Caddy VS traefik

It looks nice and friendly, but for developers I can recommend exploring caddy[1] or nginx[2]. It's a useful technology to have worked with, even if they're ultimately only used for proxying analytics.

[1] https://caddyserver.com/

I began to self-host a Minecraft server using Crafty Controller, an Excalidraw instance, Docmost to replace Notion, Plane to replace Jira, and Penpot to replace Figma. To be able to access them from the internet, I used Nginx Proxy Manager to set up reverse proxies with SSL. You can use Traefik or Caddy instead, but I enjoyed the ease-of-use of NPM. For a dashboard solution, I started with Homarr, but later switched to Homepage because I'm apparently incapable of making a decision and sticking with it.

This approach offers a level of customizability similar to what xcaddy does for the Caddy server, eliminating the complexities associated with writing Rhai scripts to customize a precompiled binary, as is the case with the Apollo Router.

Caddy is a server written in Go programming language, known to be easy peasy to configure (Unlike configuring Nginx), and it also includes https by default.

Caddy is the ultimate web server anyone should be using. This is true for production as well as for local development. It is very fast, and by default obtains and renews SSL certificates automatically. This is useful for when you want to test certain website feature that is only allowed when they're accessed with HTTPS. You get free TLS for all your subdomains, and it does that in a scalable way.

Did you happen to look at caddy? It at least used to have some degree of support for plan9: https://github.com/caddyserver/caddy/issues/1093

https://github.com/caddyserver/caddy/issues/5759 :

> When generating a CA cert via caddy and putting that in the trust store, those private keys can also forge certificates for any other domain.

RFC5280 (2008) "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile" > Section 4.2.1.10

I wanted to try another one on Kubernetes. I chose Traefik because my searches mentioned it was the easiest to use in Kubernetes. As I mentioned, Traefik provides a Helm Chart, which makes it easy to install. Additionally, it integrates with OpenTelemetry.

Another problem is that the default certificates issued by Traefik, are not trusted by other systems or browsers. So we frequently need to bypass security warnings, which by itself is indicative of a problem and encourages bad habits. Furthermore, even if we manage to configure our setup to use the ingress service from within the cluster, it depends on the backend application if it allows bypassing TLS host checking.

Sidecar containers: Google Cloud Run has a cool feature where you can run multiple containers next to each other. So for example, if you want to run Caddy or Traefik as a reverse proxy for your ingress container and then have both your web frontend container & backend api container co-located in the same service, you can do that & have everything be super low latency.

traefik: link --> re-uses go/http: 1MB for headers

The main goal of this guide is to establish a streamlined process for deploying web applications with minimal effort. Using Amazon EC2 with Docker and Traefik as a reverse proxy, we will create a flexible server environment that supports multiple web applications and services, including databases like PostgreSQL, on different ports. This setup will ensure smooth deployment workflows, easy vertical scaling, and adaptable management of routing for various services, allowing for efficient expansion and integration of additional components as needed.

Treafik as Reverse proxy

apparently "traffic" https://github.com/traefik/traefik/issues/795

Pronounced "traffic", Traefik is a modern HTTP reverse proxy and load balancer aimed at making deploying microservices easier. It integrates with your existing infrastructure components such as Docker, Kubernetes, and others, and configures itself automatically and dynamically. The latest version adds lots of new options and enhancements such as adding healthcheck options, support for custom headers, and more. Read the migration guide on how to update to the latest version which is now required due to breaking changes.

> I think etcd is basically a k8s only project now

I hate etcd with the best of them, but etcd is used in a lot more places than just kubernetes:

https://github.com/apache/apisix/blob/master/docs/en/latest/...

https://github.com/traefik/traefik#:~:text=Etcd,

https://github.com/zalando/patroni#patroni-a-template-for-po...

https://github.com/purpleidea/mgmt/tree/0.0.26/etcd (this one shows up on HN quite a bit)

https://github.com/sorintlab/stolon#features

It's actually one of the major reasons I wouldn't touch those projects