What We Learned Benchmarking Caddy vs Nginx on Small Cloud VMs

When people compare Caddy and Nginx, the conversation usually gets pulled toward ideology. One side says Nginx is the battle-tested default. The other says Caddy makes HTTPS feel like it belongs in this decade. After looking at both through the lens that actually matters on a small VM, I think the more useful question is simpler: which one gets a real app online with less friction, less overhead, and fewer opportunities to create your own incident?

At Raff Technologies, that is the part I care about most on small cloud VMs. A 1 GB or 2 GB machine does not give you much room for unnecessary complexity. On a bigger server, you can afford extra moving parts and still feel fine. On a smaller VM, every extra daemon, every manual TLS step, and every late-night certificate problem feels heavier than it should.

We already have a broader conceptual guide on Caddy vs Nginx, plus hands-on tutorials for installing Caddy on Ubuntu 24.04, installing Nginx on Ubuntu 24.04, and securing Nginx with Let’s Encrypt. This post is narrower on purpose. I wanted to stay focused on what changes when the machine is small, the team is busy, and the reverse proxy is just one part of a real deployment.

The Test That Actually Matters on a Small VM

If you are serving millions of static requests per minute from a single node, the answer is easy: raw web server efficiency matters a lot, and Nginx has earned its reputation for a reason.

But that is not the workload most small cloud VMs are running.

Most small VMs are doing one of these jobs:

• sitting in front of a single application
• terminating HTTPS for an internal tool
• serving a lightweight SaaS frontend
• proxying traffic to Docker containers
• exposing a staging environment
• fronting an admin dashboard or API

In those situations, I do not think the best first question is, “Which one wins the benchmark chart?” I think the better first question is, “Which one gets me to a safe, boring, maintainable default faster?”

That is where the comparison becomes more interesting.

Editor note: Before publishing, add one small same-hardware results box here: 1 GB and 2 GB Raff VM, idle RSS, time to first HTTPS, static-file requests/sec, and reverse-proxy p95 latency.

The First Surprise Was Not Performance

The first surprise was that the practical difference showed up before any synthetic benchmark mattered.

Caddy gets to a secure default very quickly. The biggest reason is not magic performance. It is the fact that HTTPS is part of the default experience, not a second project you remember to complete later. On a small VM, that changes the operational shape of the deployment immediately.

With Caddy, the cleanest path is usually one service, one config file, and one domain pointed to the box. That sounds like a small convenience until you remember how many real deployments stall between “the app responds on port 3000” and “the app is actually online, encrypted, and renewable without babysitting.”

Nginx can absolutely get you to the same destination. It has done that for years, and it does it well. But on smaller teams and smaller servers, the difference is that Nginx often asks you to think in two layers: first the web server, then the certificate workflow. That is not a flaw. It is just a different operating model.

What changed my view on small VMs is this: setup friction is not only a productivity issue. It becomes a reliability issue. The more pieces you have to remember on day one, the more chances you create for day thirty to go wrong.

Where Nginx Still Pulls Ahead

This is the part where I do not think it helps to pretend both tools are equal at everything. They are not.

Nginx still feels like the stronger default when you care about squeezing the most out of limited resources. If you are running on a very small machine and want the leanest possible footprint around a simple static or proxy workload, Nginx has a strong case. That matters most on the smallest VM sizes, where memory headroom is not theoretical. It is the difference between “everything feels fine” and “why is the box swapping under light load?”

It also matters when the reverse proxy is doing more than simply passing traffic through. If your deployment needs more mature fine-grained control over request routing, traditional tuning patterns, or you already know the Nginx config model well enough to move quickly inside it, Nginx remains a very sensible choice.

This is the trap I think people fall into: they hear that Caddy is simpler and assume that simplicity automatically makes Nginx obsolete. It does not. Simplicity is an advantage only when it solves a problem you actually have.

If your problem is “I need the most familiar and efficient reverse proxy possible on a small machine,” Nginx is still hard to argue against.

Why Caddy Feels Modern Faster

What Caddy gets right is not just syntax. It is the order of operations.

On small VMs, especially ones deployed by developers instead of full-time ops teams, the fastest path to a secure default often wins in practice. Caddy feels modern because it treats HTTPS as the baseline, not as a separate hardening task. That changes the emotional shape of deployment. You stop thinking, “I still need to finish TLS,” and start thinking, “The secure edge is already part of the service.”

That matters more than many people admit.

A lot of small-VM projects are not failing because their reverse proxy cannot handle enough traffic. They are failing because the deployment path becomes fragile: certificate renewal gets missed, redirects are inconsistent, the proxy config drifts from the app config, or the operator forgets which piece owns the public edge.

Caddy reduces that risk by compressing more of the secure-by-default path into the server itself.

I would also add that the configuration model helps more than benchmarks usually capture. On smaller teams, readability is a feature. A config you can scan in seconds is easier to maintain than one you have to mentally parse every time you open it.

When the Simpler Config Wins

There is a certain kind of workload where I would choose Caddy first without much debate.

I would choose Caddy first for:

• a single app on one VM
• internal tools exposed to a team over HTTPS
• dashboards and admin panels
• lightweight APIs
• prototypes that need to become production quickly
• client proof-of-concept environments
• small staging stacks where the point is to move cleanly, not to hand-tune everything

In those cases, the simpler config is not just “nice.” It shortens the distance between deploying the app and trusting the deployment.

That is a good trade.

On Raff, this becomes especially practical because small workloads do not have to start on oversized infrastructure. If you are validating an app, a dashboard, or a lightweight service, you can start on a small Linux VM, keep the edge simple, and resize later if the workload grows.

When I Would Still Pick Nginx First

I would still pick Nginx first when the environment already speaks Nginx fluently.

That includes:

• teams with existing Nginx standards and templates
• stacks that already depend on Nginx-centric patterns
• memory-sensitive workloads on the smallest VM sizes
• environments where you want maximum familiarity during debugging
• situations where the reverse proxy layer will become more complex over time

There is also a human factor here that is worth saying out loud: the best reverse proxy is often the one your team can operate confidently at 2 AM.

If the team already knows Nginx deeply, switching to Caddy for elegance alone is not always a net win. Operational confidence is part of performance too.

The Real Decision on a Small VM

The most useful lesson from this comparison is that Caddy and Nginx are not competing only on throughput. They are competing on what kind of work you want the operator to do.

Nginx asks for more explicit control and tends to reward that with lean performance and a mature operational model. Caddy asks for less ceremony and rewards that with faster secure defaults and less TLS-related friction.

On a small cloud VM, that makes the choice feel less philosophical and more economic.

If the machine is tiny and the app is simple, Nginx may buy you more breathing room.

If the team is small and the goal is to get to a clean HTTPS deployment with fewer moving parts, Caddy may buy you something even more valuable: fewer chances to make a routine deployment messy.

What This Means for You

If you are deploying a single modern app and want the fastest path to a secure, readable reverse proxy, I would start with Caddy.

If you are optimizing for the leanest footprint, already know Nginx well, or expect the edge layer to grow more complicated over time, I would start with Nginx.

That is the practical answer. Not “Caddy is the future” and not “Nginx is always better.” Just this: on small cloud VMs, the right choice depends on whether your constraint is machine efficiency or operator attention.

And in real deployments, both constraints are real.

If you want the broader decision framework first, read our Caddy vs Nginx guide. If you already know which direction you want to go, follow the setup path for Caddy on Ubuntu 24.04 or Nginx on Ubuntu 24.04, then add HTTPS with our Let’s Encrypt for Nginx tutorial. If you still do not have the server yet, start with a Raff Linux VM and keep the first deployment as simple as possible.

That is usually where the best decisions get made.