39

Currently, I use dockerproxy + swag and Cloudflare for externally-facing services. I really like that I don't have to open any ports on my router for this to work, and I don't need to create any routes for new services. When a new service is started, I simply include a label to call swag and the subdomain & TLS cert are registered with Cloudflare. About the only complaint I have is Cloudflare's 100MG upload limit, but I can easily work around that, and it's not a limit I see myself hitting too often.

What's not clear to me is what I'm missing by not using Traefik or Caddy. Currently, the only thing I don't have in my setup is central authentication. I'm leaning towards Authentik for that, and I might look at putting it on a VPS, but that's the only thing I have planned. Other than that, almost everything's running on a single Beelink S12. If I had to, I could probably stand up a failover pretty quickly, though.

top 17 comments
sorted by: hot top controversial new old
[-] hendrik@palaver.p3x.de 27 points 1 week ago

Well, not using Cloudflare would make us all rely a bit less on a single company that already dominates the internet. And it'd make them unable to theoretically mess with your traffic and snoop on your data. Other than that... I don't think you're missing out on features.

[-] theRealBassist@lemmy.world 3 points 1 week ago

What would you recommend as an alternative? Right now I'm just using them for DNS.

[-] freezy@discuss.tchncs.de 2 points 6 days ago* (last edited 6 days ago)
[-] theRealBassist@lemmy.world 1 points 4 days ago

That actually seems like a solid option. Do you happen to know how well it integrates with Traefik and the like for setting up reverse proxies?

[-] freezy@discuss.tchncs.de 1 points 4 days ago

If you use caddy it works like a charm out of the box with their desec module. If you run caddy with via docker compose you can integrate the respective module pretty easily, check the ”Adding custom Caddy modules" section on their docker hub page.

[-] hendrik@palaver.p3x.de 5 points 1 week ago

I really don't know what to recommend to other people. I use opennic.org for DNS. And I don't use any tunnels, I just do port forwarding on my router. I have an internet connection that allows that.

[-] Zelaf@sopuli.xyz 2 points 1 week ago

1984.hosting has a freely available to use DNS service for domains. They're a good company that does what Njalla say they do but without the bullshit of stealing peoples domains.

[-] keepee@lemmy.world 2 points 1 week ago

How is cloudflare stealing domains?

[-] Zelaf@sopuli.xyz 2 points 6 days ago

No, Njalla is. They have a history of stealing domains and banning users without explaining why and absolutely refuse to look into why a user got banned in the first place. On top of that generally terrible customer support.

I've had the complete opposite experience with 1984.hosting, support has been great and they even support GPG keys to one of their emails if you want to keep your inquires encrypted.

[-] keepee@lemmy.world 2 points 6 days ago

Interesting. I hadn't even heard of Njalla, but now I know to avoid them, thanks.

[-] EncryptKeeper@lemmy.world 16 points 1 week ago* (last edited 1 week ago)

I switched from SWAG to Caddy. Its config file is much simpler, with many best practice settings being default resulting in each sites being like 3 lines of code. Implementing something like mTLS requires one line per site, just super nice to configure, and you’re not left without a template config for more obscure services.

That being said, SWAG does more than enough and Nginx is a powerful software so you really aren’t missing out on anything but more streamlined config.

Traefik is kind of just like, a nightmare that tries to sell you on it being “self configuring” but it takes some work to get to that point and the “self configuring” requires the same amount of time in a text editor as manually configuring Caddy does. I can see Traefik being powerful if you’re using it with actually clustered k8s and distributed workloads. If that’s not your use case it’s kinda just more work than it’s worth.

[-] Cpo@lemm.ee 12 points 1 week ago* (last edited 1 week ago)

I was an avid nginx user but having caddy handle the ssl certificate creation and renewal is amazing.

I probably am outdated on nginx (maybe it supports it?) but caddy is what I use from here on out.

[-] AustralianSimon@lemmy.world 6 points 1 week ago* (last edited 1 week ago)

Yeah it supports cert acquisition through let's encrypt now.

[-] ptz@dubvee.org 7 points 1 week ago* (last edited 1 week ago)

Haven't messed with it personally (yet), but I've seen some examples where Caddy can do some cool stuff (I think the example I saw recently was defining routes that can call an arbitrary program with the HTTP request details).

I use Nginx almost exclusively (I've got HAProxy in the mix, too, but it's strictly for load balancing). Everyone always keeps recommending Traefik to me, but from what I've seen, it doesn't do anything Nginx can't already do, and the config is all bizarre and way less intuitive. Not saying it's bad, just not for me. (This is not an invitation to proselytize Traefix at me lol).

Use whatever works for you.

[-] d00phy@lemmy.world 4 points 1 week ago

I've seen some examples where Caddy can do some cool stuff (I think the example I saw recently was defining routes that can call an arbitrary program with the HTTP request details).

I guess this is what I was getting at. From what I can tell, at their core, both do pretty much what Swag is already doing for me. Was mainly curious about additional functionality I hadn't thought of. Most of what I've done so far is stuff I hadn't thought of until I saw it mentioned here, reddit, or in the linuxserver list.

[-] catloaf@lemm.ee 3 points 1 week ago
[-] Shimitar@feddit.it 2 points 1 week ago

Not depend on a specific corporation to access all your services for one.

A reverse proxy (I use nginx) will let you centralize certificates and allow the use of subdomains easily, without depending from a specific service provider like cloudflare.

Looks like you are are a lucky american with access to a real IP address, good for you, a luxury nowadays where CG-NAT is common place everywhere.

Opening a port is not even possible where I live.

this post was submitted on 08 Nov 2024
39 points (100.0% liked)

Selfhosted

40183 readers
427 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS