I’m using Heimdall to easily access my self hosted stuff ATM. I would like for my family to use them too if they’re so inclined, but there’s no way they will be able to remember the IP addresses, I know I can’t!
Is it a DNS I’m looking for? If so, I’m already hosting a couple of instances of Adguard, can I just set it so that Plex is 192.xxx.x.47 and snapdrop is 192.xxx.x.53 and use that to resolve the request so my 13 year old can just type Plex into his browser and find it?
Or do I need something like Caddy or Nginx or something in between?
Thanks for any advice.
Nginx is a lot less painful if you use Nginx Proxy Manager. You get a nice GUI and can easily get SSL certificates with Let’s Encrypt, including wildcard certs. I’m running it in front of a docker swarm and 3 other servers, and in most cases, it takes me about 30 seconds to add a new proxy host and set it up with https using my *.domain.com wildcard cert. I also use it with Authentik as a forward proxy auth for SSO (since many containers out there don’t have the best security).
If you dont fear using a little bit of terminal, caddy imo is the better choice. It makes SSL even more brainless (since its 100% automatic), is very easy to configure (especially for reverse proxying) yet very powerful if you need it, has a wonderful documentation and an extensive extension library, doesnt require a mysql database that eats 200 MB RAM and does not have unnecessary limitations due to UI abstractions. There are many more advantages to caddy over NPM. I have not looked back since I switched.
An example caddyfile for reverse proxying to a docker container from a hostname, with automatic SSL certificates, automatic websockets and all the other typical bells and whistles:
https://yourdomain.com { reverse_proxy radarr:7878 }
I’ll check it out. I suspect configuration would likely be a little bit more complicated in my case because I’m using Authentik for proxy forward authentication and had also been using access control groups in NPM (both a LAN group and a WAN group containing Cloudflare proxy IP addresses, since currently all my publicly accessible domains proxy through Cloudflare).
Caddy and Authentik play very nicely together thanks to caddy
forward_auth
directive. Regarding acls, you’ll have to read some documentation, but it shouldnt be difficult to figure out whatsoever. The documentation and forum are great sources of info.