traefik VS Caddy

Hetzner, Docker, Traefik as proxy and Apache / httpd inside the containers

With some more work, you could configure proxies that work lower on the infrastructure level, like NGINX, Envoy Proxy, HAProxy, or Traefik Proxy to give you the classic API gateway functionality. There's also KrakenD as another open-source option.

Traefik - Modern reverse proxy and load balancer

I wanted to try another one on Kubernetes. I chose Traefik because my searches mentioned it was the easiest to use in Kubernetes. As I mentioned, Traefik provides a Helm Chart, which makes it easy to install. Additionally, it integrates with OpenTelemetry.

Another problem is that the default certificates issued by Traefik, are not trusted by other systems or browsers. So we frequently need to bypass security warnings, which by itself is indicative of a problem and encourages bad habits. Furthermore, even if we manage to configure our setup to use the ingress service from within the cluster, it depends on the backend application if it allows bypassing TLS host checking.

Sidecar containers: Google Cloud Run has a cool feature where you can run multiple containers next to each other. So for example, if you want to run Caddy or Traefik as a reverse proxy for your ingress container and then have both your web frontend container & backend api container co-located in the same service, you can do that & have everything be super low latency.

traefik: link --> re-uses go/http: 1MB for headers

The main goal of this guide is to establish a streamlined process for deploying web applications with minimal effort. Using Amazon EC2 with Docker and Traefik as a reverse proxy, we will create a flexible server environment that supports multiple web applications and services, including databases like PostgreSQL, on different ports. This setup will ensure smooth deployment workflows, easy vertical scaling, and adaptable management of routing for various services, allowing for efficient expansion and integration of additional components as needed.

Caddy: web server with automatic HTTPS

Caddy

This single record will suffice as we will be using a reverse proxy to map each of our application. For the reverse proxy solution, we will be using Caddy, particularly xcaddy.

It looks nice and friendly, but for developers I can recommend exploring caddy[1] or nginx[2]. It's a useful technology to have worked with, even if they're ultimately only used for proxying analytics.

[1] https://caddyserver.com/

I began to self-host a Minecraft server using Crafty Controller, an Excalidraw instance, Docmost to replace Notion, Plane to replace Jira, and Penpot to replace Figma. To be able to access them from the internet, I used Nginx Proxy Manager to set up reverse proxies with SSL. You can use Traefik or Caddy instead, but I enjoyed the ease-of-use of NPM. For a dashboard solution, I started with Homarr, but later switched to Homepage because I'm apparently incapable of making a decision and sticking with it.

This approach offers a level of customizability similar to what xcaddy does for the Caddy server, eliminating the complexities associated with writing Rhai scripts to customize a precompiled binary, as is the case with the Apollo Router.

Caddy is a server written in Go programming language, known to be easy peasy to configure (Unlike configuring Nginx), and it also includes https by default.

Caddy is the ultimate web server anyone should be using. This is true for production as well as for local development. It is very fast, and by default obtains and renews SSL certificates automatically. This is useful for when you want to test certain website feature that is only allowed when they're accessed with HTTPS. You get free TLS for all your subdomains, and it does that in a scalable way.