I have been self-hosting for a while now with Traefik. It works, but I’d like to give Nginx Proxy Manager a try, it seems easier to manage stuff not in docker.
Edit: btw I’m going to try this out on my RPI, not my hetzner vps, so no risk of breaking anything
Caddy all the way!
Seconding Caddy. I’ve been using it for a couple of years now in an LXC and it’s been very easy to setup, edit and run.
Caddy is really simple and easy. Just werks and gives you https
I mean, the basic config file for Caddy is 1 line, and gives you Let’s Encrypt by default. The entire config file for a reverse proxy can be as few as 3 lines:
my.servername.net { reverse_proxy 127.0.0.1:1234 }It’s a single executable, and a single 3-line file. Caddy is an incredible piece of software.
Ive got a basic workflow for nginx proxy manager now so this isnt super useful but good god that’s exactly what i wish nginx was.
When I was researching reverse proxies I first stumbled upon nginx and traefik and especially nginx seemed a bit intimidating. As someone who hadn’t done it before I was worried if I’d do it right. Then I found caddy and yeah just used a threeliner like that in config and that was that. Simple and easy to get it right.
I’ve since switched to having my stuff behind wireguard instead of reverse proxy, but I keep caddy around so I can just spin it back up if I want to access Jellyfin on someone’s tv or something.
Honest noob question. I currently connect to my self hosted server using Twingate. How would this be different? can you give me an Eli5 what a reverse proxy manager would make my setup better?
In my experience, all the 3 big ones work just fine. Caddy, Traefik, Nginx. I use Nginx.
I have had the same experience. Have used all three at some point but mostly use nginx for new servers
Nginx from day one. Well documented, it works. If something doesn’t work chances are you are a quick googlefu away from the solution.
Traefik is a PITA.
Caddy all the way. If you build it with Docker support (or grab the prebuilt), you can use docker container names to reverse proxy using names instead of any IP addresses or ports. It’s nice because if the IP updates, so does caddy. All automatically.
Here’s what my caddyfile looks like;
{ acme_dns cloudflare {key} } domain.dev { encode zstd gzip root * /var/www/html/domain.dev/ php_fastcgi unix//run/php/php8.1-fpm.sock tls { dns cloudflare {key} } } *.domain.dev { encode zstd gzip tls { dns cloudflare {key} } @docker host docker.domain.dev handle @docker { encode zstd gzip reverse_proxy {portainer} } @test host test.domain.dev handle @test { encode zstd gzip reverse_proxy 127.0.0.1:10000 } @images host i.domain.dev handle @images { encode zstd gzip reverse_proxy 127.0.0.1:9002 } @proxy host proxy.domain.dev handle @proxy { encode zstd gzip reverse_proxy proxy } @portal host portal.domain.dev handle @portal { encode zstd gzip reverse_proxy portal } @ping host ping.domain.dev handle @ping { encode zstd gzip respond "pong!" } }DNS hosted by cloudflare but because caddy handles ACME certs, all the subdomains automatically get SSL.
Actually I found traefik rather easy, I just had to make the proper docker labels and config.
PITA
Unrelated, I’m going to sound like a grammar nazi here, but holy shit there are so many acronmys, how am I supposed to know every one of them without googling? Please just say “traefik is a pain in the ass”. Also please don’t take this as a snarky reply.
PITA = pain in the ass.
I never said it was hard. Just a real pain in the ass. Like iptables vs UFW. They’re the same thing, but one is easy and a pain in the ass and the other is just easy… So I opt to make my life easier. lol
it seems easier to manage stuff not in docker
Read into Traefik’s dynamic configuration. Adding something outside of Docker is as easy as adding a new config file in the dynamic configuration folder. E.g.
jellyfin.yml:http: routers: jellyfin: rule: Host(`jellyfin.example.org`) entrypoints: websecure tls: certResolver: le service: jellyfin services: jellyfin: loadbalancer: servers: - url: "http://192.168.1.5:8096/"The moment you save that file it will be active and working in Traefik.
Caddy. I started with npm but I realized it was hiding enough stuff that I wasn’t learning anything about managing networking. Caddy is super easy and has lot of sane defaults.
same, i’ve been very happy with Caddy, even with lots of subdomains and weird configs it’s been rock solid.
Yeah I’ll stick with Traefik, I know how to use it
I’ve been using caddyserver for awhile and love it. Config is nicely readable and the defaults are very good.
I’ll throw in another recommendation for Caddy. I’ve been using it for years and the few problems/feature suggestions I had got implemented by the developers pretty quickly. They’re super active on their forums and I haven’t yet run into an issue where I couldn’t either figure it out myself or with help from their community forums (usually from a dev.) They’re very friendly and won’t berate you for simple mistakes like other devs.
i use nginx proxy manager but im barely getting by. Theres zero useful documentation for setting up custom paths so everyone uses subdomains. I ended up buying my own domain just so i didnt feel guilty spamming freedns lmao.
At that point you might be better off just using Nginx without the gui. SWAG is a nice reverse proxy focused implementation of it.
I spent far too much on my domain (£3.86 for the year) to change course now!
You having a domain or not has no bearing on which of these you use lol
my laziness does though! ill keep that service in mind though :)
Caddy is the only reverse proxy I have ever managed to successfully make use of. I failed miserably with Nginix and Traefik.
Caddy has worked very well for me for several years now. It gets the SSL certificate from my domain name provider and all.
I highly recommend npm. It’s also the only one I’ve used, so please keep that in mind.
I really like Zoraxy. Similar to NPM but it’s its own thing and I like it a lot more
I know how to use raw nginx/Caddy/traefik to do it, but I find the WebUI and all the extra features Zoraxy has to be very convenient and easy to use.
I am using nginx on a separate machine (VM) I have yet to try it in docker, I just have not found a reason to change it yet.
I’ve tried npm, caddy and traefik but they are always way more complicated then adding a new config file in nginx…
I feel the others add too much to the docker configs and limit what can be added to the reverse proxy. I have control of access from the nginx server, without having to change the apps configuration.
NPM is the closest to what I would like (only needing the same network in docker) if I go the docker way but for some reason it never works as it should when I configure it. So I am sticking to plain nginx.
