Caddy compatibility for zeroserve: 3x throughput and 70% lower latency
losfair
169 points
50 comments
June 14, 2026
Related Discussions
Found 5 related stories in 120.1ms across 10,500 title embeddings via pgvector HNSW
- Zeroserve: A zero-config web server you can script with eBPF losfair · 214 pts · June 06, 2026 · 56% similar
- Serving a website on a Raspberry Pi Zero running in RAM xngbuilds · 203 pts · May 08, 2026 · 48% similar
- The inner workings of TCP zero-copy mfrw · 49 pts · March 02, 2026 · 44% similar
- Caztor 1.0 – a browser for small-net protocols like Gemini and Gopher LaSombra · 13 pts · April 20, 2026 · 43% similar
- Zstandard Across the Stack oddurmagnusson · 14 pts · April 02, 2026 · 42% similar
Discussion Highlights (13 comments)
nullstyle
Fudge, I really need to carve out time today to play with zeroserve. Very cool stuff
zsoltkacsandi
From a technical standpoint, these are always impressive projects, but I've always wondered: has anyone ever encountered a use case where the Caddy was the bottleneck?
augunrik
I am surprised how well nginx holds up?!
smallerize
I still think of eBPF as not being Turing-complete. There is still a complexity limit in the verifier. Even if someone did implement Game of Life by having the program set a timer to run itself. https://isovalent.com/blog/post/ebpf-yes-its-turing-complete...
tln
No ACME! That is a dealbreaker https://github.com/losfair/zeroserve/blob/main/CADDY_COMPAT....
1a527dd5
Anyone else got a really weird Chorme pop-up asking which cert to use for su3.io:443? Very bizarre, never seen that before. Thumbprints: - 60949a09aab8677f87a0b9eda7099a03ca510fb3 - 1b146798f0dc93773247e86312f1b730c4eeebb3
codingjoe
"Caddy compatible" minus everything that matters, like ACME and plugins. And NGINX still steals the show. Not everything needs to be rewritten.
BoingBoomTschak
Interesting. Trying to get some of the performance advantages of TUX/IIS without as much insecurity makes sense for some big players, I guess. The usual 3400 lines lock file and AGENTS.md raise some questions about the aforementioned security, though.
Thaxll
Another vibe coded, dead in 6 month Rust project. People that trully need performance are not going to use a random server that has 0 support/ track record.
ok123456
Exposing services that use io_uring is a hard pass. It's only been a handful of weeks since the last security advisory.
bastawhiz
The idea of jit compilation of a web server in a small project is pretty terrifying to me. The attack surface here is enormous. And for what? My back end on a single host isn't pumping at 35k qps. If each request is 500 bytes, 35k qps is nearly 20mbps sustained with zero other io (in each direction). And this is using only two threads! I think you'd be hard pressed to find an application where this is meaningfully useful versus just scaling horizontally. On a box that can run many threads in parallel, Caddy still vastly exceeds my ability to respond to pretty much any useful traffic. It's optimizing for a metric that wasn't a bottleneck in the first place.
pbohun
I looked into writing an http server based on iouring myself, but all the resources I could find said iouring is less safe from a cybersecurity perspective. Is there a safe way to use iouring for a webserver, or is libuv the better way to go, even though it has less performance?
stymaar
Can someome enlighten me: What's the point of “running eBPF scripts in userspace”? Isn't being run in kernel space the whole point of eBPF in the first place?