Which reverse proxy do you use/recommend?
-
I use NPM in a docker container. It could not be easier in my opinion but then again, I did not use any of the alternatives so I might be missing out on something, who knows. I did manage a couple of proxy servers in the past based on Apache and I can tell you that NPM is much easier and logical to me than that.
Just create a compose file and start it. Create DNS records pointing to your NPM IP address/exposed IP and make a host in NPM sending traffic to the right container IP:port. The compose file is super simple, could not be easier. Here's mine for example:
services: nginx-proxy-manager: container_name: nginx-proxy-manager image: 'jc21/nginx-proxy-manager:latest' restart: always ports: - '80:80' - '443:443' volumes: - ./data:/data - ./letsencrypt:/etc/letsencryptI just make sure ports 443 and 80 are exposed on my router so DNS records can point to that IP adrdess. All traffic on port 80 gets re-routed to 443.
I'm probably stating all the obvious things here
-
it seems easier to manage stuff not in docker
Read into Traefikβs dynamic configuration. Adding something outside of Docker is as easy as adding a new config file in the dynamic configuration folder. E.g.
jellyfin.yml:http: routers: jellyfin: rule: Host(`jellyfin.example.org`) entrypoints: websecure tls: certResolver: le service: jellyfin services: jellyfin: loadbalancer: servers: - url: "http://192.168.1.5:8096/"The moment you save that file it will be active and working in Traefik.
-
I switched to caddy just for the certs. I get trusted certs on all my internal subdomains without maintenance.
I use haproxy, nginx and caddy at work including a caddy instance with internal CA. 4 lines in config and its signed by our normal CA, so its trusted by all our devices.
-
-
I use the caddy plugin in opnsense. Used nginx proxy manager from Proxmox helper scripts before that, which was relatively easy and helped me understand the whole proxy thing. Moved to caddy on opnsense a few months ago, just because, and have had no good reason to change yet.
-
Caddy is really simple and easy. Just werks and gives you https
-
I have had the same experience. Have used all three at some point but mostly use nginx for new servers
-
but Iβd like to give Nginx Proxy Manager a try, it seems easier to manage stuff not in docker.
NPM is pretty agnostic. If it receives a request for a specific address and port combination it just forwards the traffic to another specific address and port combination. This can be a docker container, but also can be a physical machine or any random URL.
It also has Let's Encrypt included (but that should be a no-brainer).
-
I recently switched a bunch of nginx configs to the opnsense Caddy plugin. It is easy to configure, but in my opinion it lacks the ability to change settings beyond the basics. It isn't helpful either that the plugin developer fails to recognize any other use case than the basics. It disqualifies the plugin for everyone with a little bit more complex setups.
-
I use and love nginx.
Maybe a bit more old fashioned than more modern solutions, but steady solid and versatile. I use it as reverse proxy ad well as proxy for php stuff and more.
-
I've been using NPM for a few years now and can't recommend it enough. I use it to route to both docker containers on an internal proxy network as well at other services within my networks
-
I mean, the basic config file for Caddy is 1 line, and gives you Let's Encrypt by default. The entire config file for a reverse proxy can be as few as 3 lines:
my.servername.net { reverse_proxy 127.0.0.1:1234 }It's a single executable, and a single 3-line file. Caddy is an incredible piece of software.
-
I use traefik. I like it. Took a bit to understand, but it has some cool options like ssl passthrough and middlewares for basic auth.
-
I've been using nginx forever. It works, I can do almost everything I want, even if more complex things sometimes require some contortions. I'm not sure I would pick it again if starting from scratch, but I have no problems that are worth switching for.
-
I like Zoraxy it has a lot of features, like Zerotier integration, status monitoring etc and a clean UI
Runs fine for my needs and fully replaced NPM for me
You can run it in docker or as a single binary directly
-
I mean yes, that seems obvious now that I've learned this.
But I wish I read this comment 3 years ago when I was starting to dive into self hosting. Would have saved me a bunch of time. So always assume some piece of knowledge is not obvious for someone out there and share α( α )α
-
I use Traefik at home. The initial setup was more complex than others but now it's set up it's by far the easiest to add new routes than any other I've tried, just by virtue of being right there in the compose/k8s files I'm already writing. Static routes are manual annoyingly, but so are every other proxy so that's no different. The config files are the same markup language as your Compose/k8s files so you're not learning a whole new syntax and having to switch languages mentally as you switch between them.
Caddy is super easy, but the fact that the Docker labels thing was a plugin is a con to me, I'd prefer it being first party. It also isn't as performant as Traefik, higher CPU usage while also having higher latency.
As far as I'm aware, Nginx and Nginx Proxy Manager support no such thing, you have to manually write those routes every time you create a new service.
Nginx Proxy Manager is a lot like Portainer. It's useful for people who don't want to learn Nginx and just want to click a few buttons. But anything complex you're suddenly going to be thrown into the deep end.
You've already set up Traefik, you've already done the complex bit. IMO there's no reason to change, from this point everything else is more complicated.
-
Caddy is the only reverse proxy I have ever managed to successfully make use of. I failed miserably with Nginix and Traefik.
Caddy has worked very well for me for several years now. It gets the SSL certificate from my domain name provider and all.
-
You can even use it to do the SSL part for a local non-SSL IMAP server. And, thereβs a CrowdSec middleware as well, that will block blacklisted IPs.
-
When I was researching reverse proxies I first stumbled upon nginx and traefik and especially nginx seemed a bit intimidating. As someone who hadn't done it before I was worried if I'd do it right. Then I found caddy and yeah just used a threeliner like that in config and that was that. Simple and easy to get it right.
I've since switched to having my stuff behind wireguard instead of reverse proxy, but I keep caddy around so I can just spin it back up if I want to access Jellyfin on someone's tv or something.
