Title. I looked at how to configure anything and found Caddy to be much easier to use. Aside from a lot of docker images integrating with it, why is everyone using it? Edit: I meant Traefik
You must log in or register to comment.
Tailscale is a VPN. Caddy is a reverse proxy. I’m not sure why you’re comparing the two, unless you meant Traefik?
Yeah, I’m guessing they meant Traefik. I found it too complicated and prefer Caddy, but to each their own.
Yes, sorry for the mixup. I meant Traefik
First of all: not everyone can publish port 80/443 or even has a public IP.
I meant Traefik.
Because I don’t need a reverse proxy?
Also, as for ease of setup, with Tailscale I install an app and login. Done.
I meant Traefik, but I’m reading up on Tailscale now and it looks good.
I prefer nginx to Caddy myself for reverse proxies. As far as VPN technologies go, Tailscale and WireGuard are where it’s at.
Not sure why we’re comparing Caddy to Tailscale though.
I meant Traefik, sorry.
Also, why Nginx over Caddy? How does a minimal reverese proxy setup look like with Nginx?
It’s mostly about performance. Caddy’s Go-based garbage collector starts to negatively impact performance at high load. It looks something like:
server { listen 443 ssl http2; server_name example.com; ssl_certificate /etc/nginx/ssl/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/privkey.pem; location / { proxy_pass http://localhost:3000/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
I use both. Caddy on a VPS that reaches into my Tailscale network and proxies services hosted on a computer in my basement.
@Jason2357 @uranibaba does it pay out? I mean, you can also forward a port from one interface to another on the VPS and have one service less, am I missing something?
Using a mesh network like Wireguard/Tailscale enables you to have a public interface that’s not on your home router, but the VPS instead.
The VPS is a $2 instance and very under powered, however it has a dedicated static IP and some Ddos protection. The basement computer is powerfully and capable of providing various services, but I don’t want any trouble with my home IP address. Tailscale let’s the VPS see the home computer securely.
I meant to ask about Traefik vs Caddy, but you setup is genius.
Thanks, I like it. The downside is that the VPS can see the content of my services, so it’s no good if you don’t trust the VPS provider, or if the content is too sensitive to allow that. I think it’s a good trade-off for my usage though. Performs well. One of the services I proxy is a rpi serving images downloaded from weather satellites. Connecting directly to the pi is super slow, but the proxy caching makes it 100% faster.
I’ll admit I’ve not tried Traefik yet, but I see Caddy as being to web servers (and reverse proxies), what WireGuard is to VPNs.
It does what it needs to well, with a minimal config file. And if I learn and get comfortable with Caddy, then I know it can do anything I will ever need of a web server down the line with no need for me to ever change setup.
If Caddy works for you, no reason to change it.
I use Traefik because I like how tightly integrated it is with Docker. If the container with the config labels on it starts/stops the corresponding router in Traefik also starts/stops.
Since my services are mostly running in Docker, it’s the perfect workflow for me.
I switched to Traefik as it has auto-configuring for containers for effortless deployment to any of your environments (dev, test, staging, production, etc.) either manually or straight from CI/CD.
The way it works is that you put any configuration in your compose file which is then picked-up by Traefik when its deployed - it reads the config, re-configures itself accordingly, and you’re done! So all your reverse-proxy config, cert config, etc. is all with the project so aren’t going to get out-of-sync.
Just keeps things really clean and simple. Plus it’s a great reverse proxy of course with tons of features, nice admin dashboard, logging, etc.
I have not tried Traefik, tho looking at what it does, it’s pretty amazing. Caddy seems to fit what I do, and as OP stated, Caddy is pretty easy to master, even tho it took me an embarrassingly long time to get it through my dim brain. Traefik does seem like a very polished app tho and is very integrated in with docker.
I spin a new service, add a few human understandable labels and traefik makes the connection automatically.
I use both, since they do different stuff. I actually remote into my servers with wireguard, but I like to install tailscale as well as a backup. Since each device gets a unique tailnet ip, I can usually still connect even if I’ve fucked up some network config that breaks wireguard. ((If this is a security risk, someone let me know because I have no clue what I’m doing tbh.))
Plus tailscale lets you easily see what devices are connected to the internet at a given time.
Others have already mentioned the question makes no sense but for others that are curious.
Headscale is a self hosted tailacale alternative and for a small number of devices plain wireguard is as well. I use plain wireguard on my router to allow LAN access from my mobile devices.
I want rock solid stability and simplicity since I use this for to debug issues if they crop up while I’m away.
