I’ve been running 2 linodes for a number of years now - one has my website (wordpress) on it and one has a Foundry VTT server running. Both are separate linodes, and I use Google Domains to point [site.tld] to the wordpress VPS and foundry.[site.tld] to the other linode.

For a few services I run at home within my own network (Sonarr, Lidarr, Plex, etc.) I’ve started to use Docker and Portainer, and I like how easy it is to set things up (and remove them if they don’t work). I’d like to redo my VPS similarly - I’d like to have a single linode, as a Docker host, and have the main domain point to a Wordpress container, a subdomain point to a Foundry container, and be able to easily add other containers for something like freshrss, etc. My goal is to be able to quickly spin up a docker via a compose file (portainer would be preferred), have it automatically reach out to letsencrypt to get a cert for the relevant subdomain, and have that subdomain point to that docker container.

I’ve been doing some searching around, and there seem to be a number of options, things like nginx reverse proxy, traefik, etc. and there are a lot of conflicting results.

Does anyone here have an opinion on this or some advice as to what the best option to look into might be?

  • chiisana@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    2 years ago

    Everyone has an opinion, and at the end of the day, whatever works best for you is what you should stick with.

    I like Traefik because you can mount /var/run/docker.sock:/var/run/docker.sock:ro to Traefik, then it can read labels from containers, and automatically wire up new instances based on labels on them. I’m sure there’s equivalent in other reverse proxy solutions, but as I said, it works for me and I like it.

    I give that container my Cloudflare origin certificate, everything gets encrypted in transit to Cloudflare, and then Cloudflare handles all the SSL management for me, as well as provide extra layer of DDOS protection.

    • hispeedzintarwebz@kbin.socialOP
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      Thanks for the suggestion! Does cloudflare essentially fulfill the same role as letsencrypt (with DDOS protection added)? I’ve heard of cloudflare but I’m not particularly familiar with them.

      • rimu@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        2 years ago

        Yes, it can provide a SSL connection to the end-user even though you’re just serving http with no cert. However it is yet another moving part that can break or be mis-configured and yet another bunch of capitalists data-mining all the things.