Why is everyone using Tailscale? Edit: I meant Traefik
-
Title. I looked at how to configure anything and found Caddy to be much easier to use. Aside from a lot of docker images integrating with it, why is everyone using it?
Edit: I meant Traefik -
Title. I looked at how to configure anything and found Caddy to be much easier to use. Aside from a lot of docker images integrating with it, why is everyone using it?
Edit: I meant TraefikA reverse proxy like Caddy or Nginx is like a bouncer for your web services. It sits out front, deciding who gets in and where they're allowed to go. It's great for stuff you want to expose to the internet – like a website or web app – because it hides your actual servers, can handle HTTPS for you, and lets you set up some basic access rules.
A VPN is more like a secret underground tunnel between you and your server. Everything that goes through it is locked down to only members of the VPN. This is what you want when you're dealing with private stuff you don't want exposed to the open internet, like your home lab dashboard or some internal tools. The beauty of a VPN is that it works for everything--not just web traffic. SSH, file transfers, databases. All of it gets the same protection.
-
A reverse proxy like Caddy or Nginx is like a bouncer for your web services. It sits out front, deciding who gets in and where they're allowed to go. It's great for stuff you want to expose to the internet – like a website or web app – because it hides your actual servers, can handle HTTPS for you, and lets you set up some basic access rules.
A VPN is more like a secret underground tunnel between you and your server. Everything that goes through it is locked down to only members of the VPN. This is what you want when you're dealing with private stuff you don't want exposed to the open internet, like your home lab dashboard or some internal tools. The beauty of a VPN is that it works for everything--not just web traffic. SSH, file transfers, databases. All of it gets the same protection.
works for everything–not just web traffic. SSH, file transfers, databases.
Yup. I use it for sftp, ssh. I've never used in relation to a database. Is that for remote db? I am working on routeing mail through tailscale to a relay, since my host, for whatever reason, blocks mail ports and charges to have them turned on. I just wanted alert emails from a couple apps.
-
Title. I looked at how to configure anything and found Caddy to be much easier to use. Aside from a lot of docker images integrating with it, why is everyone using it?
Edit: I meant TraefikI prefer nginx to Caddy myself for reverse proxies. As far as VPN technologies go, Tailscale and WireGuard are where it’s at.
Not sure why we’re comparing Caddy to Tailscale though.
-
works for everything–not just web traffic. SSH, file transfers, databases.
Yup. I use it for sftp, ssh. I've never used in relation to a database. Is that for remote db? I am working on routeing mail through tailscale to a relay, since my host, for whatever reason, blocks mail ports and charges to have them turned on. I just wanted alert emails from a couple apps.
I am working on routeing mail through tailscale to a relay, since my host, for whatever reason, blocks mail ports and charges to have them turned on.
Should work fine. Your provider can't stop you from opening ports unless its a shared environment and you don't have permission/the port is already in use. Generally what they do is just block connections via a router/firewall. So if you use a VPN you're sidestepping that issue. With the VPN in place, and the server online and running you should be able to connect via
{VPN_IP}:995, etc. -
Title. I looked at how to configure anything and found Caddy to be much easier to use. Aside from a lot of docker images integrating with it, why is everyone using it?
Edit: I meant Traefikwrote on last edited by [email protected]I use both, since they do different stuff. I actually remote into my servers with wireguard, but I like to install tailscale as well as a backup. Since each device gets a unique tailnet ip, I can usually still connect even if I've fucked up some network config that breaks wireguard. ((If this is a security risk, someone let me know because I have no clue what I'm doing tbh.))
Plus tailscale lets you easily see what devices are connected to the internet at a given time.
-
I prefer nginx to Caddy myself for reverse proxies. As far as VPN technologies go, Tailscale and WireGuard are where it’s at.
Not sure why we’re comparing Caddy to Tailscale though.
I meant Traefik, sorry.
Also, why Nginx over Caddy? How does a minimal reverese proxy setup look like with Nginx?
-
I meant Traefik, sorry.
Also, why Nginx over Caddy? How does a minimal reverese proxy setup look like with Nginx?
It’s mostly about performance. Caddy’s Go-based garbage collector starts to negatively impact performance at high load. It looks something like:
server { listen 443 ssl http2; server_name example.com; ssl_certificate /etc/nginx/ssl/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/privkey.pem; location / { proxy_pass http://localhost:3000/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } -
It’s mostly about performance. Caddy’s Go-based garbage collector starts to negatively impact performance at high load. It looks something like:
server { listen 443 ssl http2; server_name example.com; ssl_certificate /etc/nginx/ssl/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/privkey.pem; location / { proxy_pass http://localhost:3000/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }How do you know which headers to set? I couldn't find any documentation when I last tried (but that was some years ago now).
-
How do you know which headers to set? I couldn't find any documentation when I last tried (but that was some years ago now).
It can be specific to the web application but generally speaking you’d want to pass the protocol, client IP address, etc.
