← Back to news

Caddy compatibility for zeroserve: 3x throughput and 70% lower latency

Original article
su3.io|167 points|49 comments|by losfair|Jun 14, 2026

Boosting Performance: zeroserve's New Caddy Compatibility

zeroserve is a cutting-edge, high-performance HTTPS server designed to execute eBPF scripts directly within userspace.

Recently, a Caddy-compat mode was introduced. This allows users to provide a standard Caddyfile, which zeroserve then processes through a sophisticated pipeline: it JIT-compiles the configuration into eBPF, transforms that into native x86_64 or ARM64 machine code, and finally executes it within an io_uring event loop.

The Compilation Pipeline

The transformation from a configuration file to machine code can be visualized as follows:

Performance Benchmarks

The following data represents an HTTPS reverse proxy setup utilizing 2 threads on an AMD Ryzen 7 3700X processor.

ProtocolServerThroughputp50 Latencyp99 LatencyPeak RSS
httpszeroserve-clang38,948 req/s1.45ms3.91ms30.9 MiB
httpszeroserve-tcc36,653 req/s1.67ms4.00ms34.2 MiB
httpscaddy12,529 req/s4.74ms13.11ms67.4 MiB
httpsnginx37,424 req/s1.57ms4.24ms25.7 MiB

Key Takeaways

Using LaTeX\LaTeX to quantify the gains over standard Caddy:

  • Throughput Increase: 38,94812,5293.1x\approx \frac{38,948}{12,529} \approx 3.1\text{x}
  • Latency Reduction: 11.454.7470%\approx 1 - \frac{1.45}{4.74} \approx 70\%

Traditional servers are enough \rightarrow zeroserve provides a massive leap in efficiency while maintaining compatibility.

Getting Started

You can deploy zeroserve using your existing Caddyfile by following these steps:

  • Download the binary
  • Set execution permissions
  • Launch with the Caddy flag
# Download the appropriate binary for your architecture
curl -fL -o zeroserve https://github.com/losfair/zeroserve/releases/download/v0.2.11/zeroserve-$(uname -m)-linux

# Make it executable
chmod +x zeroserve

# Run using your Caddyfile
./zeroserve --caddy /etc/caddy/Caddyfile

# Test the connection
curl http://127.0.0.1:8080

Advanced Extensibility

Because zeroserve supports turing-complete eBPF, you aren't limited to standard Caddy directives. You can invoke custom logic directly from your Caddyfile.

Example: S3 Proxy with AWS SigV4

To proxy a specific path to an S3-compatible bucket requiring AWS SigV4 authentication, you can use the io.su3.aws-sigv4.c plugin.

Architecture Icon

Configuration Example:

# Start zeroserve with the SigV4 plugin
# zeroserve --plugin io.su3.aws-sigv4.c --caddy Caddyfile

example.com {
    route /s3/* {
        uri strip_prefix /s3
        rewrite * /my-bucket{uri}
        
        # Execute the `sign_request` method from the eBPF middleware
        zeroserve_call io.su3.aws-sigv4 sign_request {
            access_key_id "minioadmin"
            secret_access_key "minioadmin"
        }
        
        reverse_proxy http://127.0.0.1:9000
    }
}

2026-06-14 © 2022-2026 Heyang Zhou · [RSS] [System Status]