Self Hosted - Self-hosting your services.

17071 readers

4 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

No harassment
crossposts from c/Open Source & c/docker & related may be allowed, depending on context
Video Promoting is allowed if is within the topic.
No spamming.
Stay friendly.
Follow the lemmy.ml instance rules.
Tag your post. (Read under)

Important

Lemmy doesn't have tags yet, so mark it with [Question], [Help], [Project], [Other], [Promoting] or other you may think is appropriate. This is strongly encouraged!

Cross-posting

!everything_git@lemmy.ml is allowed!
!docker@lemmy.ml is allowed!
!portainer@lemmy.ml is allowed!
!fediverse@lemmy.ml is allowed if topic has to do with selfhosting.
!selfhosted@lemmy.ml is allowed!

If you see a rule-breaker please DM the mods!

founded 4 years ago

MODERATORS

Zoe8338@lemmy.ml

dogmuffins@lemmy.ml

testman@lemmy.ml

Traefik (and eventually Vaultwarden when I get there) (lemmy.ml)

submitted 3 days ago by trilobite@lemmy.ml to c/selfhost@lemmy.ml

9 comments fedilink hide all child comments

I've tried unsuccessfully to get Valutwarden working without a proxy. See here. Any request with https leads me to the SSL_ERROR_RX_RECORD_TOO_LONG error, while via http I get the "Loading wheel" running indefinitely.

Despite the top of the page here suggests you can run Valutwarden without internally without proxy, my experience suggest that this is not the case and have tried on different VMs getting the same error. So seems like the only way is going via proxy. From what I've read, people seem to suggest that Traefik is the way to go. So I'm thinking of setting it up on my same VM as Valutwarden.

Note that my network is behind a pfsense install on another hardware machine. DNS forwarding is enabled with unbound. Will installing Traefik require changes to pfSense config? Looks like it may be the case from here. For now all I want is getting Vaultwarden going; later down the line I'll learn how Traefik can benefit the rest of my homelab.

I'm trying to work out the simplest way of getting Vaultwarden going using a minimalistic proxy, as there seems to be no alternative to not having a proxy going. Thoughts?

top 9 comments

sorted by: hot top controversial new old

[–] tvcvt@lemmy.ml 4 points 2 days ago (2 children)

Traefik is a very robust reverse proxy, but I think you have easier options. If you want to keep it all in the same stack, have a look at Caddy. The configuration is just a few lines. Another very good option since you’re already using pfSense would be to use the HAProxy plugin. You’ll get a UI to manage everything and Tom Lawrence has some very helpful videos about setting it up from start to finish.

[–] CHOPSTEEQ@lemmy.ml 3 points 2 days ago (2 children)

100%. I go even further and explicitly advise against traefik these days, and I was a huge proponent of it when it launched.

Caddy is just the best reverse proxy, period. When the experiments for using it as a Kubernetes ingress succeed, it’s going to change everything.

[–] DarkSirrush@piefed.ca 3 points 2 days ago (1 children)

I am curious, what are the advantages of caddy over traefik?

[–] CHOPSTEEQ@lemmy.ml 2 points 2 days ago* (last edited 2 days ago) (1 children)

When Traefik was rewritten, the documentation became a disgusting outdated mess and stayed that way for too long, maybe still is? The configuration needed for doing things right, and doing advanced things, was crazy verbose and clogged up any compose file you used. Same with Kubernetes annotations. As I recall, debugging misbehavior was ulcer inducing due to lack of feedback.

I don’t even remember what pushed me over the edge but it took me probably one evening to rip out traefik and stick caddy in the mix. My compose file shrank by 50%, and the caddy file is a few dozen lines. All of the right behavior is just baseline. No, it’s not as slick as putting an annotation on a container and getting a configuration, but it was never just one annotation in my experience, and caddy is just so much more usable than the alternatives like nginx and even haproxy.

[–] DarkSirrush@piefed.ca 2 points 2 days ago

Ah, that's fair. Their documentation is fully up to date now, but imo their example configs suck for beginners.

I will note that anything that can be done in the compose file can be done as a config file instead, with the exception of traefik.enabled=true if you are using a container whitelist instead of a blacklist.

It took me ages to set up, but i now have auto configuration of 95% of containers that need to be reverse proxied, without binding ports (just use the 'expose' option instead of 'ports' in docker compose).

But yes, all the guides and example configs insisting on using container labels instead of the dynamic config files make it feel way more bloated and confusing than needed.

[–] 4am@lemmy.zip 1 points 2 days ago

Why would it need experiments? Can you just run it and see if it works? Are you talking about testing it at scale?

[–] passepartout@feddit.org 1 points 2 days ago

I like both very much for what they are and would confirm that Caddy is a lot easier for beginners. The only downside is that you have to rebuild the binary with caddyx for more functionality which can be limiting e.g. for people wanting to start with dns challenges for (wildcard) certificates.

[–] JASN_DE@feddit.org 2 points 3 days ago* (last edited 3 days ago)

Um... The "barebones" docker compose doesn't use TLS. How did you try to access the web UI?

Do you have your browser set to HTTPS-only by any chance?

[–] prenatal_confusion@feddit.org 1 points 2 days ago

Regarding the spinning wheel If accessed with a browser over http you never get through but the clients on desktop and mobile worked with http. At least until a few weeks ago. That forced me to get it working with a reverse proxy. Neither traefik nor npm did the trick and now I have a beautiful pangolin instance running on my vps. That software is amazing so far.