Title. I looked at how to configure anything and found Caddy to be much easier to use. Aside from a lot of docker images integrating with it, why is everyone using it? Edit: I meant Traefik
You must log in or register to comment.
Tailscale is a VPN. Caddy is a reverse proxy. I’m not sure why you’re comparing the two, unless you meant Traefik?
Because I don’t need a reverse proxy?
Also, as for ease of setup, with Tailscale I install an app and login. Done.
First of all: not everyone can publish port 80/443 or even has a public IP.
I prefer nginx to Caddy myself for reverse proxies. As far as VPN technologies go, Tailscale and WireGuard are where it’s at.
Not sure why we’re comparing Caddy to Tailscale though.
I meant Traefik, sorry.
Also, why Nginx over Caddy? How does a minimal reverese proxy setup look like with Nginx?
It’s mostly about performance. Caddy’s Go-based garbage collector starts to negatively impact performance at high load. It looks something like:
server { listen 443 ssl http2; server_name example.com; ssl_certificate /etc/nginx/ssl/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/privkey.pem; location / { proxy_pass http://localhost:3000/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }How do you know which headers to set? I couldn’t find any documentation when I last tried (but that was some years ago now).
It can be specific to the web application but generally speaking you’d want to pass the protocol, client IP address, etc.
A reverse proxy like Caddy or Nginx is like a bouncer for your web services. It sits out front, deciding who gets in and where they’re allowed to go. It’s great for stuff you want to expose to the internet – like a website or web app – because it hides your actual servers, can handle HTTPS for you, and lets you set up some basic access rules.
A VPN is more like a secret underground tunnel between you and your server. Everything that goes through it is locked down to only members of the VPN. This is what you want when you’re dealing with private stuff you don’t want exposed to the open internet, like your home lab dashboard or some internal tools. The beauty of a VPN is that it works for everything–not just web traffic. SSH, file transfers, databases. All of it gets the same protection.
works for everything–not just web traffic. SSH, file transfers, databases.
Yup. I use it for sftp, ssh. I’ve never used in relation to a database. Is that for remote db? I am working on routeing mail through tailscale to a relay, since my host, for whatever reason, blocks mail ports and charges to have them turned on. I just wanted alert emails from a couple apps.
I am working on routeing mail through tailscale to a relay, since my host, for whatever reason, blocks mail ports and charges to have them turned on.
Should work fine. Your provider can’t stop you from opening ports unless its a shared environment and you don’t have permission/the port is already in use. Generally what they do is just block connections via a router/firewall. So if you use a VPN you’re sidestepping that issue. With the VPN in place, and the server online and running you should be able to connect via
{VPN_IP}:995, etc.
I spin a new service, add a few human understandable labels and traefik makes the connection automatically.
