this post was submitted on 06 Feb 2025
36 points (97.4% liked)

Self Hosted - Self-hosting your services.

11925 readers
84 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

Important

Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!

Cross-posting

If you see a rule-breaker please DM the mods!

founded 3 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
36
Migrated from Nginx to Caddy (lemmy.ml)
submitted 17 hours ago by [email protected] to c/[email protected]
29 comments fedilink hide all child comments
 

When I first set up my web server I don't think Caddy was really a sensible choice. It was still immature (The big "version 2" rewrite was in beta). But it's about five years from when that happened, so I decided to give Caddy a try.

Wow! My config shrank to about 25% from what it was with Nginx. It's also a lot less stuff to deal with, especially from a personal hosting perspective. As much as I like self-hosting, I'm not like "into" configuring web servers. Caddy made this very easy.

I thought the automatic HTTPS feature was overrated until I used it. The fact is it works effortlessly. I do not need to add paths to certificate files in my config anymore. That's great. But what's even better is I do not need to bother with my server notes to once again figure out how to correctly use Certbot when I want to create new certs for subdomains, since Caddy will do it automatically.

I've been annoyed with my Nginx config for a while, and kept wishing to find the motivation to streamline it. It started simple, but as I added things to it over the years the complexity in the config file blossomed. But the thing that tipped me over to trying Caddy was seeing the difference between the Nginx and Caddy configurations necessary for Jellyfin. Seriously. Look at what's necessary for Nginx.

https://jellyfin.org/docs/general/networking/nginx/#https-config-example

In Caddy that became

jellyfin.example.com {
  reverse_proxy internal.jellyfin.host:8096
}

I thought no way this would work. But it did. First try. So, consider this a field report from a happy Caddy convert, and if you're not using it yet for self-hosting maybe it can simplify things for you, too. It made me happy enough to write about it.

top 29 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 5 hours ago (1 children)

This sounds interesting. But in that case, how are headers set? From a security and even privacy standpoint the correct headers can be quite important. How do you enable/disable http2 and http3?

[–] [email protected] 2 points 4 hours ago (1 children)

Caddy operates on the principle of sensible defaults. These defaults can be optionally configured further if you desire, but from what I've read Caddy just shifts the defaults to good modern options when it's ready to do so on newer releases.

But if you must override these choices or need to maintain compatibility with some other software, you can define them explicitly. Here's how you'd forcibly enable or disable http2/3 https://caddyserver.com/docs/caddyfile/options#protocols, for example.

[–] [email protected] 1 points 33 minutes ago

Thanks for the response, this makes sense I suppose. I personally like being explicit and knowing-at-a-glance what is currently configured, but I can see some defaults being useful for many beginners for instance, and keeping config cleaner.

[–] [email protected] 4 points 12 hours ago (1 children)

I'm too scared to swap away from SWAG. The combination of nginx proxy manager and LetsEncrypt helps me dumb ass a ton.

[–] [email protected] 1 points 42 minutes ago

Ngix proxy manager + letsencrypt are such a time and effort save

[–] [email protected] 2 points 12 hours ago

I just set up caddy a few weeks ago as my first foray into reverse proxies, and as you said it was an incredibly easy experience.

I specifically chose caddy for the simplicity of the Caddyfile and automatic certs/renewals when I was looking at which reverse proxy engine to set up.

10/10 would choose caddy again.

[–] [email protected] 5 points 17 hours ago (4 children)

I've been using nginx proxy manager for years on my server, and it's great, but occasionally I give caddy the side eye and think about switching.

[–] [email protected] 3 points 14 hours ago* (last edited 14 hours ago) (1 children)

I very highly recommend that you take the time and just switch. Caddy is simply fabulous. It's designed to work (assuming it's compiled with the module) with containers and use docker networks for routing. It makes it easy to spin up containers and directly reference the container names instead of remembering IP addresses and particularly comes in handy when your entire environment is containerized.

You can pull the caddy image and run it in docker and as long as your environment is configured correctly you can simply reverse_proxy @container and you're done. Caddy pulls all the relevant port information directly from the container API.

I get such a nerd boner thinking about it.

[–] [email protected] 1 points 2 hours ago

That's really nice. Dang. I'm going to take a serious look at caddy. NPM has been working without issues lately, but I'm not looking forward to the next time it breaks on me.

[–] [email protected] 4 points 16 hours ago (1 children)

By reputation I know that Nginx proxy manager seems to work great if you're on the "happy path" but if you need anything out of the norm it supposedly is less great to use. In my case I do have a few quirks, primarily with fcgiwrap. But I can't say how it'd play, because I honestly never heard of NPM until yesterday when I was refreshing myself on web servers (and went with Caddy).

[–] [email protected] 2 points 16 hours ago

Agree. So far when I've had abnormal stuff it's been easy enough to add the custom config in NPM, but that super simple caddy config looks really nice

[–] [email protected] 2 points 15 hours ago (1 children)

I used NPM as well, and eventually just got sick of various issues i'd had with it (probably all my fault, but...) so switched to Caddy and it was just so much easier and reliable for me. I'd heartily recommend it.

[–] [email protected] 1 points 2 hours ago

I think I'm gonna take a much more serious look at caddy.

[–] [email protected] 1 points 17 hours ago (1 children)

Why

[–] [email protected] 2 points 16 hours ago (1 children)

Why do I use NPM, or why do I consider switching to caddy?

[–] [email protected] 1 points 16 hours ago (2 children)

Why would you consider switching? I find NPM to be the best :)

[–] [email protected] 1 points 10 hours ago* (last edited 10 hours ago)

3 lines of text (which you can copy/paste from an existing entry) beats clicking around a web interface to set things up.

Plus you can do many more advanced things with Caddy which you can't do in NPM. Caddy is just easier to use.

[–] [email protected] 4 points 16 hours ago (3 children)

I like NPM, but on a few occasions over the years I've used it it has broken irreparably for no reason. There have been times where I couldn't log in with my credentials, and times when I couldn't generate SSL certs. Over the last year or so it's been really solid but there were a couple times I was ready to chuck NPM out the window.

[–] [email protected] 2 points 2 hours ago (1 children)

This is why I switched also. More and more reports of NPM just breaking out of the blue.

[–] [email protected] 1 points 2 hours ago

Probably going to make this a weekend project soon.

[–] [email protected] 2 points 15 hours ago (1 children)

I had these sorts of issues too, always assumed it was something i'd goofed - but have never had similar with Caddy.

[–] [email protected] 1 points 2 hours ago

Yeah, in the past it’s been really frustrating. There was one time I couldn’t log in no matter what I tried. I hadn’t updated the NPM container or anything. It just shit the bed. At the time I wasn’t confident enough to switch away from NPM. I had to completely rebuild my proxy setup. Deleted the NPM container and persistent data, spun up a brand new container, then set back up all of my reverse proxies.

That was the last time I’ve had a problem with NPM, but I also don’t really trust it anymore. I’ve stuck with it due to momentum, but I’m always worried about it breaking for no reason.

[–] [email protected] 2 points 16 hours ago

I can understand that! Portainer recently did the same log in thing to me and I wanted to go crazy.

[–] [email protected] 1 points 12 hours ago* (last edited 12 hours ago) (1 children)

You have already made your choice :) But Traefik is also a good alternative ! Specially if you work with a lot of docker containers !

Once you get how Traefik works, it just simple as adding a few lines into your yaml file and everything is handled by Traefik !

[–] [email protected] 1 points 4 hours ago (1 children)

Is my understanding correct? Traefik itself isn't a traditional web server. The primary thing I host is my blog, so I would need another web server to serve that content.

[–] [email protected] 1 points 1 hour ago* (last edited 1 hour ago)

It's primarily a reverse proxy! However you can host a nginx docker container and serve it this way.

I had no idea caddy is also a web server/reverse proxy? I though of caddy being more similar to Treafik than nginx. My bad :/

[–] [email protected] 2 points 14 hours ago (1 children)

You can also restrict the reverse proxy to specific adresses too like 192.168.1.0/24

[–] [email protected] 1 points 14 hours ago

I should look into that to see if I can restrict Vaultwarden, since I VPN into my home network anyway.

[–] [email protected] 1 points 16 hours ago

Soon I am hoping to migrate from Nginx to H2O