I host a ton of services running behind my nginx reverse proxy (basic auth + lets encrypt). On the whole it works really well with nearly everything I throw at it. Lately, there’s been a lot of gradio/websocket/python stuff coming from the AI community like the local llama and stable diffusion stuff. Not sure what’s causing it but there’s always weird issues when I try to reverse proxy them.
Does anyone have some magic settings that “just work” with these weirdo web apps?
I’m pretty sure there might be some arcane scripts for you that would help you. But you should clarify query a bit. What are the weird issues you’re running into? Alternatively, if you’re managing nginx and letsencrypt manually you could try:
- Caddy
- Traefik
- NGINX Proxy Manager
I hear good things about Traefik. Basically all I need is a reverse proxy that will handle re-writing URLs and websockets and slapping some ssl and auth on it. If something is easier for that, I’m all ears.
All three options should cover those requirements. You should take a look at them and decide which suit you best.
I am using caddy and it is really nice. It automatically does lets encrypt, https redirection, reverse proxy headers and there is much less boilerplate and repetition in the config file.
Can’t talk about anything but SD (using various UIs, mostly AUTOMATIC1111’s and other variants of the official) but they “just work” behind traefik. Traefik does the SSL termination and figures out which service (ip + port) to talk to based on its config. By default it does ACME (Let’s Encrypt) for you and handles passing websockets without the special config lines like you need in nginx (though that should be as easy as this). As long as the application is well written (which is not always the case in the ML world, haha) and uses relative URLs for links, most everything should “just work” behind a reverse proxy, or need a config flag or two telling them they can trust the proxied SSL/IP and stuff like that.
+1 for Traefik. I got tired of all of nginx’s quirks. It’s really powerful and I’m sure the combinations of achievable results are infinite with nginx… so for some use cases it makes sense. But seriously… almost every container I’m likely to deploy follows a fairly simple model and traefik to just “works” with everything I’ve tried so far. I have ALL the traefik config in docker compose labels so every single configuration element I need to spin up a container a second time or on a new host is in ONE place.
Not quite sure what your issues are but you do have to make sure websocket proxying is configured if the app uses it https://www.nginx.com/blog/websocket-nginx/
I also switched over to Caddy about a year ago. Got tired of messing around with scripts to make letsencrypt work. Caddy has a lot of good defaults so you don’t have to worry about setting the right headers or any websocket configurations. Its really just as simple as specifying the hostname & the reverse_proxy directive
You should elaborate on the weird issues you’re having. It would also help to know which specific services you want to host and maybe some cleaned up (= generalized, with no personal information or hostname) logs to pin down the various issues.
For most services there seems to be at least a basic apache or nginx config available. From there you can see what you probably have to adapt to your own config.
