_read_pkt: ERR_DRAINING\nngtcp2_conn_read_pkt: ERR_DRAINING\nngtcp2_conn_read_pkt: ERR_DRAINING\nngtcp2_conn_read_pkt: ERR_DRAINING\nngtcp2_conn_read_pkt: ERR_DRAINING\nngtcp2_conn_read_pkt: ERR_DRAINING\n```\n\n# Comparing HTTP/2 Settings\n\nUsing nghttp2 to check the HTTP/2 `SETTINGS_` defaults for a HTTP/2 connection\n\nCaddy\n\n```\nnghttp -ynvs https://caddy.domain.com:4444/caddy-index.html | grep SETTINGS_\n          [SETTINGS_MAX_FRAME_SIZE(0x05):1048576]\n          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):250]\n          [SETTINGS_MAX_HEADER_LIST_SIZE(0x06):1048896]\n          [SETTINGS_INITIAL_WINDOW_SIZE(0x04):1048576]\n          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]\n          [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]\n```\n\nNginx\n\n```\nnghttp -ynvs https://ngx.domain.com/caddy-index.html | grep SETTINGS_\n          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):128]\n          [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65536]\n          [SETTINGS_MAX_FRAME_SIZE(0x05):16777215]\n          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]\n          [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcentminmod%2Fcentminmod-caddy-v2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcentminmod%2Fcentminmod-caddy-v2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcentminmod%2Fcentminmod-caddy-v2/lists"}