ultraHQTraefik, Caddy, Nginx, etc. what is your reverse proxy of choice, and why?
Antik 👾For me it's https://nginxproxymanager.com/ it's just so easy to setup and use.
I used Traefik on my Docker stack and it's pretty neat, though it took some time for me to get my head around how to configure it correctly.
I second NPM. As you mentioned it’s been very easy to use, but I also haven’t been trying to do anything complicated.
I’ve never used load balancing so perhaps Caddy or Traefik is easier to use than NPM in that regard, but I wouldn’t know.
Yes NPM is for basic reverse proxying, so one URL to one server. If you wanted to scale and load balance across multiple servers you'd need regular nginx with a text config file since you literally can't configure a second or third server.
And I'd still find that easier than Traefik, but maybe that's just because I've been using Apache2 and nginx for like a decade at this point so it's what I know.
D4NM3DI've been using NPM for years.. but since 2.10.3 broke SSL certificates and there's been literally no interest from JC21 to fix the problem (there's a PR ready to go) i've been forced to look elsewhere and have settled on caddy for now..
To be fair, the pull request was last week. It's inconvenient but life/work balance.
Agreed but it's more the worry that it's been broken for over 3 weeks and the dev(s) seems to have no interest in resolving it... to me that is a bad sign of things to come and projects being abandoned.
If i'm incorrect and the devs have been vocal about the issue then please correct me and point me to where i should be looking.
I not challenging you, so please don't take of fence here but is the issue sincerely a 'lack of interest' or is it just that NPM is FOSS and the maintainer is bogged down with life? You could fork it and fix it.
It's a very good question and of course.. i could fork it and fix it using the PR.. but then that would be it.. I'm not experienced enough to even achieve that to be honest..
My issue I guess is not so much with the fact that there is a problem... it's with the fact that i can't afford for my homelab to be down because it's never fixed or takes time to fix... i appreciate all of this is free.. i think i may of even donated at some point because i was so thankful it existed.. but now it's such an integral part of my and my families life that i cannot have something in my stack that isn't going to be fixed rapidly.
JC21 created an amazing product and if it's fixed or V3 ever appears i'll 100% check it out.. but for now whilst it's not as pretty.. i have to fall back to caddy.
I second that. Amazing easy to use, configure, supports (LetsEncrypt) certificates via DNS-01 challenge and integrates with ease with most DNS providers.
Paired with authentication providers (keycloak, authelia, authentik), the "advanced" textbox lets you do forward proxying really easy, or customize your "basic proxy".
I'm not sure how many of these features are present in Traefik, it would be really nice if any of you know if any of these are easily supported in it:
- Forward proxying
- Custom rewrites (nginx
internal;rewrites) - Unattended DNS-01 support with ACME (LetsEncrypt)
I used NPM for a very long time, but after I switched to podman, DNS name resolution for containers stopped working in NPM, they work fine in every other container. Switched to caddy and it's okay, it only supports HTTP transports so I can't use it as a gateway for my DoH/DoT server, but that's not a huge deal. Once NPM works properly on podman I may switch back
poVoqNginx, because it works well and most open-source projects provide good examples for it when setting up things.
Same for me. You need the read into the documentation a bit, but once you understand how it works its fairly easy.
nachtigallI've been a long proponent of nginx but I am currently in the process of migrating to Caddy because of the better presets.
Drew Got No ClueOT: I love that Siri profile picture; it didn’t occur to me that you could use an animated one!
Ha ha, thanks :D I only recently learned that too. The images are delivered in webp format, which supports animation.
For me it’s traefik. It’s took me a while to get it working, but it’s actually really easy now.
Setting up container access with labels is very convenient!
When Nginx (and I pushed it hard on others to use) to NPM to Traefik to Caddy. Caddy is just simple, easy setup for Certs, and integrates easily with Authelia.
damncaddy for not having to think about TLS
I've switched from NginxProxyManager to Caddy as i don't like the fact that 2.10.3 has just broken the certificate side of things...
The thing i really miss is having a GUI to handle things but having cockpit on the same system makes a (poor) suitable replacement.
pitbusterCaddy, the configs are usually pretty simple to get you started (specially the for free https in the standard setup).
Caddy, slapping essentially 2 lines into a config file and my reverse proxy is ready for my local network and websites? Can’t really beat that
Caddy for general reverse proxy stuff, works like magic and makes certs, routing, etc just work.
I also have a lot of my stuff subsequently reverse proxied behind Authentik for anything that shouldn't be exposed to the public internet
I love that about Caddy as well, it just works!
Do you know of any tool that can help me look at overall traffic that goes through it?
Right now I am using Mullvad through gluetun to essentially route traffic to my services without opening ports on my router and I am just curious what sort of traffic is hitting my server seeing how (I hope) isolated my address seems to be (servicename.mydomain.tld:)
I will soon migrate this reverse proxy setup to a VPS since Mullvad will be sunsetting their port forwarding feature soon but I am still in need of a tool that can show me what sort of traffic goes through Caddy. Something like countries, IPs and services that they are trying to access as well as the request types.
Do you know of any tool that can help me look at overall traffic that goes through it?
I haven't looked in detail at the Monitoring Caddy documentation page and haven't used this myself, but apparently it can be configured to emit a bunch of metrics in Prometheus format.
I use NGiNX and have ever since I started. It just works and is easy to configure.
Same. I know it's more work than caddy etc, but I've been doing it for eons now so it's muscle memory at this point.
toketinSwag container of linuxserver, it's a nginx reverse proxy
Admin-MikeI used to use Traefik but switched to Caddy. I like how easy it is to configure a new reverse proxy for one of my containers. Literally 3 new lines in my Caddyfile, restart the caddy container and away it goes getting certificates etc.
I'm not a Caddy expert (nor a Traefik one) but with Traefik I didn't even have to add any line to its config. I just use a template docker-compose and set the domain and the port.
Yeah from memory (was a while ago), Traefik hooks into the docker socket to auto-discover containers that have a specific label? Might not be remembering that correctly.
I use Caddy, but recently realising it's not good enough. Dealing with any traffic that's not HTTP/s puts you in a pickle.
Traefik as the ingress for my container hosts, and nginx as an additional layer for public facing stuff.
The nginx layer functions as an additional layer to set up access policies.
Let's see. At work it's a mix between apache (I'm slowly replacing with nginx as services are migrated) and aws's alb ingress controller (while I'm not a fan, it lets me use acm certs).
At home it's all nginx.
cwagnerCaddy. I started with Nginx on my VPS. Then I heard about this new tool caddy. Sounded fun, but whatever. Then I switched VPS (and also Debian to Arch), decided to try caddy and loved the simplicity of it. All the configs are clear and make sense, far more than with Nginx. Super easy SSL is a nice bonus.
Nowadays I have a home server, and user Caddy there as well.
NeilI'm so used to Nginx I have trouble caring enough to learn anything else. If I were to eventually learn another, Caddy looks like the most attractive option, but I'm super open to hearing from people who have used both Traefik and Caddy.
I made the switch from NGINX to Caddy. For me, configuring Caddy is much more simple than configuring NGINX. Also Caddy automatically obtains and renews SSL certificates.
So, Caddy's simplicity is what won me over. I don't care about speed since I'm the only user of my self-hosted services.
Nginx for the old stuff that i configured years ago, caddy for new installs. I hate migrations...
ngoomienginx because I like how flexible it is, and I'd started using it as a webserver for normal file serving + PHP site hosting with php-fpm a good time ago anyways.
I'd tried Caddy once but the "quirky" flair included even in things like documentation was far too grating for me, plus I honestly just, don't really like using JSON.
Like some others have said, I use NGINX due to it's flexibility and ease of configuration. I want to be able to tweak performance and security settings to be exactly how I want them, and NGINX let's me do that.
I've been using caddy for a while. I've been really happy with it, it is very small learning curve especially for someone brand new to reverse proxies. Config file syntax is very simple.
However I've been thinking of moving to nginx. After I learned about OpenResty and the possibility to script nginx with Lua, nginx is very tempting. Sadly caddy has nothing similar.