Can you post the compose?

Also I thought that frigate is only usable through home assistant, but that only means android app I guess.

Anyway, I am actually in process of picking few cameras, likely going with tplink vigi, like C340 and see if it will play nicely.

do I need reverse proxy or forward proxy?

forward proxy, look at this squid guide

I do not have SSH enabled, is it required?

nope, its for managment, to make changes

Could I use lightppd to achieve this?

dunno

What is the best way to secure this proxy connection?

Setup a VPN like wireguard-easy, so that you are not connecting to your forward proxy through open port to the world, but first through VPN and only then to the proxy.

I want to avoid installing 3rd party apps, but I am happy for inightful posts should these be beneficial

Your browser should have proxy settings, so not 3rd party app needed, though some browser extensions like foxyproxy are nice

Try it, heres a decent guide with lot of examples.

Strange, I never quite got why ever would i want to swtich to NPM, tried it and never liked it...

I ssh in and edit my caddyfile faster than I go to npm web interface and click through menus. I actually can just copy paste caddyfile config and have backup of it, while I am not even sure if npm has any backup solution by now, or you just suppose to backup on docker level.

And it is kinda in the way, a gui layer if you wanna do something more..

npm is nice for people who want easy web gui to configure stuff

caddy makes me feel more in control, its easier to backup too, since its all in one easy and readable config, and probably has more features as you go with your needs

There is also not that layer of which developer fucked up that you get when projects are projects of projects...

Something I encountered last week.

• wanted to test running caddy without https and without being open to the world, to turn off automatic https.
• Googled and came up with auto_https off documentation that I read.
• It did not work, http still did not work
• Googled more and landed on forum page that explained why auto_https is not working and that it needs explicitly stated http:\\ or port :80 in the address. Otherwise caddy will listen by default for only https.

It was no biggie, that forum post is literally the second google result for auto_https and does good job, but you asked and I have it fresh in memory...

Same here. Its my go-to for years.

Except I had encountered an issue relatively recently, where newest kernel had regression with virtual dvd under esxi hypervisor, causing higher cpu load than typical.

So I took time and switched all my shit to lts kernel, which I should have used from the get-go.

But other than that, which was solved easily by removing dvd or switching kernel, I had zero issues, and even had some deployments where i was updating ~2 years old arch install and it went smoothly...

Would it be possible to use a DNS server and reverse proxy together?

Sure, reverse proxy is a web server whos job is to be in charge of ports 80 and 443 and decide to what other webservers send traffic based on request url

Can I have Internal and external DNS?

Probably, who knows what you really means. Split dns maybe?

Should I switch to running a bare-metal hypervisor?

If you need it. Seems your needs are met with just docker.

What should I use for a DNS Server?

dnsmasq works and I used it for a time, then I moved to having opnsense as my firewall and use its unbound service.

Are they necessary or more of a convenience thing?

Convenience.

Dunno why top answer is necessity, you absolutely can rock open multiple ports that go to different things, same as OP does now through VPN.

But convenience is a big thing... I love caddy reverse proxy for its simplicity and robustness. Here is a docker guide if you wanna try it.

From my basic selfhosted experience... I run kopia as root , my shit uses bind mounts so all I care about is in that directory.

And so far it works fine, to just down old, rename the directory, copy from nightly backup back the directory and start container.

But yeah if there is something I care about I schedule database dumps like here in bookstack or vaultwarden..

To have something more if shit would not work start.

• windows - mobaXterm
• linux - nnn file manager on the machine, with fzf plugin, and micro editor

Prometheus + Grafana + Loki

It is bit difficult at start, but really in the end you can monitor and get notification on anything thats happening on your system.