I have been self-hosting for a while now with Traefik. It works, but I’d like to give Nginx Proxy Manager a try, it seems easier to manage stuff not in docker.
Edit: btw I’m going to try this out on my RPI, not my hetzner vps, so no risk of breaking anything
You must log in or # to comment.
Caddy is really simple and easy. Just werks and gives you https
I mean, the basic config file for Caddy is 1 line, and gives you Let’s Encrypt by default. The entire config file for a reverse proxy can be as few as 3 lines:
my.servername.net { reverse_proxy 127.0.0.1:1234 }It’s a single executable, and a single 3-line file. Caddy is an incredible piece of software.
When I was researching reverse proxies I first stumbled upon nginx and traefik and especially nginx seemed a bit intimidating. As someone who hadn’t done it before I was worried if I’d do it right. Then I found caddy and yeah just used a threeliner like that in config and that was that. Simple and easy to get it right.
I’ve since switched to having my stuff behind wireguard instead of reverse proxy, but I keep caddy around so I can just spin it back up if I want to access Jellyfin on someone’s tv or something.
Ive got a basic workflow for nginx proxy manager now so this isnt super useful but good god that’s exactly what i wish nginx was.
Caddy. I started with npm but I realized it was hiding enough stuff that I wasn’t learning anything about managing networking. Caddy is super easy and has lot of sane defaults.
Caddy all the way!
Seconding Caddy. I’ve been using it for a couple of years now in an LXC and it’s been very easy to setup, edit and run.
I’ve been using nginx forever. It works, I can do almost everything I want, even if more complex things sometimes require some contortions. I’m not sure I would pick it again if starting from scratch, but I have no problems that are worth switching for.
Traefik is a PITA.
Caddy all the way. If you build it with Docker support (or grab the prebuilt), you can use docker container names to reverse proxy using names instead of any IP addresses or ports. It’s nice because if the IP updates, so does caddy. All automatically.
Here’s what my caddyfile looks like;
{ acme_dns cloudflare {key} } domain.dev { encode zstd gzip root * /var/www/html/domain.dev/ php_fastcgi unix//run/php/php8.1-fpm.sock tls { dns cloudflare {key} } } *.domain.dev { encode zstd gzip tls { dns cloudflare {key} } @docker host docker.domain.dev handle @docker { encode zstd gzip reverse_proxy {portainer} } @test host test.domain.dev handle @test { encode zstd gzip reverse_proxy 127.0.0.1:10000 } @images host i.domain.dev handle @images { encode zstd gzip reverse_proxy 127.0.0.1:9002 } @proxy host proxy.domain.dev handle @proxy { encode zstd gzip reverse_proxy proxy } @portal host portal.domain.dev handle @portal { encode zstd gzip reverse_proxy portal } @ping host ping.domain.dev handle @ping { encode zstd gzip respond "pong!" } }DNS hosted by cloudflare but because caddy handles ACME certs, all the subdomains automatically get SSL.
Actually I found traefik rather easy, I just had to make the proper docker labels and config.
PITA
Unrelated, I’m going to sound like a grammar nazi here, but holy shit there are so many acronmys, how am I supposed to know every one of them without googling? Please just say “traefik is a pain in the ass”. Also please don’t take this as a snarky reply.
If you’re just going to VPN in to your home network, I’ve found caddy to be the simplest.
Nginx from day one. Well documented, it works. If something doesn’t work chances are you are a quick googlefu away from the solution.
I use NPM in a docker container. It could not be easier in my opinion but then again, I did not use any of the alternatives so I might be missing out on something, who knows. I did manage a couple of proxy servers in the past based on Apache and I can tell you that NPM is much easier and logical to me than that.
Just create a compose file and start it. Create DNS records pointing to your NPM IP address/exposed IP and make a host in NPM sending traffic to the right container IP:port. The compose file is super simple, could not be easier. Here’s mine for example:
services: nginx-proxy-manager: container_name: nginx-proxy-manager image: 'jc21/nginx-proxy-manager:latest' restart: always ports: - '80:80' - '443:443' volumes: - ./data:/data - ./letsencrypt:/etc/letsencryptI just make sure ports 443 and 80 are exposed on my router so DNS records can point to that IP adrdess. All traffic on port 80 gets re-routed to 443.
I’m probably stating all the obvious things here 😀
I mean yes, that seems obvious now that I’ve learned this.
But I wish I read this comment 3 years ago when I was starting to dive into self hosting. Would have saved me a bunch of time. So always assume some piece of knowledge is not obvious for someone out there and share ᕕ( ᐛ )ᕗ
So always assume some piece of knowledge is not obvious for someone out there and share
You just described a thing of mine I cannot help but do; explain the ever loving crap out of things
I need to be careful with that though as relatives start to complain and push back on me telling things over and over.
Thing is, until I see a full comprehension on the other side on what I try to convey I just keep explaining in variations, keep finding metaphors and keep pestering you until you ‘get it’. Some say it is a virtue, some say it is a hindrance.I have had therapy on this… 😂
i use nginx proxy manager but im barely getting by. Theres zero useful documentation for setting up custom paths so everyone uses subdomains. I ended up buying my own domain just so i didnt feel guilty spamming freedns lmao.
At that point you might be better off just using Nginx without the gui. SWAG is a nice reverse proxy focused implementation of it.
I spent far too much on my domain (£3.86 for the year) to change course now!
You having a domain or not has no bearing on which of these you use lol
