I’m currently using NPM and upgrading to a new VPS for my business. I have a public website and am going to host a few more for friends, plus a few other services. Everything is on docker for ease. I use Cloudflare for DNS so would prefer using a DNS challenge. I will change this at some point but not yet ready to!
Should I:
- stick with Nginx Proxy Manager which I know well (is it really that insecure or outdated?)
- switch to NPM Plus (assuming this is the easiest)
- switch to Caddy (seems to be there most recommended but will be a learning curve for me)
- Try out Nginx (seems like a massive learning curve so I’m very reluctant)
I can recommend Caddy myself, it is dead simple to configure
Please don’t confuse the nginx proxy manager (npm) with the node.js packet manager (npm). The latter is frequently in the news regarding security vulnerabilities.
For a moment I was really confuser as to how Caddy could replace nodejs’s package manager
I might have done exactly this, thanks for pointing it out. Is Nginx proxy manager considered secure enough to use on extremal sites?
Nginx is considered battle tested.
Very few products have this level of puic scrutiny and and a good record of being safe.
Once this is said, the majority of problems come from misconfigurations, so triple check the things
Personally, I would try to avoid publishing nginx proxy manager’s management web ui to the general public.
IMO the learning curve for caddy is almost non existent, and just about anything you might want to selfhost almost certainly has a quick simple caddy configuration you can copy paste with just updating the relevant domain. Personally learning curve for caddy was probably way lower than figuring out the edge cases of apache that I was using before
I use Cloudflare for DNS so would prefer using a DNS challenge. I will change this at some point but not yet ready to!
Since you are already using Cloudflare, and you are moving to an upgraded VPS, why not incorporate Cloudflare’s Tunnel/ZeroTrust? The nice thing about their ZeroTrust Tunnel is that you don’t have to punch holes in your UFW firewall, no port forwarding or NAT on your external firewall/router. It’s just one tunnel that handles your traffic, and Cloudflare takes care of the certs.There is a section that allows you to implement the DNS challenge/verification. You seem experienced so it’s fairly easy to deploy. The caveat is that you have to have a proper domain name, and use the issued Cloudflare nameservers. I picked up a domain name at NamesCheap for $1.75 USD.
I’m a Nginx(SWAG) user. It looks like more and more tutorials are leaning towards Traefik or Caddy with some using NPM. If you rely on those to deploy new services I would consider that.
I used to use npm. If you know it and you’re happy, use it.
It took me 3 times until I understood and got caddy installed. First, I tried using it via podman and failed. In the end I just installef it via dnf and it worked without any problems. Learning a caddy file is easy. I’ll never look back. It’s so nice and easy. Easier than npm but no gui but that’s not needed
If you are using docker have you looked at Traefik to act as your reverse proxy to replace nginx proxy manager?
To be honest I forgot about it. I tried it two years ago when setting up my lab but struggled compared to NPM. Nowadays it seems like all the talk I used to hear about it is now about caddy.
Even back then caddy was being talked about. I don’t use caddy because, at least back then, it was only free for non commercial use (unless you compile it yourself).
I’ve been using Traefik for even longer though and haven’t ran into any major issues. Definitely recommend it.
Just use Nginx… It isn’t that difficult, after all.
Or try any one of the “simplified” other proxies out there. I never seen the need for NPM anyway, as it just obfuscate nginx configuration stuff from your eyes.
You can check my wiki at https://wiki.gardiol.org/doku.php?id=selfhost%3Anginx
I wrote for my own benefit, and for others who might be interested.
