Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Shill Me Your Favorite Reverse Proxy!
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Shill Me Your Favorite Reverse Proxy!

I need a reverse proxy for a project I'm working on. It's just going to proxy some pages from localhost, but I need to add basic password authentication on the front. (The software in question has no access control whatsoever.) Looking for lightweight, simple, and, as a bonus, a nice Ansible role I can snag.

My go-to would probably be Varnish; Squid and Apache are probably too much for such a simple task. Would consider Caddy, though. Maybe there's some other new hotness? Haven't checked yet to see if any of them will do what I want.

So, what do you guys recommend?

Thanked by 2Stationswift mandala
«1

Comments

  • @ralf said:
    haproxy

    Really? I think of haproxy as a load balancer. Seems like more than I need. But it does look like it would do what I want to do.

  • nginx w/NPM

    Thanked by 2szarka COLBYLICIOUS
  • @Zshen said:
    nginx w/NPM

    Nifty. NPM has built-in Let's Encrypt support. Me likey.

  • @szarka said:

    @ralf said:
    haproxy

    Really? I think of haproxy as a load balancer. Seems like more than I need. But it does look like it would do what I want to do.

    haproxy can do pretty much any reverse or forward proxy you need, and you can make rules to direct traffic based on pretty much any criteria you want. If you don't want load-balancing, you can make a pool with just a single server.

    To achieve similar to what you're doing, I have one rule that forwards /api to the pool that contains the closest internal webapp backend and some further away fallback options, and another rule that forwards /dev to a different pool where it can forward to either my work PC or my work macbook and it picks whichever one is currently running a server (because I develop on both). So, the app I'm developing on my phone can use the normal internet to connect to mydomain.com:/api/... for the live api, or mydomain.com:/dev/... for my current in-progress work.

    haproxy also lets you forward pretty much any TCP traffic too.

    Thanked by 3szarka mandala Chuck
  • plumbergplumberg Veteran, Megathread Squad

    Caddy... manages Let's encrypt certs management natively.

    I am a bit unsure of adding auth layer but I would not be surprised it has something already.

    Thanked by 1naphtha
  • Well, the name definitely sounds like what I want!

    Thanked by 2yabarg webcraft
  • beanman109beanman109 Member, Megathread Squad

    HAProxy or Nginx if you don't want a webgui
    Nginx Proxy Manager if you want a webui

    Thanked by 3szarka mandala Chuck
  • Check out Traefik

    Thanked by 2szarka mandala
  • @plumberg said:
    Caddy... manages Let's encrypt certs management natively.

    I am a bit unsure of adding auth layer but I would not be surprised it has something already.

    I don't actively use Caddy, but should be possible using the basic_auth directive: https://caddyserver.com/docs/caddyfile/directives/basic_auth#basicauth

    Thanked by 1szarka
  • @concept said:
    Check out Traefik

    Huh. Never even heard of that one! Sounds like a lot more than I want, but filed away for future reference…

  • @beanman109 said:
    HAProxy or Nginx if you don't want a webgui
    Nginx Proxy Manager if you want a webui

    Yeah, I don't need a GUI. If Nginx takes care of the Let's Encrypt, then that's enough.

    Honestly, I think I could do everything I need with a couple of firewall rules and a PHP script. But it would be nice to add the Let's Encrypt stuff later, so might as well do it right from the beginning.

    Thanked by 1mandala
  • Caddy 100%. I have fought long enough to get Apache and nginx to reverse proxy with TLS and it was always annoying. Caddy just does everything automated. Only downside is that you don't have like nginx 10+ years of old forum discussions on how to solve your specific problem, or 100+ years of old grey beards discussing how to get Apache to do what you want. But if you have normal problems and want the obvious, easy solution, it's caddy IMO.

  • conceptconcept Member
    edited December 2024

    I wonder if something like Cloudflare Pages or Cloudflare Tunnel would work for you.

    Thanked by 1szarka
  • Caddy

    Thanked by 3szarka mandala zutomayo
  • @concept said:
    I wonder if something like Cloudflare Pages or Cloudflare Tunnel would work for you.

    No, not really.

  • @philwatcher said:
    Caddy 100%. I have fought long enough to get Apache and nginx to reverse proxy with TLS and it was always annoying. Caddy just does everything automated. Only downside is that you don't have like nginx 10+ years of old forum discussions on how to solve your specific problem, or 100+ years of old grey beards discussing how to get Apache to do what you want. But if you have normal problems and want the obvious, easy solution, it's caddy IMO.

    Well, I've been using Apache since the mid-90s, and my beard would in fact be grey if I let it grow out, and even I don't want to use Apache for this. LOL

    I mean, I would if there were some other reason to have it on the server. But this is a very specialized thing.

    Thanked by 2mandala JohnnySac
  • CabbageCabbage Member
    edited December 2024

    If you're using Docker/Podman, then definitely go with Traefik because it has a lot of features built around it.

    Nevermind, I missed that Ansible part. I haven't used Ansible before, but I would go with Caddy first.

  • @szarka said:

    @philwatcher said:
    Caddy 100%. I have fought long enough to get Apache and nginx to reverse proxy with TLS and it was always annoying. Caddy just does everything automated. Only downside is that you don't have like nginx 10+ years of old forum discussions on how to solve your specific problem, or 100+ years of old grey beards discussing how to get Apache to do what you want. But if you have normal problems and want the obvious, easy solution, it's caddy IMO.

    Well, I've been using Apache since the mid-90s, and my beard would in fact be grey if I let it grow out, and even I don't want to use Apache for this. LOL

    I mean, I would if there were some other reason to have it on the server. But this is a very specialized thing.

    Yup, once you want to also start serving stuff Apache becomes maybe easier again. Just these days I wanted to add php to caddy and had to manually install php-fpm and configure the Unix socket. I have to say, the LAMP stack is definitely easier with Apache. But then you need websockets, ugh...

  • zzzz11zzzz11 Member
    edited December 2024

    I've been meaning to try to setup a reverse proxy one of these days, so I can get some experience. I'll probably give it a try soon. :D

  • @Zshen said:
    nginx w/NPM

    This is the way.

  • Caddy ftw

  • aashritaashrit Member
    edited December 2024

    Have been using caddy from many days now.... It's good.

  • naphthanaphtha Member
    edited December 2024

    caddy only (except for advanced caching, in which case i still use caddy for ssl/http3 and nginx behind it)

    caddy makes it really easy to build custom container images with plugins

    for example i have a caddy image with a redis plugin which allows multiple caddy instances to share the same ssl certs, for geodns. i connect it to local redis instances in a cluster

  • Caddy

  • admaxadmax Member, Megathread Squad

    If you're using Docker, Traefik is also a great choice.

  • Haproxy 100%

  • Caddy +1. simple and sufficient.

  • @philwatcher said: Apache and nginx to reverse proxy

    IMHO, it's best to aim for a clean separation of concerns. Once you start having your webserver also acting as a proxy for another server, you're unnecessarily increasing the load on the web server (which is usually much heavier than the proxy anyway, hence the rationale for reverse proxy as a load-balancer) and also you're adding an additional point of failure for the service that's being proxied.

    IMHO, it's cleanest to have reverse proxies on the edge of your network that forward to the correct place for the service required. When you need to grow or reshape your web server configs you can do it much more easily.

Sign In or Register to comment.