Currently, I use dockerproxy + swag and Cloudflare for externally-facing services. I really like that I don’t have to open any ports on my router for this to work, and I don’t need to create any routes for new services. When a new service is started, I simply include a label to call swag and the subdomain & TLS cert are registered with Cloudflare. About the only complaint I have is Cloudflare’s 100MG upload limit, but I can easily work around that, and it’s not a limit I see myself hitting too often.

What’s not clear to me is what I’m missing by not using Traefik or Caddy. Currently, the only thing I don’t have in my setup is central authentication. I’m leaning towards Authentik for that, and I might look at putting it on a VPS, but that’s the only thing I have planned. Other than that, almost everything’s running on a single Beelink S12. If I had to, I could probably stand up a failover pretty quickly, though.

  • @[email protected]
    link
    fedilink
    English
    115 days ago

    Do you have a guide on how to do his? I couldn’t get the middleware to work to actually bounce connections

    • @[email protected]
      link
      fedilink
      English
      3
      edit-2
      14 days ago

      You have to actually add the middleware into the (default) chain for your https entrypoint (I think in most tutorials it’s called websecure) - in my static conf I have this:

      entryPoints:
        https:                                                           
          address: :443                                                  
          http:                                                          
            middlewares:                                                 
              - crowdsec-bouncer@file                                    
              - secure-headers@file 
      

      And in my dynamic conf I have this:

      http:
        middlewares:
          crowdsec-bouncer:
            plugin:
              crowdsec-bouncer-traefik-plugin:
                CrowdsecLapiKey: "### Enter your LAPI Key here ###"
                Enabled: true