It's not like you have to maintain a fork, it's pretty minimal, all you need is a Dockerfile with what you want and build the container. Other than that you just keep bumping the version like you would the standard distribution.

For example to use rate limiting I just have a Dockerfile like this:

FROM caddy:2.9.1-builder AS builder

RUN xcaddy build --with github.com/mholt/caddy-ratelimit

FROM caddy:2.9.1

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

It is still a problem if you want caddy to run outside of docker (e.g. for getting real remote addr).

You don’t really need to track anything either, you can set up a GitHub Actions workflow and have dependabot bump the version for you.

Or you can just ‘apt install -y nginx certbot’ and not have to worry about a build or package environment.

Golang fundamentally doesn't support dynamically loaded libraries. It appears at first that it does, which can waste your time, but actually it doesn't.

Can you expand? I thought the plugin package handled this now, though I've not actually tried it. Is it a dud?

It is one, yes.

Only a POC, supported in Linux and macOS, and basically relies on doing casts from loaded symbols into what they are supposed to mean.

This was the big deal-breaker for me when I last looked a little while ago.

I need route 53 and a few other DNS providers built in for let's encrypt support and the docs implied that I was going to have to build those plugins myself?!!!

I stopped reading at that point because cert bot is trivial to install and just works with the web server that was also one command to install. At no point did I have to create a ephemeral container just to build nginx or certbot...

I wonder if caddy3 might implement WASM plugins via something like Wazero. Maybe too much of a performance hit.