Our great sponsors
-
Nginx Proxy Manager
Docker container for managing Nginx proxy hosts with a simple, powerful interface
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Pomerium
Pomerium is an identity and context-aware reverse proxy for zero-trust access to web applications and services.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
NGINX Unit
NGINX Unit is a lightweight and versatile open-source web app server that has three core capabilities. It is a HTTP reverse proxy, a web server for static media assets, and an application server that can natively execute application code in seven different languages.
-
caddy-docker-proxy-cloudflare
A custom Caddy build with the Caddy Docker Proxy and Cloudflare modules installed.
There's not a setting you can turn on to block common exploits like in NPM, but it's possible to create a snippet and then import that snippet on a domain so you don't have to repeat it several times. Here's what NPM includes when you enable that switch for reference: block-exploits.conf
And if you're using Docker then you can use Caddy Docker Proxy to configure Caddy directly in your Docker compose files:
Caddy
My first reverse proxy was traefik, but it was just too complex, with too many abstraction layers for my use. I needed to re-learn it every time I went to make changes.
If you're using Cloudflare then you might need the Cloudflare module which is a little annoying because you need to rebuild the Caddy executable (or Docker image) to include it. I just set up a GitHub repo that uses GitHub Actions to build and publish a Docker image that includes the Caddy Docker Proxy and Cloudflare modules, but I haven't figured out how automatically update the image when a new version of Caddy is released so it's still a manual process for now.
I’m really surprised this sub has no love for Pomerium. I feel like it’s as simple as Caddy with all the security benefits of Traefik.
HTTPS-PORTAL has everything I need.
I use ingress-nginx in my k3s cluster, mostly because a lot of services have their documentation for either apache or nginx and I was already used to manually configuring nginx from back when I ran container less or with docker
As I’m using Ansible in my homelab a lot, I recently made an Ansible role dbrennand.caddy_docker for deploying and configuring Caddy in a Docker container.
In v2.7.0 (coming soon), Caddy will support parsing the "real client IP" from a configurable header as well. See https://github.com/caddyserver/caddy/pull/5104
nginx, but nginx-unit looks very interesting. I might switch a few docker containers to use it before trying to use it natively.
Here is the Dockerfile i use to build my image: https://github.com/r3Fuze/caddy-docker-proxy-cloudflare/blob/main/Dockerfile
There is also a short section about it on the Docker hub page under the "Adding custom Caddy modules" section: https://hub.docker.com/_/caddy