Currently, I use dockerproxy + swag and Cloudflare for externally-facing services. I really like that I don’t have to open any ports on my router for this to work, and I don’t need to create any routes for new services. When a new service is started, I simply include a label to call swag and the subdomain & TLS cert are registered with Cloudflare. About the only complaint I have is Cloudflare’s 100MG upload limit, but I can easily work around that, and it’s not a limit I see myself hitting too often.
What’s not clear to me is what I’m missing by not using Traefik or Caddy. Currently, the only thing I don’t have in my setup is central authentication. I’m leaning towards Authentik for that, and I might look at putting it on a VPS, but that’s the only thing I have planned. Other than that, almost everything’s running on a single Beelink S12. If I had to, I could probably stand up a failover pretty quickly, though.
I’ve recently introduced CrowdSec and crowdsec-bouncer-traefik-plugin into my setup and it’s really great to see it block all those spam bots and brute force attempts.
Thanks for the tip !! I will certainly give it a look, It’s kinda annoying for my family members to always connect via wireguard.
For me it’s fine though, I even route my traffic to ProtonVPN but my family is always nagging how they need to “do something” to get access to the hosted services or that it “doesn’t work”.
Do you have a guide on how to do his? I couldn’t get the middleware to work to actually bounce connections
You have to actually add the middleware into the (default) chain for your
httpsentrypoint (I think in most tutorials it’s calledwebsecure) - in my static conf I have this:https: address: :443 http: middlewares: - crowdsec-bouncer@file - secure-headers@fileAnd in my dynamic conf I have this:
http: middlewares: crowdsec-bouncer: plugin: crowdsec-bouncer-traefik-plugin: CrowdsecLapiKey: "### Enter your LAPI Key here ###" Enabled: true