What about envoy proxy?
Nothing else on the market has as low latency implications to workloads that I am aware of.
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
What about envoy proxy?
Nothing else on the market has as low latency implications to workloads that I am aware of.
I have heard a lot about Envoy proxy from Istio but never looked into it for baremetal usage. I'll keep an eye out, thanks
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
Fewer Letters | More Letters |
---|---|
CA | (SSL) Certificate Authority |
DNS | Domain Name Service/System |
HTTP | Hypertext Transfer Protocol, the Web |
HTTPS | HTTP over SSL |
IP | Internet Protocol |
NAS | Network-Attached Storage |
NAT | Network Address Translation |
SSL | Secure Sockets Layer, for transparent encryption |
TCP | Transmission Control Protocol, most often over IP |
TLS | Transport Layer Security, supersedes SSL |
UDP | User Datagram Protocol, for real-time communications |
VPN | Virtual Private Network |
VPS | Virtual Private Server (opposed to shared hosting) |
nginx | Popular HTTP server |
[Thread #888 for this sub, first seen 26th Jul 2024, 04:25] [FAQ] [Full list] [Contact] [Source code]
There's a lot of good resources for Nginx, it's fast (faster than Caddy), and has a ton of features, so you can use it for pretty much anything HAProxy, Apache, or Caddy can do, and not sacrifice much in performance.
That said, I mostly use HAProxy and Caddy. Here's my basic setup:
I use a local DNS server on my router so my domains can route directly to Caddy instead of going over the internet when on my network, otherwise I may just have HAProxy handle LetsEncrypt certificates.
From what I can tell, Nginx is a little more efficient than Caddy, but Caddy is plenty fast for my needs. I'm considering switching from NextCloud to the new ownCloud Infinite Scale, and if I do, I'd ditch nginx completely.
Nginx "just works(tm)" had never got into the way, its been rock solid and has not changed significantly over the years.
Why would I need something else?
Me personally, as a newb regarding proxy and homelab, I use nginx because it was super easy to set up (proxmox script) there were many tutorials available and it just works great. I had to debug some things and this also worked great, so just a perfect package.
I learned nginx when I was hosting websites. I had it set up and running when it was time to add reverse proxies into my setup. It didn't take much more from the virtual hosts I was already using.
Now, I don't host many individual sites anymore and haproxy has a plugin on my firewall for the handful of services I run now.
I use Traefik because it solved a problem with the static configuration approach which Nginx had / still has.
In a scenario with multiple services behind Nginx, taking one down or replacing an instance is massive headache. I tried to script around it, but basically the Nginx container would choke on the fact that a service does not [yet / anymore] exist, and together with the docker networking stack it turned out to be an insurmountable problem.
Traefik otoh discovers services based on (in my case) labels on the docker containers running locally. And then updates the configuration on the fly.
Basically the static approach to configuration resulted in massive headache when I needed to enable zero downtime deployments and updates behind Nginx. And Traefik handled it perfectly without dropping a single request.
Nowadays I manage my dynamic configuration with ansible and update the values in for the file-based configuration provider with a playbook. I don't need a UI to manage my inventory, I use ansible for that. Traefik handles the rest perfectly.
Completely agree, which is why I do the same.
Additional bonus: proxies that interact with the docker API directly (I think also caddy can do it) save you from exposing the services on any port at all (only in the docker network). So it's way less likely to expose a port with a service by mistake and no need for arbitrary and unique localhost ports.
Nginx was the easiest to setup for me at the time and I've no reason to fix what isn't broken.
I was coming from Lighttpd which at the time had a very similar config syntax to Nginx. It was pretty much a no brainer, considering I wanted to shift to an automated Letsencrypt renewal process at the same time.
Sadly I wrote some python web services for CGI (not django/flask) that cannot be run anymore, since NGINX only supports FCGI, rather than just CGI as far as I can tell
Because modsec.
I'm reminded of this blog/article on Ars about ripping out OLS and reverting to NGINX. There's some good info there, and also links to other of his posts on the subject and references. Good read.
@Findmysec
Contrary to most, I never made the Apache-to-nginx switch. I actually don't find nginx that much easier to configure, so the effort of rewriting all my templates was too high.
Caddy is a different story. I can replace swathes of configuration lines with just two? And get letsencrypt automatically without having to give it a single thought? Gimme!
Indeed, I don't find NGINX that easy to configure either
Often I already have nginx running for serving some static content anyway.
Otherwise, I’m traefik all the way.
As a security professional, what finally got me to move from Apache to NGINX was OpenResty.
I sometimes still put Apache behind it, depending on my goals.
The only reason that I tend to use it is because of the included webserver. It's not bad but the paywalling of functionality needed for it to be a proper LB left a bad taste in my mouth. That and HAProxy blows out of the water in all tests that I've done over the years where availability is at all a concern. HAProxy also is much more useful when routing TCP.
I use nginx & docker-proxy. Because the model I copied used that setup. Having messed with it a bit, I’m understanding it more and more. Before that, the last time I messed with a web server (Apache), nginx wasn’t around. Lately, I’ve seen a similar docker setup to mine that doesn’t use docker-proxy. If I find time, I’ll probably play with that some on my dev rig.
**
**