Currently, I use dockerproxy + swag and Cloudflare for externally-facing services. I really like that I don’t have to open any ports on my router for this to work, and I don’t need to create any routes for new services. When a new service is started, I simply include a label to call swag and the subdomain & TLS cert are registered with Cloudflare. About the only complaint I have is Cloudflare’s 100MG upload limit, but I can easily work around that, and it’s not a limit I see myself hitting too often.

What’s not clear to me is what I’m missing by not using Traefik or Caddy. Currently, the only thing I don’t have in my setup is central authentication. I’m leaning towards Authentik for that, and I might look at putting it on a VPS, but that’s the only thing I have planned. Other than that, almost everything’s running on a single Beelink S12. If I had to, I could probably stand up a failover pretty quickly, though.

    • N0x0n@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 days ago

      Thanks for the tip !! I will certainly give it a look, It’s kinda annoying for my family members to always connect via wireguard.

      For me it’s fine though, I even route my traffic to ProtonVPN but my family is always nagging how they need to “do something” to get access to the hosted services or that it “doesn’t work”.

    • Lem453@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 days ago

      Do you have a guide on how to do his? I couldn’t get the middleware to work to actually bounce connections

      • mbirth@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        6 days ago

        You have to actually add the middleware into the (default) chain for your https entrypoint (I think in most tutorials it’s called websecure) - in my static conf I have this:

        entryPoints:
          https:                                                           
            address: :443                                                  
            http:                                                          
              middlewares:                                                 
                - crowdsec-bouncer@file                                    
                - secure-headers@file 
        

        And in my dynamic conf I have this:

        http:
          middlewares:
            crowdsec-bouncer:
              plugin:
                crowdsec-bouncer-traefik-plugin:
                  CrowdsecLapiKey: "### Enter your LAPI Key here ###"
                  Enabled: true