nginx-proxy VS traefik

I have an express API that runs on EC2 and I am using nginx-proxy

If Traefik is not your thing Im happily using https://github.com/nginx-proxy/nginx-proxy and sslip.io for local docker compose development.

And then even plain nginx to proxy to non docker services...

(And ipv6 for really short urls. E.g. `example.com.--1.sslip.io` etc)

I wanted to share with you an exciting new tool that simplifies the process of interacting with the NGINX Proxy Manager API. It's a TypeScript tool that generates API requests based on environment variables within a Docker container. This tool is heavy influenced by the https://github.com/nginx-proxy/nginx-proxy but it works with npm.

I use an automatically configuring reverse proxy - there's several to choose from, but the nginx-docker image is really nice, and comes with another image to do automatic SSL with certbot (if you wanted to host things externally).

Docker runs on the 3B+ so you could use this [Github] or the one I have deployed here [NGINX Proxy Manager site] amongst others.

- and this

docker compose + wildcard dns + reverse proxy that covers all widecard subdomains + https://github.com/nginx-proxy/nginx-proxy (not to be confused with nginx itself) then setup a container for each app and set a subdomain for it, you can add ssl if you have a public domain or use self signed certs (but you need to distribute it to all machines and devices)

setting up letsencrypt with nginx-proxy and acme-companion

We use the nginx-proxy docker image. Auto-configuring reverse proxy with support for certbot. Never been easier - just put your domain and certbot details in your container env, and it does the rest.

I just use the nginx-proxy image, makes it all super easy, auto-configuring, and all domain/cert information is stored against the project rather than the proxy.

However, it's very unlikely that .NET developers will directly expose their Kestrel-based web apps to the internet. Typically, we use other popular web servers like Nginx, Traefik, and Caddy to act as a reverse-proxy in front of Kestrel for various reasons:

Not as good though. Case in point: https://github.com/traefik/traefik/issues/5472#issuecomment-... (that's just from this morning)

I'm speak objectively here. Of course, any built-in auto HTTPS that works (more or less) is better than none. Traefik uses an ACME library that was originally written for Caddy. After the original author left that project, Traefik team started maintaining it. Caddy's users' requirements exceeded what the library was capable of, but unfortunately there was friction in getting it to achieve our requirements. So I ended up writing a new ACME client library in Go and, together with upgrades in CertMagic (Caddy's auto-TLS lib), Caddy has the more flexible, robust, and capable auto-HTTPS functionality.

That is to say, not all auto-HTTPS functionalities are the same.

We'll use Traefik, an open source cloud native gateway that can plug into a Kubernetes cluster. It has the concept of "middleware" that can process API requests before passing them through to a backend. We can configuring a rate limit for all of our API endpoints by matching on the request path:

I did the same question here and here

Sadly there is currently no way of doing so. https://github.com/traefik/traefik/issues/6999

Traefik is another widely used system that has automatic configuration and offers support for more things like swarm/kubernetes/etc.

I have a webapp which I currently have deployed by running nginx in a container. Works as it should, however I am intersted in adding more observability to the webapp and found this reverse-proxy https://github.com/traefik/traefik which seems to expose some nice metrics which can be useful for observability.

``` more details in this (github issue)[https://github.com/traefik/traefik/issues/5059]