As a long time Traefik user and the first R-Proxy I ever learned on... NGINX Proxy Manager HANDS DOWN for at home. I have incorporated it at my place of work as well. It's fantastic and when you get support for it, they will help with making sure NPM is doing stuff securely.

I just migrated from doing reverse proxy with HAProxy to using nginx proxy manager (using the provided GUI in my Netgate/pfsense router). I'm doing a lot of docker (with compose) but no Kube (no interest). After watching this, I'm glad I chose NPM vs Traefik - I'm really liking NPM.

Thanks been watching many of your other videos, but now that I started thinking about Traefik or Traefik Hub, I saw this older video. But just wanted to say with NPM what had been helping me was using a wildcard cert, and pointing to container names versus using container IP addresses. The latter allows the external ports to stay closed, and NPM always finds the containers, no matter if their IP addresses change this made my life way easier, and also prevented docker containers punching open the firewall ports automatically when creating new containers.

As an intermediate, I've been looking all around for a good explanation on how to properly use reverse proxies and how to set them up and all that. This video has been great for that!!

You explain complex topics so well, I'm a beginner and I actually understand concepts so much better from watching your videos. Thank you

Personally loving Traefik. When you know how it works, it's insanely fast to get a new service up. I already copy from one of my other stacks/docker compose files, so I simply need to change the labels to the new subdomain and I'd basically be good to go.

This is a great overview of the products and helped me decide to go with NGINX for now as I want something quick for self hosting set up. I'm planning to dabble with docker and container automation later so will take a look a traefik at that point.

I would suggest beginners to start with nginx and make it work. Then, if the project grows and needs increase, consider switching to traefik

Hi Christian, great video and content! Thanks very much! For me / my homelab NPM (with Authelia!) is the simplest and best choice, like you mentioned it :-) I like it when things are simple and functional (like NPM in combination with authelia for additional 2fa), I like it when my homelab-stuff is very secure (dmz-firewall-concept with opnsense and sophos xg) and I like to automate everything (ansible, scripts...) - that's why I have and love my homelab and that's the reason why I change things often :-) I am looking forward to your server-rack videos.

Hi Christian! I can only recommend the absolute standard cert-manager & nginx-ingress stack (with some ingressdefinitions routing it to the backend services) :D its a bit "harder" to setup however its really damn simple in the sense that you always know why stuff is doing what it does. theres no magic going on in the background

Hi! Like you, I am not looking to self-host but to learn. With that in mind, I am currently running my Kubernetes with Cilium CNI and using its own Ingress controller. I will be changing it to the API Gateway in the near future. As I read, the new API gateway controller from Kubernetes solves many gaps in the ingress controller

Great video. I've only just got into this a few weeks ago and TBH really liking NPM so far so will probably stick with it for now for my simple needs. BTW looks like a really nice bash prompt you've got and looks like you're using Windows Terminal too - would you mind letting me know which font and prompt customisation you're using? I like Caskaydia from Nerd Fonts but finding only some of the icons are showing up with it.

Great clarifications for the different situations. I thought the extra comments on the differences was helpful. I need to look at nginx for reverse proxy for my home-lab hosted ideas. One more thing to learn

I use Traefik for my Kubernetes cluster, and nginx for my Docker hosts. Both have a wildcard SSL cert for the part of the namespace they control. I also have my Docker host in a colo, while the Kubernetes is at home, and consists of lower end PCs and Raspberry Pis. It's "interesting" mixing architectures in the same cluster...

I switched from Swag (Formerly known as LE Proxy) to Nginx Proxy Manager. It was a natural progression , since both are built on top of Nginx. I found Traefik to be overly complicated for my self-hosting needs.

Thank you bro for making such informative videos 🔥 love you ❤️

I agree with your conclusion that traefik is a bit more comlicated, less well documented but more powerful. But you forgot one for me crucial point: Traefik configuration files (if yml is used) integrate realy well with ansible. You can generate "static" configuration files with ansible and put it in a folder to be loaded dynamically. It sounds a bit comlicated (and is) but allows to directly expose all services via Trafic and not just docker. For this reason alone I switched to Traefik as my reverse proxy BTW: I am looking forward to seeing your infrastructure.

@christianlempa What is the container management app/dashboard you use, featured at 01:39 ? is it Portainer (with a not default theme) ?

I prefer traefik but I have had problem on deploying docker containers on elastic beanstalk. Due to AWS healthy check due to logs format so I had been forced to use nginx in that case

Amazing Christian. Can you please create a detailed tutorial for SWAG setup? Docker and multiple websites and services setup with domain and cloudflare. Very confusing documentation :). Thanks

I am happy that watching your new posted tutorial one of the first people (after 1 hour it is posted). Grammatically might be not correct but you should get the point. Sorry for my weak english.

Hey Christian! Just a quick question about your preferences while securing your homelab. NPM and others like it work really well, and only having to have port 80/443 open is great. Question is, do you use Cloudflare tunnels at all so that you don't have to have any ports open at all? I have NPM running, but when used with CF tunnels, appears unusable and trying to auto-update Letsencrypt certs doesn't work. What do you do or recommend to keep the nasties away?

Hi Christian! May I ask, how do you decide what motherboard and cpu to get for your servers? And do you have any budget Motherboards to recommend for either beginners or perhaps on the cheaper options?

Thanks for the info and demo. I use NPM with Authelia so far so good

I've been running NGINX reverse proxy manager with Fail2Ban with cloudflare and it's been fantastic 😀

I’m sticking with NPM. I tried running traefik and got it running but couldn’t figure out how to get it to work with multi domains so I went back to NPM and haven’t thought about traefik since.

have you tried Caddy instead of NPM or Traefik

I use HAProxy, and it's configured with context path routing, but i'm thinkng of trying out traefik with the whole subdomain routing.

I started with NGINX Proxy Manager, but the annoying part was the change of ACLs, this results in a reconfiguration all linked entries/hosts. I'm now using Traefik for 9 month and I'm really happy with Traefik. Big thanks to Techno Tim for his HowTo. Authelia is also integrated very easily.

Hi, I am using Nginx proxy manager in my home lab and Nginx Ingress Controller in Kubernetes. I have never used Traefik and probably idea for future video - Nginx VS Traefik as Ingress controllers in Kubernetes

6:00 You mention uploading the self-signed certs to the trusted CA store of all of your clients. Have you done this manually on each device, or is there an easier way that I'm unaware of?

For most people Nginx is a way to go, easy to setup and mantain. On the other hand most people doesnt even now what is a reverse proxy. :D

I am having to travel abroad and want to be able to access my jellyfin that in running in docker on a proxmox server. Any suggesting on how access jellyfin remotely and make it secure? I am stuck and really could use some help before I have to travel.

Ich habe mir auch die Frage gestellt, was ich eigentlich benötige. Nach 5 Jahren mit Traefik bin ich vor 2 Jahren zu NPM gewechselt und habe seitdem mehr Zeit für wichtige Sachen. Das Hinzufügen neuer Hosts ist ein Kinderspiel. Selbst mit eingespielter Traefik-Routine bin ich mit NPM immer schneller fertig. Aber wie Du schon sagst - - Anwendungsabhängig.

Hello, i followed your tutorial and it was easy to configure my container and port forwarding. But when i tried to install my custom ssl certificate, traefik doesn't recognize it

What terminal are you using in your desktop? It looks cool!. If somebody knows an answer to this, please reply.

Ich nutz auch ehr Traefik für mein HomeLab, ist auch recht einfach muss man sagen. Wobei ich mich auch nicht scheue andere/neue Sachen anzuschauen. Aber ich hab eine "interessante" Konstellation, neben Proxmox betreibe ich meine eigene OPNsense und gerade für den Bereich "WebServer" musste Traefik zum Einsatz kommen da bei einigen Containern die Zertifikatseinbindung nicht ganz funktionierte also wollte ich, bzw. war ich gezwungen auf ein Reverse-Proxy zurückgreifen.

You should definitely make a / some videos on traefik setup and administration :)

you are a geek ... amazing video

I used to run HA on pfSense but now i don ‘t hava pfS anymore. Trying Nginx for some time, to much manual stuff. Switch to NPM (found out its actually a modified OpenResty) and added Authelia, fantastic combo. Easy to use still after being away for almost 2 months. Now my homelab has grown and I tinkering with Traefik and HA. Will I switch, yes. Which one, the one I used or the new one? Traefik will give me more of a learning experience, so I think it’s Traefik.

Cloudflare + NPM as Kubernetes deployment. Guess I'm the underdog now! :D

i was really thinking the same thing the other day.

1:40 what is the web interface/admin panel used here?

Hey, i want to config HA of NPM(1 master NPM and 1 backup NPM) , is that possible? and how?

Hi Cristian, it is possible to implement SSO with Authelia and ngnix or Traefik? I've configured Authelia to land in another site with login page. How can pass one time credential to enter directly to site without relogin? Thanks

Ngnix proxy manager is what I use in my homelab.

Hi I have not been able to get traefik to work. I keep getting this error "level=error msg="Unable to obtain ACME certificate for domains" I am not sure if it is because I am using nginx proxy manager and with the same domain and wildcard. I am not sure what I am doing wrong. Can you assist?

HA proxy is pretty good also, good load balancer too

Do you have any video showing how to configure TCP and UDP routing (Minecraft and Minecraft Bedrock)?

My Nginx Proxy Manager doesn't refresh the Let's Encrypt certificates. I had to do it manually.

for me I prefer vanila nginx (don't know how to have static pages with nginx proxy manager) (I do proxy services too but I like regular nginx better)

Why not try Caddy 2. Very easy to use and to setup

Given how much troubles I've had with nginx and proxy manager I'm probably gonna switch. One power outage and nginx just refused to work again

Interesting, I use nginx (not nginx proxy manager) to also serve static files .. config for reverse proxy is dead simple .. like 2 lines in the config file .. sure in k8s you might want something automated yet I was working with dns entries so far.

Hallo! Fail2Ban und Nginx Proxy Manager schon mal zusammen vernetzt?

Great overview video, yet the music is too loud and distracting.

I have some basic knowledge of IT and dabble in homeserver for a few services so NPM is more than enough for me.

Treafik in a cluster is a bitch, but once figured out how to takle that issue it works great.! I've a 3 Node Swarm cluster with 3 traefik instances that self load balance :D Do i need it ? No. But it was a great experience to learn how to do it. Small edit: No no etcd or sync stuff just proxy the docker-socket over all nodes with a docker network and attach it to traefik

What about Caddy?

I'm fan of automation and everything needs to be IaaC for me, Traefik is way to go. If NPM comes with CLI or YAML configuration for more flexibility, i would definitely use it !!

What makes in your opinion nginx less "professional" than traefik? Traefik and nginx are in two different product categories with overlapping functionality.

I was trying to test Traefik, but when I tried to run it as a system service(to not use docker) and trying to set up DNS challenge, I could not find any documentation related. So after some hours I gave up, then I tried Caddy 2, and wow, like in 5 minutes, I had everything smoothly running

Please create a video for Self Signed SSL, Also, with teleport 8, I m unable to add node servers because of this.

honey digital life video just dropped

Can you use nginx with web app on another host?

Am curious about a comparison betwen Traefik Community Edition and NGINX, and between Traefik Enterprise Edition and NGINX. I wonder if Traefik Community Edition has all of the features that NGINX has and more pretty much.

Can someone please help me understand whether I should be using reverse proxy or VPN for remote access? Both seem to be secure however VPN will encrypt me traffic also. I don't understand VPN well enough to know how it works when accessing different services within the same network similar to how reverse proxy works. Likewise, I don't know enough about reverse proxies to know how secure it is compared to VPN. TIA!

For me NPM was better to implement, it has a gui. So i made less mistakes instead of struggling with CLI.

Why no caddy? I dont get it.

HAProxy is far superior in my opinion. I don’t understand why it doesn’t get more love.

seems like neither support ocsp stapling

I’m running unRAID with nginx and swag

hello sir, I have one question, can NPM run container that have multiple port ?, For example : container A: and container B: Thanks.

I use apache for proxying

Traefik has cute platypus

Traefik

I use Apache. But now i am looking traefik container.

swag :)

Poorly documented.. thanks that is all I need to hear. To me, if the software is doing something what I cannot find in the docs (or vice versa) it is a bug nothing else.

I think Traefik needs a GUI editor.

You often talk about gaining more knowledge.. wondering why I have never seen any freebsd or openbsd server which def have a place

FWIW please don't use background music during the main part of your video tutorial (intro, outro is fine). It makes it unreasonable to speed up the video. Even x1.25 is unacceptable.

Even though Traefik has more control over reverse proxy, for most of the users NPM is more than enough

my nginx breaks after every reboot

I don't agree with you saying that treafik is poorly documented. In my opinion, the docs have everything you need and the search function works well enough. It might not be "idiot proof" but I consider that to be a good thing. No extra garbage, just values and descriptions of what they do. Everyone's setup is different so trying to make a universal how2 guide is pointless bloat IMO. I personally really like the "here are all the available options, now go build something with it" approach.

your background music makes me agressive

F5 and cloudflare 😅

Well, i'm glad someone agrees that Traefik's documentation is s***. I spent countless hours just testing various approaches and guessing values and structure because there is simply NO documentation. And i tried to find how much does Traefik support actually cost. Not gonna say how much, i just say that 90% of small - mid businesses will not afford that. So i pour another coffee and back to testing various approaches again.

So I want to rant about traefik: I hate it. I use files over labels, because labels take about 20 to 30 seconds to spin up, while the file is done before labels even are done parsing. The commandline options are just ... useless and way worse documented or have (undocumented) side-effects (have fun reading code if you want to figure this stuff out!). Labels and files are somewhat equivalent: labels get turned into "files" (streams). I prefer yaml over toml, but anybody thinking anyone is better over the other doesn't know its just aesthetics (someone begged me to send him toml instead of yaml, i just used an online converter lel). Debug info in traefik is pretty much non existent. `debug: true` yeah... nah, does not do anything except slowing down your traffic and sometimes even bugging it lel. You will not get useful information: - Why it is ignoring your certificates - Why it will just not connect to the service associated by `HostSNI` (with ssl passthrough, cuz the server has certificate level authentication) - why does it connect to a completely different service, just because they are on the same ip (as seen form the outside world) but wildly different HostNames - Why does it pretend dynamic.yaml does not exist EXCEPT FOR A SINGLE RULE It will not even tell you that a connection was closed, simply because the service killed the upstream right before it was assigned and before it was acknowledged as dead (nginx handles this?) I like the web ui of traefik, it is very informative, but i will invest my time and source code to nginx-proxy-manager. I guess it could replace traefik with a few tweaks. ssl_preread is required for my application... not yet supported (properly) by either. P.S.: Why is the logging and verbosity of traefik _so_ _frickin_ *bad* ?

HA Proxy with pfSense CE!!!!!

Nothing beats nginx (not nginx proxy manager but the oldschool nginx proxy).

the bg music is too much bro .. dial it down ffs!!

"Nginx is a small open source project that only runs in Docker while Traefik is a cloud native application proxy". Do your research before you say such non-sense. I was using (natively installed) nginx years before docker was even a thing, it never was nor will be a "docker only" thing.

It'd be much easier to hear and understand you without the annoying background music. It's like trying to have a conversation with someone while turning on the radio. Ridiculous.

I am wrestling with this right now! Please address keepalived with these solutions.

What about Caddy?