Caddy is the only reverse proxy I have ever managed to successfully make use of. I failed miserably with Nginix and Traefik.

Caddy has worked very well for me for several years now. It gets the SSL certificate from my domain name provider and all.

You can even use it to do the SSL part for a local non-SSL IMAP server. And, there’s a CrowdSec middleware as well, that will block blacklisted IPs.

When I was researching reverse proxies I first stumbled upon nginx and traefik and especially nginx seemed a bit intimidating. As someone who hadn't done it before I was worried if I'd do it right. Then I found caddy and yeah just used a threeliner like that in config and that was that. Simple and easy to get it right.

I've since switched to having my stuff behind wireguard instead of reverse proxy, but I keep caddy around so I can just spin it back up if I want to access Jellyfin on someone's tv or something.

I've been mostly using Nginx Proxy Manager, but I recently set up Bunkerweb as a WAF for a couple of public services I'm hosting and I kind of like it. It does reverse proxy along with a bunch of other things (bad behavior blocking, geographic blocking, SSL cert handling, it does a lot).

Mentioning it because I didn't see any other mention of it yet.

NPM is easy to use. Caddy sounds like something I'd like to try too now.

I use nginx for static websites and TLS passthrough servers.

I use traefik as a reverse proxy for sites with many services and SSO.

Nginx is definitely easier to configure for simple things. But I prefer traefik for more complex setups.

So always assume some piece of knowledge is not obvious for someone out there and share

You just described a thing of mine I cannot help but do; explain the ever loving crap out of things
I need to be careful with that though as relatives start to complain and push back on me telling things over and over.
Thing is, until I see a full comprehension on the other side on what I try to convey I just keep explaining in variations, keep finding metaphors and keep pestering you until you 'get it'. Some say it is a virtue, some say it is a hindrance.

I have had therapy on this...

Hahaha, I can totally relate. I think we should think of it as a virtue. Continue the good work

I was thinking about putting it from its dedicated VM to opnsense as well. I just don't know yet what the security implications are and also my firewall hardware isn't too beefy so I have to play around with it for a bit.

I'll throw in another recommendation for Caddy. I've been using it for years and the few problems/feature suggestions I had got implemented by the developers pretty quickly. They're super active on their forums and I haven't yet run into an issue where I couldn't either figure it out myself or with help from their community forums (usually from a dev.) They're very friendly and won't berate you for simple mistakes like other devs.

Stick with Traefik if you've figured it out. It's much more powerful than NPM in my opinion. If you insist on using NPM, you might want to try NPMPlus, it has more bells and whistles and is more actively maintained.

npm/npmplus

Yeah I'll stick with Traefik, I know how to use it

Ive got a basic workflow for nginx proxy manager now so this isnt super useful but good god that's exactly what i wish nginx was.

i use nginx proxy manager but im barely getting by. Theres zero useful documentation for setting up custom paths so everyone uses subdomains. I ended up buying my own domain just so i didnt feel guilty spamming freedns lmao.

You can easily get automatic renewal for nginx using certbot.

Honest noob question. I currently connect to my self hosted server using Twingate. How would this be different? can you give me an Eli5 what a proxy manager would make my setup better?

At that point you might be better off just using Nginx without the gui. SWAG is a nice reverse proxy focused implementation of it.

Caddy. I started with npm but I realized it was hiding enough stuff that I wasn't learning anything about managing networking. Caddy is super easy and has lot of sane defaults.

This the main reason I switched from traefik, I can have certificates on all my internal stuff and not just on my docker host. I personally love NPM but maybe I'll give NPMPlus a try, I have never heard of it.

Nginx from day one.
Well documented, it works.
If something doesn’t work chances are you are a quick googlefu away from the solution.