This seems too straightforward, what’s the catch?
Like how secure is it? Should I be turning it off (and disabling the port forwarding) when not using it?
Do I need any additional security? Mainly just want to use it for Jellyfin
Thanks
I would like to jump over to it. I have been struggling with Nginx and Apache and I am afraid I have made a mess of things. I am installing on an old Mac Mini with Mac OS so I don’t really have a way to isolate and remove Nginx and Apache and I have a feeling if I try Caddy I will get some interferences.
The documentation it’s surprisingly bad at explaining common patterns of use.
It is also a bit thicker compared to nginx or HAproxy.
I switched from Traefik to Caddy a few years ago and have no ragrets. The only complaints I have about Caddy:
- It doesn’t support configuring virtual hosts automatically via docker labelsl (like Traefik).
- Many features (like DNS auth for certs) require compiling Caddy. Which is easy but annoying.
I wrote something that can setup caddy automatically from docker labels.
It’s not well documented as I mostly wrote it for myself. https://hub.docker.com/r/mheys1/docker-dynamic-caddy https://github.com/mattheys/ddc
It basically acts like a DNS server serving up SRV records that caddy can use for dynamic configuration, I added in an on_demand_tls endpoint as well so that you don’t get spammed for non existent TLS records.
How do you compare Caddy with nginx proxy manager?
Caddy is very basic, and thats why it works so easily. There is nothing wrong with it.
However it lacks some features that other reverse proxies offer. But if you dont need any of those, use Caddy.
Additional security? Not directly. But fail2ban and CrowdSec are easily set up too. And Caddy also combines very well with Authelia for authentication.