A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
I'll admit I've not tried Traefik yet, but I see Caddy as being to web servers (and reverse proxies), what WireGuard is to VPNs.
It does what it needs to well, with a minimal config file. And if I learn and get comfortable with Caddy, then I know it can do anything I will ever need of a web server down the line with no need for me to ever change setup.
If Caddy works for you, no reason to change it.
I use Traefik because I like how tightly integrated it is with Docker. If the container with the config labels on it starts/stops the corresponding router in Traefik also starts/stops.
Since my services are mostly running in Docker, it's the perfect workflow for me.
Others have already mentioned the question makes no sense but for others that are curious.
Headscale is a self hosted tailacale alternative and for a small number of devices plain wireguard is as well. I use plain wireguard on my router to allow LAN access from my mobile devices.
I want rock solid stability and simplicity since I use this for to debug issues if they crop up while I'm away.
Tailscale is a VPN. Caddy is a reverse proxy. I'm not sure why you're comparing the two, unless you meant Traefik?
Yes, sorry for the mixup. I meant Traefik
Yeah, I'm guessing they meant Traefik. I found it too complicated and prefer Caddy, but to each their own.
I prefer nginx to Caddy myself for reverse proxies. As far as VPN technologies go, Tailscale and WireGuard are where it’s at.
Not sure why we’re comparing Caddy to Tailscale though.
I meant Traefik, sorry.
Also, why Nginx over Caddy? How does a minimal reverese proxy setup look like with Nginx?
A reverse proxy like Caddy or Nginx is like a bouncer for your web services. It sits out front, deciding who gets in and where they're allowed to go. It's great for stuff you want to expose to the internet – like a website or web app – because it hides your actual servers, can handle HTTPS for you, and lets you set up some basic access rules.
A VPN is more like a secret underground tunnel between you and your server. Everything that goes through it is locked down to only members of the VPN. This is what you want when you're dealing with private stuff you don't want exposed to the open internet, like your home lab dashboard or some internal tools. The beauty of a VPN is that it works for everything--not just web traffic. SSH, file transfers, databases. All of it gets the same protection.
works for everything–not just web traffic. SSH, file transfers, databases.
Yup. I use it for sftp, ssh. I've never used in relation to a database. Is that for remote db? I am working on routeing mail through tailscale to a relay, since my host, for whatever reason, blocks mail ports and charges to have them turned on. I just wanted alert emails from a couple apps.
I am working on routeing mail through tailscale to a relay, since my host, for whatever reason, blocks mail ports and charges to have them turned on.
Should work fine. Your provider can't stop you from opening ports unless its a shared environment and you don't have permission/the port is already in use. Generally what they do is just block connections from outside. So if you use a VPN you're sidestepping that issue. With the VPN in place, and the server online and running you should be able to connect via {VPN_IP}:995, etc.
For every technology there exists an equal, yet undoing technology.
Because I don't need a reverse proxy?
Also, as for ease of setup, with Tailscale I install an app and login. Done.
I meant Traefik, but I'm reading up on Tailscale now and it looks good.
First of all: not everyone can publish port 80/443 or even has a public IP.
I meant Traefik.
I use both, since they do different stuff. I actually remote into my servers with wireguard, but I like to install tailscale as well as a backup. Since each device gets a unique tailnet ip, I can usually still connect even if I've fucked up some network config that breaks wireguard. ((If this is a security risk, someone let me know because I have no clue what I'm doing tbh.))
Plus tailscale lets you easily see what devices are connected to the internet at a given time.
I use both. Caddy on a VPS that reaches into my Tailscale network and proxies services hosted on a computer in my basement.
@Jason2357 @uranibaba does it pay out? I mean, you can also forward a port from one interface to another on the VPS and have one service less, am I missing something?
Using a mesh network like Wireguard/Tailscale enables you to have a public interface that's not on your home router, but the VPS instead.
The VPS is a $2 instance and very under powered, however it has a dedicated static IP and some Ddos protection. The basement computer is powerfully and capable of providing various services, but I don’t want any trouble with my home IP address. Tailscale let’s the VPS see the home computer securely.
I meant to ask about Traefik vs Caddy, but you setup is genius.