I have been self-hosting for a while now with Traefik. It works, but I’d like to give Nginx Proxy Manager a try, it seems easier to manage stuff not in docker.

Edit: btw I’m going to try this out on my RPI, not my hetzner vps, so no risk of breaking anything

@Tenkard@lemmy.ml
link
fedilink
English
125d

Caddy. I started with npm but I realized it was hiding enough stuff that I wasn’t learning anything about managing networking. Caddy is super easy and has lot of sane defaults.

@icmpecho@lemmy.ml
link
fedilink
English
15d

same, i’ve been very happy with Caddy, even with lots of subdomains and weird configs it’s been rock solid.

Pax
link
fedilink
English
155d

Nginx from day one. Well documented, it works. If something doesn’t work chances are you are a quick googlefu away from the solution.

@Xanza@lemm.ee
link
fedilink
English
95d

Traefik is a PITA.

Caddy all the way. If you build it with Docker support (or grab the prebuilt), you can use docker container names to reverse proxy using names instead of any IP addresses or ports. It’s nice because if the IP updates, so does caddy. All automatically.

Here’s what my caddyfile looks like;

{
        acme_dns cloudflare {key}
}

domain.dev {
        encode zstd gzip
        root * /var/www/html/domain.dev/
        php_fastcgi unix//run/php/php8.1-fpm.sock
        tls {
                dns cloudflare {key}
        }
}
*.domain.dev {
        encode zstd gzip
        tls {
                dns cloudflare {key}
        }
        @docker host docker.domain.dev
        handle @docker {
                encode zstd gzip
                reverse_proxy {portainer}
        }
        @test host test.domain.dev
        handle @test {
                encode zstd gzip
                reverse_proxy 127.0.0.1:10000
        }
        @images host i.domain.dev
        handle @images {
                encode zstd gzip
                reverse_proxy 127.0.0.1:9002
        }
        @proxy host proxy.domain.dev
        handle @proxy {
                encode zstd gzip
                reverse_proxy proxy
        }
        @portal host portal.domain.dev
        handle @portal {
                encode zstd gzip
                reverse_proxy portal
        }
        @ping host ping.domain.dev
        handle @ping {
                encode zstd gzip
                respond "pong!"
        }
}

DNS hosted by cloudflare but because caddy handles ACME certs, all the subdomains automatically get SSL.

Lena
creator
link
fedilink
English
14d

Actually I found traefik rather easy, I just had to make the proper docker labels and config.

PITA

Unrelated, I’m going to sound like a grammar nazi here, but holy shit there are so many acronmys, how am I supposed to know every one of them without googling? Please just say “traefik is a pain in the ass”. Also please don’t take this as a snarky reply.

@Xanza@lemm.ee
link
fedilink
English
34d

PITA = pain in the ass.

I never said it was hard. Just a real pain in the ass. Like iptables vs UFW. They’re the same thing, but one is easy and a pain in the ass and the other is just easy… So I opt to make my life easier. lol

hendrik
link
fedilink
English
285d

In my experience, all the 3 big ones work just fine. Caddy, Traefik, Nginx. I use Nginx.

I have had the same experience. Have used all three at some point but mostly use nginx for new servers

@mbirth@lemmy.ml
link
fedilink
English
235d

it seems easier to manage stuff not in docker

Read into Traefik’s dynamic configuration. Adding something outside of Docker is as easy as adding a new config file in the dynamic configuration folder. E.g. jellyfin.yml:

http:

  routers:

    jellyfin:
      rule: Host(`jellyfin.example.org`)
      entrypoints: websecure
      tls:
        certResolver: le
      service: jellyfin

  services:

    jellyfin:
      loadbalancer:
        servers:
          - url: "http://192.168.1.5:8096/"

The moment you save that file it will be active and working in Traefik.

@Kusimulkku@lemm.ee
link
fedilink
English
525d

Caddy is really simple and easy. Just werks and gives you https

I mean, the basic config file for Caddy is 1 line, and gives you Let’s Encrypt by default. The entire config file for a reverse proxy can be as few as 3 lines:

my.servername.net {
   reverse_proxy 127.0.0.1:1234
}

It’s a single executable, and a single 3-line file. Caddy is an incredible piece of software.

@merthyr1831@lemmy.ml
link
fedilink
English
45d

Ive got a basic workflow for nginx proxy manager now so this isnt super useful but good god that’s exactly what i wish nginx was.

@Kusimulkku@lemm.ee
link
fedilink
English
25d

When I was researching reverse proxies I first stumbled upon nginx and traefik and especially nginx seemed a bit intimidating. As someone who hadn’t done it before I was worried if I’d do it right. Then I found caddy and yeah just used a threeliner like that in config and that was that. Simple and easy to get it right.

I’ve since switched to having my stuff behind wireguard instead of reverse proxy, but I keep caddy around so I can just spin it back up if I want to access Jellyfin on someone’s tv or something.

🔰Hurling⚜️Durling🔱
link
fedilink
English
1
edit-2
5d

Honest noob question. I currently connect to my self hosted server using Twingate. How would this be different? can you give me an Eli5 what a reverse proxy manager would make my setup better?

@ikidd@lemmy.world
link
fedilink
English
135d

Stick with Traefik if you’ve figured it out. It’s much more powerful than NPM in my opinion. If you insist on using NPM, you might want to try NPMPlus, it has more bells and whistles and is more actively maintained.

Lena
creator
link
fedilink
English
55d

Yeah I’ll stick with Traefik, I know how to use it

Caddy all the way!

@mr_jaaay@lemmy.ml
link
fedilink
English
23d

Seconding Caddy. I’ve been using it for a couple of years now in an LXC and it’s been very easy to setup, edit and run.

reddwarf
link
fedilink
English
75d

I use NPM in a docker container. It could not be easier in my opinion but then again, I did not use any of the alternatives so I might be missing out on something, who knows. I did manage a couple of proxy servers in the past based on Apache and I can tell you that NPM is much easier and logical to me than that.

Just create a compose file and start it. Create DNS records pointing to your NPM IP address/exposed IP and make a host in NPM sending traffic to the right container IP:port. The compose file is super simple, could not be easier. Here’s mine for example:

services:
  nginx-proxy-manager:
    container_name: nginx-proxy-manager
    image: 'jc21/nginx-proxy-manager:latest'
    restart: always
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

I just make sure ports 443 and 80 are exposed on my router so DNS records can point to that IP adrdess. All traffic on port 80 gets re-routed to 443.

I’m probably stating all the obvious things here 😀

Tiritibambix
link
fedilink
English
35d

I mean yes, that seems obvious now that I’ve learned this.

But I wish I read this comment 3 years ago when I was starting to dive into self hosting. Would have saved me a bunch of time. So always assume some piece of knowledge is not obvious for someone out there and share ᕕ( ᐛ )ᕗ

reddwarf
link
fedilink
English
15d

So always assume some piece of knowledge is not obvious for someone out there and share

You just described a thing of mine I cannot help but do; explain the ever loving crap out of things
I need to be careful with that though as relatives start to complain and push back on me telling things over and over.
Thing is, until I see a full comprehension on the other side on what I try to convey I just keep explaining in variations, keep finding metaphors and keep pestering you until you ‘get it’. Some say it is a virtue, some say it is a hindrance.

I have had therapy on this… 😂

Tiritibambix
link
fedilink
English
15d

Hahaha, I can totally relate. I think we should think of it as a virtue. Continue the good work 💪

@lorentz@feddit.it
link
fedilink
English
55d

Nginx for my intranet because configuration is fully manual and I have complete control over it.

Caddy for the public services on my vps because it handles cert renewal automatically and most of its configuration is magic which just works.

It is unbelievable how shorter caddy configuration is, but on my intranet:

  1. I don’t want my reverse proxy to dial on internet to try to fetch new SSL certs. I know it can be disabled, but this is the default.
  2. I like to learn how stuff works, Nginx forces you to know more details but it is full of good documentation so it is not too painful compared to Caddy.
@x00z@lemmy.world
link
fedilink
English
15d

You can easily get automatic renewal for nginx using certbot.

@lorentz@feddit.it
link
fedilink
English
14d

Yes, but it is a different cron job that needs to run, and you need to monitor it for failures. Caddy does everything out of the box, including retries.

@Oisteink@feddit.nl
link
fedilink
English
35d

I switched to caddy just for the certs. I get trusted certs on all my internal subdomains without maintenance.

I use haproxy, nginx and caddy at work including a caddy instance with internal CA. 4 lines in config and its signed by our normal CA, so its trusted by all our devices.

I use nginx for static websites and TLS passthrough servers.

I use traefik as a reverse proxy for sites with many services and SSO.

Nginx is definitely easier to configure for simple things. But I prefer traefik for more complex setups.

I had a poor experience with NPM which turned me to SWAG, it worked, but was a tad slow. Moved to Traefik and haven’t looked back.

@snekerpimp@lemmy.world
link
fedilink
English
25d

I use the caddy plugin in opnsense. Used nginx proxy manager from Proxmox helper scripts before that, which was relatively easy and helped me understand the whole proxy thing. Moved to caddy on opnsense a few months ago, just because, and have had no good reason to change yet.

@tofuwabohu@slrpnk.net
link
fedilink
English
15d

I was thinking about putting it from its dedicated VM to opnsense as well. I just don’t know yet what the security implications are and also my firewall hardware isn’t too beefy so I have to play around with it for a bit.

@EarMaster@lemmy.world
link
fedilink
English
15d

I recently switched a bunch of nginx configs to the opnsense Caddy plugin. It is easy to configure, but in my opinion it lacks the ability to change settings beyond the basics. It isn’t helpful either that the plugin developer fails to recognize any other use case than the basics. It disqualifies the plugin for everyone with a little bit more complex setups.

𝘋𝘪𝘳𝘬
link
fedilink
English
65d

but I’d like to give Nginx Proxy Manager a try, it seems easier to manage stuff not in docker.

NPM is pretty agnostic. If it receives a request for a specific address and port combination it just forwards the traffic to another specific address and port combination. This can be a docker container, but also can be a physical machine or any random URL.

It also has Let’s Encrypt included (but that should be a no-brainer).

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 143 users / day
  • 565 users / week
  • 1.4K users / month
  • 3.89K users / 6 months
  • 1 subscriber
  • 4.17K Posts
  • 86.7K Comments
  • Modlog