I recommend users who link against OpenSSL to enable padding to multiples of at least 1024 bytes if they want to impede traffic analysis. The Nginx devs aren't interested in implementing random record padding or supporting the feature in BoringSSL/LibreSSL, unfortunately.

Can Caddy leverage either form of padding? If so, I might need to give it another look!

And regarding modules: most are written in C and dynamically loaded as shared objects or statically linked during compile-time. A bunch are listed at https://www.nginx.com/resources/wiki/modules/. The ones for live streaming and VODs are the hardest to replace, IMO. IPScrub was my favorite but I haven't used it for a few years.

Personally, I think live streaming and ffmpeg-based encoding are specialized enough to warrant a specialized server (like a custom Nginx build) and are a bit out of scope for a general-purpose user-friendly server like Caddy.

I'm not sure, I'd have to see what the crypto/tls package does.

I would push back against the notion that something like that is "out of scope" for a "general-purpose user-friendly server". Caddy is far from user friendly if you utilize its low-level JSON configuration API, and at its core, Caddy is an extensible server platform. Even its HTTP app is a plugin, and it can be extended to do frankly anything if you want it to. Streaming video is a use case that I know several people use it for already.