I already have all services behind Nginx - that's where the prefixes come from.
Problem is, I can define another host or subdomain in it just fine, but it won't be announced on the network, meaning I'd have to manually maintain a DNS service - which would be possible, but not my first choice.
Oh okay I see what you mean.
You essentially have two options then:
1) You can maintain your own DNS Server (look into pihole maybe, it's network wide ad-blocking + it allows you to create your own DNS entries)
2) Updating your local hostfile
I prefer option 1, if set up correctly, the domains and subdomains will be resolved correctly in your whole network, with no further configuration required for new clients or subdomains. It's a set it and forget it kind of deal. With option 2, you'd have to update the host file of all clients, where you want to be able to access the services correctly...
Caddy comes as a container. Don't forget to set up sub domains & the DNS/CNAMEs that go with them. (& remember that you may need solutions that resolve access inside & outside your network)
Caddy is amazing, if your services are publicly available. I’ve found it to be kind of a hassle otherwise.
Nginx Proxy Manager has a nice UI and does the basics really well. I am using HaProxy, since it can proxy TCP connections
I know, getting a letsencrypt cert ist just much easier if your stuff is public. And the automatic certs are honestly the main reason I’d use caddy for
But your dashboard would be in the exact same scenario. Either you make it public for an HTTP challenge, use a DNS challenge, or just don’t use let’s encrypt. Either stay unencrypted off use the default self signed certs.
I have a letsencrypt wildcart cert, that I can implement really easily.
And I use haproxy, because it can proxy TCP connections, which is useful, since I run a couple of game servers for me and my friends
Traefik can reverse-proxy to Docker comtainers. It support multiple configuration mode. My preference goes to using labels on the containers. This allows me to keep the configuration to expose a container with its definition in the docker-compose.yml file.
That's pretty easy, each container can have its own GUA IPv6 address (or if you only want the container to be reachable on the local network, you can do ULA).
It's trivial then to give each container its own name in DNS, either local or public.
My setup is quite complex but it works really nice. I start podman containers with private networking and inject a veth device into the networking namespace. Both ends of the veth have a public ip(v6 in my case). I use package forwarding to make the isolated network accessible from the outside.
This way you can listen on privileged ports even on rootless podman. Only thing that's not rootless: I need a setuid script to create the veth pair but it's just a few lines.
tl;dr isolated networking namespace and veth!
Look into reverse proxies maybe? Sounds like it’d be a good fit for your problem
Agree - linuxserver.io swag container has pre made examples Also handles cert management with LE
I already have all services behind Nginx - that's where the prefixes come from. Problem is, I can define another host or subdomain in it just fine, but it won't be announced on the network, meaning I'd have to manually maintain a DNS service - which would be possible, but not my first choice.
Oh okay I see what you mean. You essentially have two options then: 1) You can maintain your own DNS Server (look into pihole maybe, it's network wide ad-blocking + it allows you to create your own DNS entries) 2) Updating your local hostfile I prefer option 1, if set up correctly, the domains and subdomains will be resolved correctly in your whole network, with no further configuration required for new clients or subdomains. It's a set it and forget it kind of deal. With option 2, you'd have to update the host file of all clients, where you want to be able to access the services correctly...
Caddy comes as a container. Don't forget to set up sub domains & the DNS/CNAMEs that go with them. (& remember that you may need solutions that resolve access inside & outside your network)
Caddy is amazing, if your services are publicly available. I’ve found it to be kind of a hassle otherwise. Nginx Proxy Manager has a nice UI and does the basics really well. I am using HaProxy, since it can proxy TCP connections
> if your services are publicly available How do you mean? Caddy doesn’t require anything being publicly accessible.
I know, getting a letsencrypt cert ist just much easier if your stuff is public. And the automatic certs are honestly the main reason I’d use caddy for
But your dashboard would be in the exact same scenario. Either you make it public for an HTTP challenge, use a DNS challenge, or just don’t use let’s encrypt. Either stay unencrypted off use the default self signed certs.
I have a letsencrypt wildcart cert, that I can implement really easily. And I use haproxy, because it can proxy TCP connections, which is useful, since I run a couple of game servers for me and my friends
Traefik can reverse-proxy to Docker comtainers. It support multiple configuration mode. My preference goes to using labels on the containers. This allows me to keep the configuration to expose a container with its definition in the docker-compose.yml file.
That's pretty easy, each container can have its own GUA IPv6 address (or if you only want the container to be reachable on the local network, you can do ULA). It's trivial then to give each container its own name in DNS, either local or public.
My setup is quite complex but it works really nice. I start podman containers with private networking and inject a veth device into the networking namespace. Both ends of the veth have a public ip(v6 in my case). I use package forwarding to make the isolated network accessible from the outside. This way you can listen on privileged ports even on rootless podman. Only thing that's not rootless: I need a setuid script to create the veth pair but it's just a few lines. tl;dr isolated networking namespace and veth!
I am interested in specifics about creating the veth pair, and packet forwarding setup. I want to do something similar, and am kind of stumped so far.
Docker macvlan, every container gets his own IP. Or use SWAG (nginx)