I have been self-hosting for a while now with Traefik. It works, but I’d like to give Nginx Proxy Manager a try, it seems easier to manage stuff not in docker.
Edit: btw I’m going to try this out on my RPI, not my hetzner vps, so no risk of breaking anything
You must log in or # to comment.
I’ve been using NPM for a few years now and can’t recommend it enough. I use it to route to both docker containers on an internal proxy network as well at other services within my networks
Nginx installed directly, I use nano over ssh to edit configs. Forces you to learn some things and I never moved passed it because it works so well.
I’ve been using caddyserver for awhile and love it. Config is nicely readable and the defaults are very good.
In my experience, all the 3 big ones work just fine. Caddy, Traefik, Nginx. I use Nginx.
I have had the same experience. Have used all three at some point but mostly use nginx for new servers
I use nginx as the internet facing proxy, write my own config and manage it with source control. Also use traefik in docker land with service labels to configure it
Nginx for my intranet because configuration is fully manual and I have complete control over it.
Caddy for the public services on my vps because it handles cert renewal automatically and most of its configuration is magic which just works.
It is unbelievable how shorter caddy configuration is, but on my intranet:
- I don’t want my reverse proxy to dial on internet to try to fetch new SSL certs. I know it can be disabled, but this is the default.
- I like to learn how stuff works, Nginx forces you to know more details but it is full of good documentation so it is not too painful compared to Caddy.
I switched to caddy just for the certs. I get trusted certs on all my internal subdomains without maintenance.
I use haproxy, nginx and caddy at work including a caddy instance with internal CA. 4 lines in config and its signed by our normal CA, so its trusted by all our devices.
You can easily get automatic renewal for nginx using certbot.
it seems easier to manage stuff not in docker
Read into Traefik’s dynamic configuration. Adding something outside of Docker is as easy as adding a new config file in the dynamic configuration folder. E.g.
jellyfin.yml:http: routers: jellyfin: rule: Host(`jellyfin.example.org`) entrypoints: websecure tls: certResolver: le service: jellyfin services: jellyfin: loadbalancer: servers: - url: "http://192.168.1.5:8096/"The moment you save that file it will be active and working in Traefik.
Caddy is really simple and easy. Just werks and gives you https
I mean, the basic config file for Caddy is 1 line, and gives you Let’s Encrypt by default. The entire config file for a reverse proxy can be as few as 3 lines:
my.servername.net { reverse_proxy 127.0.0.1:1234 }It’s a single executable, and a single 3-line file. Caddy is an incredible piece of software.
Ive got a basic workflow for nginx proxy manager now so this isnt super useful but good god that’s exactly what i wish nginx was.
When I was researching reverse proxies I first stumbled upon nginx and traefik and especially nginx seemed a bit intimidating. As someone who hadn’t done it before I was worried if I’d do it right. Then I found caddy and yeah just used a threeliner like that in config and that was that. Simple and easy to get it right.
I’ve since switched to having my stuff behind wireguard instead of reverse proxy, but I keep caddy around so I can just spin it back up if I want to access Jellyfin on someone’s tv or something.
I use NPM in a docker container. It could not be easier in my opinion but then again, I did not use any of the alternatives so I might be missing out on something, who knows. I did manage a couple of proxy servers in the past based on Apache and I can tell you that NPM is much easier and logical to me than that.
Just create a compose file and start it. Create DNS records pointing to your NPM IP address/exposed IP and make a host in NPM sending traffic to the right container IP:port. The compose file is super simple, could not be easier. Here’s mine for example:
services: nginx-proxy-manager: container_name: nginx-proxy-manager image: 'jc21/nginx-proxy-manager:latest' restart: always ports: - '80:80' - '443:443' volumes: - ./data:/data - ./letsencrypt:/etc/letsencryptI just make sure ports 443 and 80 are exposed on my router so DNS records can point to that IP adrdess. All traffic on port 80 gets re-routed to 443.
I’m probably stating all the obvious things here 😀
I mean yes, that seems obvious now that I’ve learned this.
But I wish I read this comment 3 years ago when I was starting to dive into self hosting. Would have saved me a bunch of time. So always assume some piece of knowledge is not obvious for someone out there and share ᕕ( ᐛ )ᕗ
So always assume some piece of knowledge is not obvious for someone out there and share
You just described a thing of mine I cannot help but do; explain the ever loving crap out of things
I need to be careful with that though as relatives start to complain and push back on me telling things over and over.
Thing is, until I see a full comprehension on the other side on what I try to convey I just keep explaining in variations, keep finding metaphors and keep pestering you until you ‘get it’. Some say it is a virtue, some say it is a hindrance.I have had therapy on this… 😂
I use the caddy plugin in opnsense. Used nginx proxy manager from Proxmox helper scripts before that, which was relatively easy and helped me understand the whole proxy thing. Moved to caddy on opnsense a few months ago, just because, and have had no good reason to change yet.
I recently switched a bunch of nginx configs to the opnsense Caddy plugin. It is easy to configure, but in my opinion it lacks the ability to change settings beyond the basics. It isn’t helpful either that the plugin developer fails to recognize any other use case than the basics. It disqualifies the plugin for everyone with a little bit more complex setups.
I like Zoraxy it has a lot of features, like Zerotier integration, status monitoring etc and a clean UI
Runs fine for my needs and fully replaced NPM for me 😊
You can run it in docker or as a single binary directly
I’ve been mostly using Nginx Proxy Manager, but I recently set up Bunkerweb as a WAF for a couple of public services I’m hosting and I kind of like it. It does reverse proxy along with a bunch of other things (bad behavior blocking, geographic blocking, SSL cert handling, it does a lot).
Mentioning it because I didn’t see any other mention of it yet.
NPM is easy to use. Caddy sounds like something I’d like to try too now.
I’ve been using nginx forever. It works, I can do almost everything I want, even if more complex things sometimes require some contortions. I’m not sure I would pick it again if starting from scratch, but I have no problems that are worth switching for.
I use nginx for static websites and TLS passthrough servers.
I use traefik as a reverse proxy for sites with many services and SSO.
Nginx is definitely easier to configure for simple things. But I prefer traefik for more complex setups.
