Caddy compatibility for zeroserve: 3x throughput and 70% lower latency
This post announces Caddy compatibility for zeroserve, a high-performance HTTPS server that JIT-compiles Caddyfiles into eBPF. Benchmarks show it significantly outperforming Caddy, matching Nginx in throughput, and using less memory. The Hacker News crowd is impressed by the technical achievement but raises questions about its practical feature parity with Caddy and the real-world need for such extreme performance for general use cases.
The Lowdown
zeroserve is a high-performance HTTPS server that leverages eBPF, running scripts in userspace. The latest update introduces Caddy compatibility, meaning it can now interpret Caddyfiles by JIT-compiling them to eBPF and then to native machine code, all executed within an io_uring event loop.
zeroservefundamentally uses eBPF for its core operations, providing a distinct architectural approach for server functionality.- The new Caddy-compat mode allows users to employ standard Caddyfiles, which
zeroserveprocesses by compiling and executing the directives. - Performance benchmarks indicate substantial gains: 3x throughput and 70% lower latency compared to Caddy, and throughput comparable to Nginx, while also demonstrating reduced memory consumption.
- It supports Turing-complete eBPF, enabling custom code to be called directly from Caddyfiles, exemplified by a feature for AWS SigV4 authentication with S3-compatible storage.
- The project is open-source and includes straightforward instructions for users to quickly test it with their existing Caddyfile configurations.
This development underscores the growing potential of eBPF for building highly efficient and performant server applications, pushing the boundaries of what's possible in web serving speed and resource utilization.
The Gossip
Performance Ponderings
Commenters were both impressed and somewhat surprised by Nginx's strong showing in the benchmarks, leading to questions about whether Caddy is truly a bottleneck for most applications. While acknowledging `zeroserve`'s impressive technical achievement and its raw performance numbers, many debated the practical need for such extreme optimization in general use cases, especially when considering the established feature sets and ecosystems of existing servers like Nginx and Caddy.
Compatibility Quandaries
The 'Caddy compatibility' aspect sparked significant discussion, with many users pointing out that `zeroserve` currently lacks crucial features found in a full Caddy setup. Key omissions noted were automatic ACME TLS certificate management and Caddy's extensive plugin ecosystem. This limitation positions `zeroserve` less as a direct replacement and more as a specialized tool for highly performance-critical scenarios where these features might be handled elsewhere or aren't required.
eBPF's Expansive Capabilities
A technical discourse emerged around the nature of eBPF, specifically its Turing completeness, and how `zeroserve` implements it. Commenters clarified that `zeroserve` operates eBPF scripts in userspace, which bypasses the stricter verifier constraints typically found in the kernel's eBPF runtime. This allows for the execution of more complex eBPF programs than those commonly deployed at the kernel level.
Peculiar Certificate Prompts
Several users reported an unusual and unexpected browser pop-up requesting client certificates when navigating to the `su3.io` domain (the author's website) linked within the story. This raised concerns about potential privacy and security implications, prompting speculation about whether it was due to a misconfiguration, an intentional client-side mutual TLS setup, or another unforeseen browser interaction.