Caddy. Hands down. No question.
Everything else works fine. Caddy works fine as well, but it’s also super easy.
I heard it’s insecure to self host sites without Cloudflare because you’re exposing your ip address and leaving yourself vulnerable
There’s a lot more to it, and this is only a small part of it, but yes. This is technically true.
but is it really bad to self host without Cloudflare?
Cloudflare is nice to have, but it honestly sucks. I run a private dns stub resolver with my own blocklists (because I don’t trust anyone else to do it) and I have Google DNS, Cloudflare DNS, and a few other DoH resolvers as the upstream source. My stub resolver is set to send requests to all the upstreams at once, and to take the results of the one that responds first. Tracking through prometheus shows that Cloudflare has not once (!) had its results chosen because its average RTT is 700ms. Everyone else is in the sub 100ms range.
Cloudflare was cool until it got popular.
Bless Aaron Swartz. 🙏