traefik
tailscale
traefik | tailscale | |
---|---|---|
192 | 1,019 | |
50,776 | 18,925 | |
1.8% | 2.7% | |
9.6 | 9.9 | |
3 days ago | 2 days ago | |
Go | Go | |
MIT License | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
traefik
-
Setting Up a Multi-Purpose Server with Amazon EC2, Docker, and Traefik
The main goal of this guide is to establish a streamlined process for deploying web applications with minimal effort. Using Amazon EC2 with Docker and Traefik as a reverse proxy, we will create a flexible server environment that supports multiple web applications and services, including databases like PostgreSQL, on different ports. This setup will ensure smooth deployment workflows, easy vertical scaling, and adaptable management of routing for various services, allowing for efficient expansion and integration of additional components as needed.
- Traefik v3.0.1
-
Manage a multiple websites server with Docker, Treafik and auto SSL certificates
Treafik as Reverse proxy
-
Take a look at traefik, even if you don't use containers
apparently "traffic" https://github.com/traefik/traefik/issues/795
-
Release Radar · April 2024 Edition: Major updates from the open source community
Pronounced "traffic", Traefik is a modern HTTP reverse proxy and load balancer aimed at making deploying microservices easier. It integrates with your existing infrastructure components such as Docker, Kubernetes, and others, and configures itself automatically and dynamically. The latest version adds lots of new options and enhancements such as adding healthcheck options, support for custom headers, and more. Read the migration guide on how to update to the latest version which is now required due to breaking changes.
-
Ask HN: Are there any open source forks of nomad smd consul?
> I think etcd is basically a k8s only project now
I hate etcd with the best of them, but etcd is used in a lot more places than just kubernetes:
https://github.com/apache/apisix/blob/master/docs/en/latest/...
https://github.com/traefik/traefik#:~:text=Etcd,
https://github.com/zalando/patroni#patroni-a-template-for-po...
https://github.com/purpleidea/mgmt/tree/0.0.26/etcd (this one shows up on HN quite a bit)
https://github.com/sorintlab/stolon#features
It's actually one of the major reasons I wouldn't touch those projects
- Traefik Proxy v3.0.0 Released
-
How to securely reverse-proxy ASP.NET Core web apps
However, it's very unlikely that .NET developers will directly expose their Kestrel-based web apps to the internet. Typically, we use other popular web servers like Nginx, Traefik, and Caddy to act as a reverse-proxy in front of Kestrel for various reasons:
-
Deploying Web Apps with Caddy: A Beginner's Guide Caddy
Not as good though. Case in point: https://github.com/traefik/traefik/issues/5472#issuecomment-... (that's just from this morning)
I'm speak objectively here. Of course, any built-in auto HTTPS that works (more or less) is better than none. Traefik uses an ACME library that was originally written for Caddy. After the original author left that project, Traefik team started maintaining it. Caddy's users' requirements exceeded what the library was capable of, but unfortunately there was friction in getting it to achieve our requirements. So I ended up writing a new ACME client library in Go and, together with upgrades in CertMagic (Caddy's auto-TLS lib), Caddy has the more flexible, robust, and capable auto-HTTPS functionality.
That is to say, not all auto-HTTPS functionalities are the same.
-
Security Workshop Part 1 - Put up a gate
We'll use Traefik, an open source cloud native gateway that can plug into a Kubernetes cluster. It has the concept of "middleware" that can process API requests before passing them through to a backend. We can configuring a rate limit for all of our API endpoints by matching on the request path:
tailscale
-
Tell HN: Tailscale is giving 451s within Russia
They started that for a number of countries during 30.08-01.09 2023 [0][1]
[0] https://github.com/tailscale/tailscale/issues/9158
[1] https://www.reddit.com/r/Tailscale/comments/1672n6k/
-
Taildrop lets you send files between your personal devices on Tailscale network
> VPN as a service sounds wrong from security perspective, as you are giving away all the keys.
Tailscale’s Android and Linux clients are open-source[0] and based on WireGuard (which AFAIU is now part of the Linux kernel[1]). With other VPN software you may be owning the keys but you cannot verify what the program does.
Tailscale requires a coordination server to function. This component is not open-source, but there is an open-source reimplementation called Headscale[2] that you can host on your own server.
Additionally, there is "tailnet lock"[3]:
> Tailnet lock lets you verify that no node is added to your tailnet without being signed by trusted nodes in your tailnet. When tailnet lock is enabled, even if Tailscale infrastructure is malicious or hacked, attackers can’t send or receive traffic on your tailnet.
---
> These internal services that are annohnced are just... Services you can run on the Internet with TLS.
I haven’t used Tailscale in a professional context, so I cannot comment on the usefulness there, but I am using it (with Headscale) in my homelab. It makes it very easy to access all the services spread onto multiple boxes from everywhere, let them all use the same AdGuard Home DNS server without having to configure them individually and tunnel all my traffic through my home internet connection using an exit node[4].
I normally use croc[5] for file transfers between boxes, but when I had to fetch some files from my Windows game streaming computer, it was easier to just use Taildrop because Tailscale was installed already.
[0] https://github.com/tailscale/tailscale
-
QUIC Is Not Quick Enough over Fast Internet
BTW, that code changed just recently:
https://github.com/tailscale/tailscale/commit/1c972bc7cbebfc...
It's now a AF_PACKET/SOCK_DGRAM fd as it was originally meant to be.
- I'm blocking connections from AWS to my on-prem services
-
Server Setup Basics for Self Hosting
I recommend checking out [Caddy](https://caddyserver.com/), which replaces both Nginx and Certbot in this setup.
[Tailscale](https://tailscale.com/) can remove the need to open port 22 to the world, but I wouldn't rely on it unless your VPS provider has a way to access the server console in case of configuration mistakes.
-
Tailscale Kubernetes Operator
Anyways, I'm not always at home when I want to work on something and I wanted to find a way to access services remotely. Well tonight I realized I should be able to do this with Tailscale.
- Tailscale: Move away from inet.af domain seized by Taliban
-
The New Internet
Looks like it's due to this: https://github.com/tailscale/tailscale/issues/6999#issuecomm...
-
Kubernetes vs Philippine Power Outages - On setting up k0s over Tailscale
It's important to note potential edge cases when integrating Calico with Tailscale as discussed here. To avoid conflicts, we recommend remapping Calico's netfilter packets. This ensures compatibility and smooth operation in your network setup.
-
9 tools, libraries and extensions our developer can't live without (and why)
Tailscale simplifies network management, enhances security, and facilitates remote collaboration, ultimately enabling them to focus on their core development tasks without worrying about networking complexities.
What are some alternatives?
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
headscale - An open source, self-hosted implementation of the Tailscale control server
Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
netbird - Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
ingress-nginx - Ingress NGINX Controller for Kubernetes
Netmaker - Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Squid - Squid Web Proxy Cache
ZeroTier - A Smart Ethernet Switch for Earth
envoy - Cloud-native high-performance edge/middle/service proxy
pivpn - The Simplest VPN installer, designed for Raspberry Pi
socks5-proxy-server - SOCKS5 proxy server
Nebula - A scalable overlay networking tool with a focus on performance, simplicity and security