Currently, I use dockerproxy + swag and Cloudflare for externally-facing services. I really like that I don’t have to open any ports on my router for this to work, and I don’t need to create any routes for new services. When a new service is started, I simply include a label to call swag and the subdomain & TLS cert are registered with Cloudflare. About the only complaint I have is Cloudflare’s 100MG upload limit, but I can easily work around that, and it’s not a limit I see myself hitting too often.
What’s not clear to me is what I’m missing by not using Traefik or Caddy. Currently, the only thing I don’t have in my setup is central authentication. I’m leaning towards Authentik for that, and I might look at putting it on a VPS, but that’s the only thing I have planned. Other than that, almost everything’s running on a single Beelink S12. If I had to, I could probably stand up a failover pretty quickly, though.
Well, not using Cloudflare would make us all rely a bit less on a single company that already dominates the internet. And it’d make them unable to theoretically mess with your traffic and snoop on your data. Other than that… I don’t think you’re missing out on features.
What would you recommend as an alternative? Right now I’m just using them for DNS.
desec.io is also a good option
That actually seems like a solid option. Do you happen to know how well it integrates with Traefik and the like for setting up reverse proxies?
I really don’t know what to recommend to other people. I use opennic.org for DNS. And I don’t use any tunnels, I just do port forwarding on my router. I have an internet connection that allows that.
1984.hosting has a freely available to use DNS service for domains. They’re a good company that does what Njalla say they do but without the bullshit of stealing peoples domains.
How is cloudflare stealing domains?
Haven’t messed with it personally (yet), but I’ve seen some examples where Caddy can do some cool stuff (I think the example I saw recently was defining routes that can call an arbitrary program with the HTTP request details).
I use Nginx almost exclusively (I’ve got HAProxy in the mix, too, but it’s strictly for load balancing). Everyone always keeps recommending Traefik to me, but from what I’ve seen, it doesn’t do anything Nginx can’t already do, and the config is all bizarre and way less intuitive. Not saying it’s bad, just not for me. (This is not an invitation to proselytize Traefix at me lol).
Use whatever works for you.
I was an avid nginx user but having caddy handle the ssl certificate creation and renewal is amazing.
I probably am outdated on nginx (maybe it supports it?) but caddy is what I use from here on out.
Yeah it supports cert acquisition through let’s encrypt now.
Except that everything is under your control and not managed by a third party, not much I think.
If this setup works for you and you’re happy with it, just keep it going.
If you have time to spare, want to learn new things, tinkerer arround with network security, certificates, DNS, reverse proxy and, and, and… You can give it a try in a virtual machine and docker containers. But keep in mind that’s not an easy way and involves a lot of personal time before you get a GOOD working self-hosted / exposed services.
I wouldn’t recommend to open any port on your router except for a secured tunnel like wireguard and connect to your services through that tunnel. Opening port 443/80 on your router is bound to some heavy automated scanning and brute force by bots. If you don’t have the necessary knowledge/tool/hardware, this is just going to put you at risk of ddos and remote attacks.
That’s way something like cloudflare is populare, they most of the time take care of that nuisance and also why something like wireguard is popular among the selfhosting community.
