Currently, I use dockerproxy + swag and Cloudflare for externally-facing services. I really like that I don’t have to open any ports on my router for this to work, and I don’t need to create any routes for new services. When a new service is started, I simply include a label to call swag and the subdomain & TLS cert are registered with Cloudflare. About the only complaint I have is Cloudflare’s 100MG upload limit, but I can easily work around that, and it’s not a limit I see myself hitting too often.

What’s not clear to me is what I’m missing by not using Traefik or Caddy. Currently, the only thing I don’t have in my setup is central authentication. I’m leaning towards Authentik for that, and I might look at putting it on a VPS, but that’s the only thing I have planned. Other than that, almost everything’s running on a single Beelink S12. If I had to, I could probably stand up a failover pretty quickly, though.

  • mbirth
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 month ago

    You have to actually add the middleware into the (default) chain for your https entrypoint (I think in most tutorials it’s called websecure) - in my static conf I have this:

    entryPoints:
      https:                                                           
        address: :443                                                  
        http:                                                          
          middlewares:                                                 
            - crowdsec-bouncer@file                                    
            - secure-headers@file 
    

    And in my dynamic conf I have this:

    http:
      middlewares:
        crowdsec-bouncer:
          plugin:
            crowdsec-bouncer-traefik-plugin:
              CrowdsecLapiKey: "### Enter your LAPI Key here ###"
              Enabled: true