I’ve tried unsuccessfully to get Valutwarden working without a proxy. See here. Any request with https leads me to the SSL_ERROR_RX_RECORD_TOO_LONG error, while via http I get the “Loading wheel” running indefinitely.
Despite the top of the page here suggests you can run Valutwarden without internally without proxy, my experience suggest that this is not the case and have tried on different VMs getting the same error. So seems like the only way is going via proxy. From what I’ve read, people seem to suggest that Traefik is the way to go. So I’m thinking of setting it up on my same VM as Valutwarden.
Note that my network is behind a pfsense install on another hardware machine. DNS forwarding is enabled with unbound. Will installing Traefik require changes to pfSense config? Looks like it may be the case from here. For now all I want is getting Vaultwarden going; later down the line I’ll learn how Traefik can benefit the rest of my homelab.
I’m trying to work out the simplest way of getting Vaultwarden going using a minimalistic proxy, as there seems to be no alternative to not having a proxy going. Thoughts?
Traefik is a very robust reverse proxy, but I think you have easier options. If you want to keep it all in the same stack, have a look at Caddy. The configuration is just a few lines. Another very good option since you’re already using pfSense would be to use the HAProxy plugin. You’ll get a UI to manage everything and Tom Lawrence has some very helpful videos about setting it up from start to finish.
deleted by creator
I am curious, what are the advantages of caddy over traefik?
deleted by creator
Ah, that’s fair. Their documentation is fully up to date now, but imo their example configs suck for beginners.
I will note that anything that can be done in the compose file can be done as a config file instead, with the exception of traefik.enabled=true if you are using a container whitelist instead of a blacklist.
It took me ages to set up, but i now have auto configuration of 95% of containers that need to be reverse proxied, without binding ports (just use the ‘expose’ option instead of ‘ports’ in docker compose).
But yes, all the guides and example configs insisting on using container labels instead of the dynamic config files make it feel way more bloated and confusing than needed.
Why would it need experiments? Can you just run it and see if it works? Are you talking about testing it at scale?
I like both very much for what they are and would confirm that Caddy is a lot easier for beginners. The only downside is that you have to rebuild the binary with caddyx for more functionality which can be limiting e.g. for people wanting to start with dns challenges for (wildcard) certificates.