Since I've been using a reverse proxy in Production, I've been using a particular set of containers. The problem that I have with these is that there are quite a few issues (some even filed by me) for the builds of these containers which I've had to patch around. I've stored these patches in my Github repo but that's not exactly the best way to get around that problem. Ideally, there would be some upstream patch submitted to fix these issues but the root projects are largely abandoned and are not receiving ongoing support. This doesn't make it any easier for me to evangalise the joys of reverse proxies to noobs.
Based on this issue, a new reverse proxy is required. I've been hearing about a few different projects that facilitate that function for a while now but I haven't tried them out because I had a solution that worked for me. This is boomer logic and therefore, generally flawed. It's time for a Reverse Proxy Gladiator Match!
- The Current Solution: NGINX/LetsEncrypt Container Mishmash.
- Proposal 1: Caddy
- The Ultimate Server with Automatic HTTPS
- Proposal 2: Traefik
- The Cloud Native Edge Router
Both of these projects have a certain number of things in common:
- They are reverse proxies (duh)
- They support automatic TLS certificate generationa and storage via LetsEncrypt
The only real criteria that I care about with these projects are:
- Must be open source
- Must be official support for containerised formats
- Must be official support for at least x86 and ARMHF
|x86 + ARM/ARMHF Support?||Yes/No/No||Yes/Yes/No|
So, as you can see, Traefik is the winner! It's a more nifty project as far as I can tell so I'm looking forward to getting stuck in to some config. They also have natively supported containers so the official documentation properly covers the Docker setup. Caddy has a couple of popular images on Docker Hub but none are officially supported, unfortunately.
The only annoying part about this is that there isn't any official ARMHF containers available for either of these projects. They're still both quite new and iterating fast so it may come along in the near future. For now, if I need to run this on a Raspberry Pi I'll build an Alpine container and run the Traefik binary inside it.
I will update my current Production containers with the new solution over the coming weeks. This will generate a number of blog posts. When these are published, I will link them here in case anyone is interested in the specific implementation of Traefik with certain containers.