I have been self-hosting for a while now with Traefik. It works, but I’d like to give Nginx Proxy Manager a try, it seems easier to manage stuff not in docker.
Edit: btw I’m going to try this out on my RPI, not my hetzner vps, so no risk of breaking anything
You must log in or register to comment.
Nginx installed directly, I use nano over ssh to edit configs. Forces you to learn some things and I never moved passed it because it works so well.
Caddy is the only reverse proxy I have ever managed to successfully make use of. I failed miserably with Nginix and Traefik.
Caddy has worked very well for me for several years now. It gets the SSL certificate from my domain name provider and all.
I’ve been using nginx forever. It works, I can do almost everything I want, even if more complex things sometimes require some contortions. I’m not sure I would pick it again if starting from scratch, but I have no problems that are worth switching for.
I want to just mention frp, I use it to get around firewalls
If you’re just going to VPN in to your home network, I’ve found caddy to be the simplest.
I tried using PiVPN to route my phone’s Internet access through my home network, but it kept breaking and I found I don’t have a head for networks.
Would caddy be able to do that in an easier to maintain way?
Set up wireguard in a docker container and then forward the port to wireguard, the default container on docker hub is fairly straightforward and you can always ask me for help if you need :).
However, If you are using ipv4, you need to make sure that you’re not behind a CG-NAT (If you think you might be, call your ISP and tell them you have security cameras that need to get out or something like that).
You could also try tailscale which is built using wireguard with nat-busting features and a bit easier to configure (I dont personally use it as wireguard is sufficient for me).
After that Caddy + DNSMasq will simply allow you to map different URLs to IP addresses
dnsmasq- will let you map, E.g.
my_computer->192.168.1.64
- will let you map, E.g.
- Caddy (Or nginx, but caddy is simpler)
- will let you map to ports so e.g.:
- with DNS (DNSMasq as above)
http://dokuwiki.my_computer->http://my_computer:8080
- Without DNS
http://dokuwiki.192.168.1.64->http://192.168.1.64:8080/
- with DNS (DNSMasq as above)
- will let you map to ports so e.g.:
Caddy and DNSmasq are superfluous, if you’ve got a good memory or bookmarks, you don’t really need them.
VPN back into home is a lot more important. You definitely do not want to be forwarding ports to services you are running, because if you don’t know what you’re doing this could pose a network security risk.
Use the VPN as the entry point, as it’s secure. I also recommend running the VPN in a docker / podman container on an old laptop dedicated just to that, simply to keep it as isolated as you can.
Down the line you could also look into VLan If your router supports that.
I personally would not bother with SSL If you’re just going to be providing access to trusted users who already have access to your home network.
If you are looking to host things, just pay for a digital droplet for $7 a month, It’s much simpler, You still get to configure everything but you don’t expose your network to a security risk.
Thank you, that looks like a good set of hooks for me to get into at a weekend, child allowing.
I very much appreciate the guide. I’ll let you know when I’ve had a fiddle.
I use nginx as the internet facing proxy, write my own config and manage it with source control. Also use traefik in docker land with service labels to configure it
but I’d like to give Nginx Proxy Manager a try, it seems easier to manage stuff not in docker.
NPM is pretty agnostic. If it receives a request for a specific address and port combination it just forwards the traffic to another specific address and port combination. This can be a docker container, but also can be a physical machine or any random URL.
It also has Let’s Encrypt included (but that should be a no-brainer).
I use the caddy plugin in opnsense. Used nginx proxy manager from Proxmox helper scripts before that, which was relatively easy and helped me understand the whole proxy thing. Moved to caddy on opnsense a few months ago, just because, and have had no good reason to change yet.
I recently switched a bunch of nginx configs to the opnsense Caddy plugin. It is easy to configure, but in my opinion it lacks the ability to change settings beyond the basics. It isn’t helpful either that the plugin developer fails to recognize any other use case than the basics. It disqualifies the plugin for everyone with a little bit more complex setups.
I was thinking about putting it from its dedicated VM to opnsense as well. I just don’t know yet what the security implications are and also my firewall hardware isn’t too beefy so I have to play around with it for a bit.
I think NGINX has the best reverse proxy
I use NPM in a docker container. It could not be easier in my opinion but then again, I did not use any of the alternatives so I might be missing out on something, who knows. I did manage a couple of proxy servers in the past based on Apache and I can tell you that NPM is much easier and logical to me than that.
Just create a compose file and start it. Create DNS records pointing to your NPM IP address/exposed IP and make a host in NPM sending traffic to the right container IP:port. The compose file is super simple, could not be easier. Here’s mine for example:
services: nginx-proxy-manager: container_name: nginx-proxy-manager image: 'jc21/nginx-proxy-manager:latest' restart: always ports: - '80:80' - '443:443' volumes: - ./data:/data - ./letsencrypt:/etc/letsencryptI just make sure ports 443 and 80 are exposed on my router so DNS records can point to that IP adrdess. All traffic on port 80 gets re-routed to 443.
I’m probably stating all the obvious things here 😀
I mean yes, that seems obvious now that I’ve learned this.
But I wish I read this comment 3 years ago when I was starting to dive into self hosting. Would have saved me a bunch of time. So always assume some piece of knowledge is not obvious for someone out there and share ᕕ( ᐛ )ᕗ
So always assume some piece of knowledge is not obvious for someone out there and share
You just described a thing of mine I cannot help but do; explain the ever loving crap out of things
I need to be careful with that though as relatives start to complain and push back on me telling things over and over.
Thing is, until I see a full comprehension on the other side on what I try to convey I just keep explaining in variations, keep finding metaphors and keep pestering you until you ‘get it’. Some say it is a virtue, some say it is a hindrance.I have had therapy on this… 😂
Hahaha, I can totally relate. I think we should think of it as a virtue. Continue the good work 💪
I’ve been using NPM for a few years now and can’t recommend it enough. I use it to route to both docker containers on an internal proxy network as well at other services within my networks
I highly recommend npm. It’s also the only one I’ve used, so please keep that in mind.
In my experience, all the 3 big ones work just fine. Caddy, Traefik, Nginx. I use Nginx.
I have had the same experience. Have used all three at some point but mostly use nginx for new servers
I use both, Traefik on my docker host that’s also used for trying out new stacks, and NPM at work for a config that won’t change (ever, probably).
Yes, the NPM web ui is somewhat easier in regard to proxying targets outside Docker.
Nginx from day one. Well documented, it works. If something doesn’t work chances are you are a quick googlefu away from the solution.
