this post was submitted on 14 Aug 2023
24 points (100.0% liked)

Selfhosted

40438 readers
480 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Does anyone have a guide to Traefik for an absolute idiot (myself)?

I was able to get a freshrss server running using dockercompose and was able to connect to it on my local network, but all the guides I read said I NEED to have a reverse proxy before I access it remotely.

This is probably my sign I need to actually learn how to use docker instead of being lazy as hell and copy/pasting code, but I thought I'd ask.

top 23 comments
sorted by: hot top controversial new old
[–] [email protected] 14 points 1 year ago (4 children)
[–] [email protected] 8 points 1 year ago (1 children)

+1 for caddy. I had some issues with traefik and switched to caddy and it’s so easy!

Just need to learn the more advanced stuff for the Caddyfile like error redirects and what not.

[–] [email protected] 1 points 1 year ago (1 children)

@fraydabson @krdo been curious about caddy before but I have no reason to switch from nginx-proxy-manager. Has anyone got any experience with both of these ? How do they compare?

[–] [email protected] 2 points 1 year ago (1 children)

Im new with reverse proxies. My understanding is that npm is way easier to do stuff with the UI and you use it to setup the certs and all that.

With caddy it has auto https. So you just need one Caddyfile listing your reverse proxies and that’s it. It just works. No config or anything.

Now if you want to do more advanced stuff like what you would do with nginx conf files, caddy is very expansive with its directives. Setting up redirects or error pages and what not. It’s super simple in the Caddyfile. I’m still learning how to do more complex stuff like if else statements and what not.

[–] [email protected] 1 points 1 year ago

@fraydabson Thanks for the explainer. I was recently tempted to try it out but my certs end everything is managed by NPM and didn't really have the time to redo my whole setup but it looms interesting

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Also consider there's a plugin designed to change its config dynamically through docker labels sort of like Traefik, although I can't say I've used it myself.

[–] [email protected] 1 points 1 year ago

@krdo I have found Caddy much easier to use than Traefik

[–] [email protected] 1 points 1 year ago

I installed npm (Nginx Proxy Manager) without problems before I heard about Caddy.

Npm works well and requires zero maintenance, and it's easy to manually add redirects via the web ui when I start new Docker containers.

"If it works, don't fix it." But if I didn't have npm today I would try Caddy.

[–] [email protected] 10 points 1 year ago (1 children)

Consider Caddy … just uninstalled Traefik in favor of Caddy

[–] [email protected] 3 points 1 year ago

Caddy is the only reverse proxy I managed to setup. I failed miserably multiple times with Traefik and Nginx.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago) (1 children)

No, you don't need a reverse proxy. If you're accessing anything remotely, I highly recommend just setting up a VPN instead of exposing a bunch of different services to the Internet.

That said, traefik is dead simple. There's an example for docker-compose here: https://doc.traefik.io/traefik/user-guides/docker-compose/basic-example/

It's not completely secure, but I only use it so that I can access my services by name and over HTTPS. I don't have anything exposed to the Internet.

[–] [email protected] 13 points 1 year ago (1 children)

In my setup I still use reverse proxy even though all of my services are inside a VPN. IMO it is just more convenient to have services accesible as subdomains or subdirectory than as different ports.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

+1 for this, add Tailscale DNS or similar on top plus a local redirect and you have easy access to it all through the same unified FQDN no matter if local, remote through an exposed Caddy, or remote through your VPN.

[–] [email protected] 2 points 1 year ago (1 children)

Do you have some guides to share regarding local redirect ? I have some troubles accessing my services from my phone when I am at home and it forces me to turn on the VPN, I couldn't fine a solution so far...

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

I don't have a guide at hand but I basically just set a wildcard DNS rewrite on AdGuard Home so that *.my.domain redirects to the IP running my reverse proxy. Since AdGuard is set up at the router level, everything goes through it so the proxy handles everything from there.
I can share specifics after I get home in a few hours if you need a hand, feel free to reach out.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Oh, I see. I have Pihole setup as a local DNS, but this works only partially, because my ISP router sucks and I have no control over it... basically, it works perfectly for wired connections, buy devices connected via WiFi will more often than not bypass Pihole and get a DNS server directly from the router (via IPv6).

[–] [email protected] 2 points 1 year ago (1 children)

Right, that's a bummer. I'm guessing you don't have enough access to turn off your router's DHCP server so pihole can take over properly? If that's the case, I guess you'd have to get another router and make your own subnet off the ISP one or something along those lines so you have more control, that's kinda what my setup looks like at the moment.

[–] [email protected] 2 points 1 year ago (1 children)

Yes, that's right. My ISP offers another router providing more complete control, for more money of course.

[–] [email protected] 1 points 1 year ago

Gotta love ISPs. I ended up getting myself a good router on my own and having it piggyback off the ISP provided one so I could actually change settings around. Not ideal but it's something. As a bonus, my subnet always looks the same and whatnot, a godsend for self-hosting.

[–] ZebraGoose 4 points 1 year ago* (last edited 1 year ago) (1 children)
[–] [email protected] 5 points 1 year ago

Here is an alternative Piped link(s): https://piped.video/watch?v=liV3c9m_OX8

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source, check me out at GitHub.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

As stated before you don't need a reverse proxy. Since you are exposing port 8080 ( if you stuck the config on the docker hub page; "-p 8080:80") it is reachable from everywhere, where you have access to that machine.

A reverse proxy can expose many different services running either on the same machine or from a remote. As long as the reverse proxy is in the same docker network (usually "default") it can access your services without their ports exposed.

You can configure the reverse proxy to decide which backend service to call by path, dns name or other patterns.

A reverse proxy can also do TLS termination and get certificates from let's encrypt, so the backend services don't have to deal with it.

So if you run more than one service on the same machine and want to use TLS you normally want to use a reverse proxy.

I personally use traefik because I used to but I also used nginx and caddy. Whatever works for you. But I agree that caddy is easier to get going without a lot of boilerplate config.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
HTTP Hypertext Transfer Protocol, the Web
IP Internet Protocol
SSL Secure Sockets Layer, for transparent encryption
TLS Transport Layer Security, supersedes SSL
VPN Virtual Private Network
nginx Popular HTTP server

5 acronyms in this thread; the most compressed thread commented on today has 4 acronyms.

[Thread #43 for this sub, first seen 14th Aug 2023, 17:05] [FAQ] [Full list] [Contact] [Source code]