Which reverse proxy do you use/recommend?

merthyr1831@lemmy.ml

i use nginx proxy manager but im barely getting by. Theres zero useful documentation for setting up custom paths so everyone uses subdomains. I ended up buying my own domain just so i didnt feel guilty spamming freedns lmao.

x00z@lemmy.world

You can easily get automatic renewal for nginx using certbot.

hurlingdurling@lemmy.world

Honest noob question. I currently connect to my self hosted server using Twingate. How would this be different? can you give me an Eli5 what a proxy manager would make my setup better?

encryptkeeper@lemmy.world

At that point you might be better off just using Nginx without the gui. SWAG is a nice reverse proxy focused implementation of it.

tenkard@lemmy.ml

Caddy. I started with npm but I realized it was hiding enough stuff that I wasn't learning anything about managing networking. Caddy is super easy and has lot of sane defaults.

tinkerer@lemmy.ca

This the main reason I switched from traefik, I can have certificates on all my internal stuff and not just on my docker host. I personally love NPM but maybe I'll give NPMPlus a try, I have never heard of it.

pax0707@lemmy.world

Nginx from day one.
Well documented, it works.
If something doesn’t work chances are you are a quick googlefu away from the solution.

merthyr1831@lemmy.ml

I spent far too much on my domain (£3.86 for the year) to change course now!

korthrun@lemmy.sdf.org

For a while now I've been using either haproxy or nginx depending on my needs. I've hit instances with both where the functionality I want is in the paid version.

krill@feddit.uk

Ok, stupid question from a stupid person: if I have a phone connected to a local WiFi network, and I type in the URL of a subdomain which points make to that same network ie a hosted service on a home server, what route does the data take from the service back to my phone?

encryptkeeper@lemmy.world

You having a domain or not has no bearing on which of these you use lol

kratoz29@lemm.ee

I use Synology integrated reverse proxy, stupidly simple and always works for me (only if IPv6 doesn't fuck up itself, I can't fallback to IPv4 because that is CGNATED), if I am missing features that other options have I would like to know

merthyr1831@lemmy.ml

my laziness does though! ill keep that service in mind though

lka1988@sh.itjust.works

I like NPM, it's simple, but also allows for more complex configs as well if needed. I run it in its own LXC because I have other non-dockerized things that are exposed.

shadowfax13@lemmy.ml

having tried many in past, i always go back to haproxy. it has everything required as proxy and load balancer while also being very efficient.

australiansimon@lemmy.world

I've looked at it but never actually given the Synology proxy a go despite using their DNS server. Does it do auto certificate renewal?

Have you considered using a Cloudflare tunnel to bypass the CGNAT? You can do that into a proxy or straight into the service.

icmpecho@lemmy.ml

same, i've been very happy with Caddy, even with lots of subdomains and weird configs it's been rock solid.

pulsewidth@lemmy.world

Simple question but can be a complex answer. Basically it depends where your phone gets DNS from: if it's using the ISP DNS (or some other public DNS server) it will resolve the public internet IP of your server and the data will route out to the ISP WAN before being routed back in.

On the other hand you can configure a split DNS system, so say you are using your modem/gateway as your DNS server and it forwards DNS queries up to your ISP (or other) DNS server - a common setup, 1. you can add in a static host entry for your local server. Eg 'yourservice.yourserverdomain.com = 192.168.1.20 (your server's LAN IP)'

Now when your phone is on the WiFi and it looks up your server's address it gets the local IP and routes locally, which will be faster.

If you need more info, search for terms like 'reverse proxy split DNS best practice'.

xanza@lemm.ee

Traefik is a PITA.

Caddy all the way. If you build it with Docker support (or grab the prebuilt), you can use docker container names to reverse proxy using names instead of any IP addresses or ports. It's nice because if the IP updates, so does caddy. All automatically.

Here's what my caddyfile looks like;

{
        acme_dns cloudflare {key}
}

domain.dev {
        encode zstd gzip
        root * /var/www/html/domain.dev/
        php_fastcgi unix//run/php/php8.1-fpm.sock
        tls {
                dns cloudflare {key}
        }
}
*.domain.dev {
        encode zstd gzip
        tls {
                dns cloudflare {key}
        }
        @docker host docker.domain.dev
        handle @docker {
                encode zstd gzip
                reverse_proxy {portainer}
        }
        @test host test.domain.dev
        handle @test {
                encode zstd gzip
                reverse_proxy 127.0.0.1:10000
        }
        @images host i.domain.dev
        handle @images {
                encode zstd gzip
                reverse_proxy 127.0.0.1:9002
        }
        @proxy host proxy.domain.dev
        handle @proxy {
                encode zstd gzip
                reverse_proxy proxy
        }
        @portal host portal.domain.dev
        handle @portal {
                encode zstd gzip
                reverse_proxy portal
        }
        @ping host ping.domain.dev
        handle @ping {
                encode zstd gzip
                respond "pong!"
        }
}

DNS hosted by cloudflare but because caddy handles ACME certs, all the subdomains automatically get SSL.

allhailthesheep@sh.itjust.works

Caddy all the way!