« Blog Index
September 13, 2017

Announcing Caddy Commercial Licenses

By Matt Holt and Cory Cooper

Today, we're pleased to unveil something we've been working diligently on for the past few months: Caddy Commercial Licenses. This change is designed to accommodate the needs of the growing Caddy community and user base. With commercial licenses, we're able to offer exclusive features and services to our business users that we couldn't do before, while sustaining Caddy's open source development. We're even starting today with one new service for our customers, with more planned!

First we'll summarize what this means for you. We'll then describe all the changes and conclude by discussing the motivations and hopefully try to address some common questions.

The High-Order Bits

If you have questions about anything you read here, feel free to email sales@lightcodelabs.com or post on our community forums!

New EULA

Beginning today, all official Caddy binaries come with an End User License Agreement (EULA) that designates them either for Personal (non-commercial) or Commercial use. To be clear, this EULA applies only to Caddy binaries you download; it does not apply to the source code. Caddy is still open source, and the source code is under the same Apache 2.0 license.

Personal licenses are free for non-commercial use and there are no limits on the number of instances you can run. Commercial licenses are required for commercial use, for example: internal company use, distribution as part of a service or product, or any other use in a business setting. During our introductory pricing period, Caddy commercial licenses are about 1/4 the cost, per-instance, of other web servers you're familiar with.

Commercial licenses are valid during an active subscription, which is billed annually. We're happy to offer this limited-time introductory pricing to our existing user base as a thank you for being early adopters of Caddy!

There are no technical differences between "personal" Caddy and "commercial" Caddy except that the commercially-licensed binaries omit the Caddy-Sponsors HTTP response header.

Caddy-Sponsors HTTP Header

As of version 0.10.9, Caddy emits an HTTP response header, Caddy-Sponsors, which is similar to the Server header that Caddy already has, except that this one credits our sponsors who make it possible to keep Caddy free for personal use. This header cannot be removed by the Caddyfile, and its presence is required by the non-commercial EULA. This requirement is waived by the commercial license, so the header is not present in those binaries.

Private Plugin Hosting

Our first service exclusively for commercial licensees is private plugin hosting. With an active commercial license subscription, you may deploy your private/proprietary Caddy plugins with the Caddy build server directly. We only allow open source plugins to be published to our website, but with private plugin hosting you can use our build server to obtain customized, official Caddy binaries with your own organization's plugins built in.

Private plugin hosting

Private (or "unlisted") plugins do not appear on the Caddy website at all, and may optionally be protected by an access code. For anyone to download Caddy with your plugin, they must provide the right access code.

This makes it possible and painless for you to deploy Caddy for your organization where using closed-source plugins is required.

Build URLs

Many of you know there are direct links to download your official, custom Caddy binaries. There's a download link and a full installer script shown at the bottom of the download page. We now require declaring a license when requesting a download:

https://caddyserver.com/download/<os>/<arch>?license=personal

The value for the license variable can be either personal or commercial.

Similarly, the installer script at getcaddy.com needs the license parameter in the first argument:

curl https://getcaddy.com | bash -s personal

When requesting a commercial download using the direct link, you must provide your account's credentials in an Authorization header using HTTP basic auth. Your account ID and API key can be found in your dashboard.

To download a commercial binary using the installer script, you need to set your account credentials in environment variables. See the script itself for full documentation.

We require the license parameter because we feel it's important for the license to be deliberate, not assumed. To ease the transition into this, though, we'll allow the current syntax (no license parameter) to work for at least 30 more days, and a personal license will be assumed.

Custom Licenses

We can also offer custom licenses if none of our stock licenses fit your needs. For example, if you distribute Caddy as part of your service for your clients, you may very well have more than a dozen Caddy instances under your belt. Reach out to us if you have special or large-scale requirements.

Remember that building Caddy from source is still subject to the Apache 2.0 license which requires attribution and stating changes. If you need different verbiage in a license, either for the binaries or the source code, please contact us!

Discussion

When we announced Light Code Labs in April of this year, we were determined to keep the source code open and Apache-licensed, despite temptations to change to a less free license or even dual-license the source code in an effort to make the project sustainable. Apparently some people even consider it a good idea to charge a fee to merge pull requests. However, we believe that licensing the official binaries for personal or commercial use strikes a good balance. Caddy is still truly open source, and the commercial use of our convenient build server (which has the only official database of Caddy plugins) can help sustain Caddy's development while delivering value to businesses.

This may seem an unusual angle for an open source project, but it's not unheard of. There are several examples of popular open source projects that are distributed under a different brand and/or license: Chromium and Chrome, OpenJDK and Oracle JDK, vscode and Microsoft Visual Studio Code, MonoDevelop and Xamarin Studio, IntelliJ and JetBrains, to name a few.

Our vision for Caddy is high. It has been high from the start: we want to make security and automation ubiquitous for websites everywhere. We can't sustain this effort without working relationships with businesses that have a Web presence. We're happy and hopeful about this launch today, and hope that you will be excited with us as we serve your business and help secure the future of the Web.

We shared this with several others and got some early feedback, and we'd like to share our answers here for the most common questions we got.

There's already a "Server: Caddy" header; why should I also advertise Caddy's sponsors?

The Server header can be removed with one line of Caddyfile configuration. Our sponsors make it possible for us to keep Caddy open source and free for personal use. In other words, we both owe it to them; a Pay it Forward, if you will. It's also the price we require for the gratuitous use of our build infrastructure which makes it easy to customize and deploy official Caddy binaries to your sites.

HTTP response headers are invisible in practice. And this one is only present on non-commercial sites. It will only be seen by astute developers who care enough about websites to inspect your site's HTTP response. And, perfectly, those types of people are often our sponsors' target audience.

What if I don't like one of your sponsors?

Well, we think our sponsors are pretty awesome. But we're huge proponents of preserving and expanding individual freedom. If you object to any of our sponsors being named in an invisible response header on your personal website, you may freely compile Caddy from source without that header. And remember, the header is not present on commercially-licensed builds.

How do I know when your sponsor list changes?

Our sponsors are always listed prominently on our website. They can opt-out of being shown on the website or in the header, so you can also watch the commit history of the Caddy repo for changes. We deliberately chose to put the sponsor list right in the source code so you can see what's going on, instead of adding it to our proprietary build server where changes happen "behind closed doors."

Why wouldn't I always just build Caddy from source?

Some people already do. As long as you abide the Apache license (give attribution and state changes; see full license text), you can, too. But you'll need Go installed with a GOPATH set up. If you want to use any plugins, you'll have to download them, modify the Caddy source code, and recompile. The Caddy build server contains a database of registered Caddy plugins and has the facilities for producing custom Caddy binaries all with a simple HTTPS request.

As added benefits to this convenience, commercial licenses come with extra build server features such as private plugin hosting. We also offer basic email support with every commercial license.

Sponsorships

We still offer sponsorships, and now's a better time than ever to help keep Caddy free to use! Yes, sponsors get exposure through Caddy, but more importantly, our sponsors are a significant part of making the Web better for everyone. Many of our sponsors' own customers benefit from Caddy. If your company's customers deal with web sites or web servers, consider sponsoring the Caddy project.

Thank You

We want to thank everyone who contributes to Caddy and its community. We look forward to your ongoing contributions in the future, as we work together to make the Web faster and more secure.


« Blog Index