.png)
I'm still in the mess around and finding out stages of my home lab journey. My current experimentation phase is which reverse proxy solution to use for accessing my self-hosted apps from wherever, with easily remembered subdomains of a domain I own. So far, I've dabbled with Nginx, graduated to Nginx Proxy Manager, played with Pangolin, and tinkered with Traefik, but one other name keeps coming up. That's Caddy, which bills itself as 'the ultimate server', but it's much more than that.
For a start, Caddy is a really easy way to get SSL certs for your self-hosted apps. For home lab use, that's immensely handy, and gets rid of all those insecure connection warnings that pop up. The configuration and setup couldn't be easier, because it's all handled in one file, the "Caddyfile," that contains your reverse proxies, SSL certs, Cloudflare API keys, and everything else you need for your setup.
Related
5 reasons you should use a reverse proxy for your self-hosted apps
Easily open up access to your self-hosted apps without the headache of individually configuring them.
One configuration file to rule them all
And in the DNS, bind them
While every other reverse proxy I've set up took additional time, and sometimes expense, to get going, Caddy took seconds. It's a very simple Layer 7 proxy, but that simplicity is part of its strength, as you don't need that much in the way of advanced knowledge to get it going. You do need to add your Cloudflare API token as an environment token if you want to use it for DNS challenges for SSL certificates, but that's the most advanced part to begin with.
Then, all you need for each reverse proxy is to issue a quick CLI command:
caddy reverse-proxy --from :2080 --to :9000Or you could do it in the Caddyfile, with a simple snippet like this:
example.com {reverse_proxy http://:
}
Either way, it takes no time to set up each reverse proxy route you want, and that's all you have to do. Caddy will see the new domain, get a Let's Encrypt SSL certificate for it, and that's it—a secured reverse proxy for your self-hosted apps. And once you've set it up, there's no ongoing maintenance or anything. You can just leave it running in the background, until the next time you need to open up the Caddyfile to add more routes or features.
Related
Close integration into OPNsense makes it easy
Caddy makes your router even better
For me, the real power of Caddy isn't the one-file configuration, although that's handy. It's that there's an OPNsense plugin for it, so you can install Caddy on your firewall and have it use local hostnames in your home lab without needing a domain name. That makes it perfect for the home lab, where you only have to worry about what you're building, and if you restrict access to internal IPs, you can experiment with impunity.
You can even reverse proxy the OPNsense web GUI, if you want to be able to access it outside the home lab environment. This is handy if you lock yourself out of the interface with a misconfiguration, especially if you're virtualizing OPNsense, so you don't have a physical device to access the console from.
Related
There's no one-size-fits-all reverse proxy solution for the home lab
Source: Unsplash
At the end of the day, it's about the reverse proxy that works for your use case. I like how Caddy integrates into OPNsense, which I'm already running in my home lab as a separate network away from my home network, making it very easy to set up reverse proxies for the scenarios I'm simulating. But it's not the perfect fit for other things I need, like accessing my home network from anywhere else. Pangolin set up on a VPS makes that process easier for me because the Newt client helps with NAT hole-punching, so I don't have to keep ports open to the outside world. Maybe I'll end up using Caddy for that too, once I get my head around it, but until then, it'll be used in my test bench only.
English (US) ·