Which reverse proxy do you use/recommend?

Lena@gregtech.eu · edit-2 6 days ago

Which reverse proxy do you use/recommend?

AllHailTheSheep@sh.itjust.works · 6 days ago

Caddy all the way!

mr_jaaay@lemmy.ml · 4 days ago

Seconding Caddy. I’ve been using it for a couple of years now in an LXC and it’s been very easy to setup, edit and run.

Xanza@lemm.ee · 6 days ago

Traefik is a PITA.

Caddy all the way. If you build it with Docker support (or grab the prebuilt), you can use docker container names to reverse proxy using names instead of any IP addresses or ports. It’s nice because if the IP updates, so does caddy. All automatically.

Here’s what my caddyfile looks like;

{
        acme_dns cloudflare {key}
}

domain.dev {
        encode zstd gzip
        root * /var/www/html/domain.dev/
        php_fastcgi unix//run/php/php8.1-fpm.sock
        tls {
                dns cloudflare {key}
        }
}
*.domain.dev {
        encode zstd gzip
        tls {
                dns cloudflare {key}
        }
        @docker host docker.domain.dev
        handle @docker {
                encode zstd gzip
                reverse_proxy {portainer}
        }
        @test host test.domain.dev
        handle @test {
                encode zstd gzip
                reverse_proxy 127.0.0.1:10000
        }
        @images host i.domain.dev
        handle @images {
                encode zstd gzip
                reverse_proxy 127.0.0.1:9002
        }
        @proxy host proxy.domain.dev
        handle @proxy {
                encode zstd gzip
                reverse_proxy proxy
        }
        @portal host portal.domain.dev
        handle @portal {
                encode zstd gzip
                reverse_proxy portal
        }
        @ping host ping.domain.dev
        handle @ping {
                encode zstd gzip
                respond "pong!"
        }
}

DNS hosted by cloudflare but because caddy handles ACME certs, all the subdomains automatically get SSL.

Lena@gregtech.eu · 5 days ago

Actually I found traefik rather easy, I just had to make the proper docker labels and config.

PITA

Unrelated, I’m going to sound like a grammar nazi here, but holy shit there are so many acronmys, how am I supposed to know every one of them without googling? Please just say “traefik is a pain in the ass”. Also please don’t take this as a snarky reply.

Xanza@lemm.ee · 5 days ago

PITA = pain in the ass.

I never said it was hard. Just a real pain in the ass. Like iptables vs UFW. They’re the same thing, but one is easy and a pain in the ass and the other is just easy… So I opt to make my life easier. lol

Kusimulkku@lemm.ee · 6 days ago

Caddy is really simple and easy. Just werks and gives you https

𝕽𝖚𝖆𝖎𝖉𝖍𝖗𝖎𝖌𝖍@midwest.social · 6 days ago

I mean, the basic config file for Caddy is 1 line, and gives you Let’s Encrypt by default. The entire config file for a reverse proxy can be as few as 3 lines:

my.servername.net {
   reverse_proxy 127.0.0.1:1234
}

It’s a single executable, and a single 3-line file. Caddy is an incredible piece of software.

sandwichsaregood@lemmy.world · 5 days ago

I really like Zoraxy. Similar to NPM but it’s its own thing and I like it a lot more

I know how to use raw nginx/Caddy/traefik to do it, but I find the WebUI and all the extra features Zoraxy has to be very convenient and easy to use.

hendrik@palaver.p3x.de · 6 days ago

In my experience, all the 3 big ones work just fine. Caddy, Traefik, Nginx. I use Nginx.

starshipwinepineapple@programming.dev · 6 days ago

I have had the same experience. Have used all three at some point but mostly use nginx for new servers

ikidd@lemmy.world · 6 days ago

Stick with Traefik if you’ve figured it out. It’s much more powerful than NPM in my opinion. If you insist on using NPM, you might want to try NPMPlus, it has more bells and whistles and is more actively maintained.

Lena@gregtech.eu · 6 days ago

Yeah I’ll stick with Traefik, I know how to use it

EpicStuff@lemmy.ca · 5 days ago

I want to just mention frp, I use it to get around firewalls

ohshit604@sh.itjust.works · 6 days ago

I had a poor experience with NPM which turned me to SWAG, it worked, but was a tad slow. Moved to Traefik and haven’t looked back.

mbirth@lemmy.ml · 6 days ago

it seems easier to manage stuff not in docker

Read into Traefik’s dynamic configuration. Adding something outside of Docker is as easy as adding a new config file in the dynamic configuration folder. E.g. jellyfin.yml:

http:

  routers:

    jellyfin:
      rule: Host(`jellyfin.example.org`)
      entrypoints: websecure
      tls:
        certResolver: le
      service: jellyfin

  services:

    jellyfin:
      loadbalancer:
        servers:
          - url: "http://192.168.1.5:8096/"

The moment you save that file it will be active and working in Traefik.

WhyFlip@lemmy.world · 5 days ago

I highly recommend npm. It’s also the only one I’ve used, so please keep that in mind.

boydster@sh.itjust.works · 6 days ago

I’ve been mostly using Nginx Proxy Manager, but I recently set up Bunkerweb as a WAF for a couple of public services I’m hosting and I kind of like it. It does reverse proxy along with a bunch of other things (bad behavior blocking, geographic blocking, SSL cert handling, it does a lot).

Mentioning it because I didn’t see any other mention of it yet.

NPM is easy to use. Caddy sounds like something I’d like to try too now.

CrankyCarrot@lemmy.world · edit-2 6 days ago

I use Traefik at home. The initial setup was more complex than others but now it’s set up it’s by far the easiest to add new routes than any other I’ve tried, just by virtue of being right there in the compose/k8s files I’m already writing. Static routes are manual of course, but so are every other proxy so that’s no different, and they’re not exactly complicated (I see another comment has examples). The config files are the same markup language as your Compose/k8s files so you’re not learning a whole new syntax and having to switch languages mentally as you switch between them.

Caddy is super easy, but the fact that the Docker labels thing was a plugin is a con to me, I’d prefer it being first party. It also isn’t as performant as Traefik, higher CPU usage while also having higher latency.

As far as I’m aware, Nginx and Nginx Proxy Manager support no such thing, you have to manually write those routes every time you create a new service. Personally I think Nginxs config syntax annoying, I’m very comfortable with it now but I much prefer TOML/YAML.

Nginx Proxy Manager is a lot like Portainer. It’s useful for people who don’t want to learn Nginx and/or just want to click a few buttons. But anything complex you’re suddenly going to be thrown into the deep end.

You’ve already set up Traefik, you’ve already done the complex bit. IMO there’s no reason to change, from this point everything else is more complicated.

We use Nginx at work but are currently in the process of switching to Traefik.

Morethanevil@lemmy.fedifriends.social · 6 days ago

I like Zoraxy it has a lot of features, like Zerotier integration, status monitoring etc and a clean UI

Runs fine for my needs and fully replaced NPM for me 😊

You can run it in docker or as a single binary directly

MXX53@programming.dev · 6 days ago

I use traefik. I like it. Took a bit to understand, but it has some cool options like ssl passthrough and middlewares for basic auth.

mbirth@lemmy.ml · 6 days ago

You can even use it to do the SSL part for a local non-SSL IMAP server. And, there’s a CrowdSec middleware as well, that will block blacklisted IPs.

snekerpimp@lemmy.world · 6 days ago

I use the caddy plugin in opnsense. Used nginx proxy manager from Proxmox helper scripts before that, which was relatively easy and helped me understand the whole proxy thing. Moved to caddy on opnsense a few months ago, just because, and have had no good reason to change yet.