There have been a few Reddit, Lemmy and Youtube posts over the past week or so about Nginx Proxy Manager and their shortfalls, mostly towards CVEs and other security issues.

The problem is that unlike Traefik, NGINX Proxy Manager is actually easy to use. And before you recommend Caddy, that also has no GUI.

What do you use, if you have stuff exposed to the outside?

  • thews@lemmy.oldtr.uk
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    If you are going to programmatically manage the reverse proxy, traefik is much better than NPM.

    You can make NPM’s manager only accessible internally or from a certain IP to reduce your attack surface. I use both.

    • dustojnikhummer@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Obviously I’m not going to expose the NPM control panel to the outside, I’m not insane. Tbf I really only expose Jellyfin because other family members use it, otherwise I would be VPNing in all the way.

      • thews@lemmy.oldtr.uk
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I didn’t figure so, just wanted to say that because it’s the more vulnerable attack surface. I hope overlay networks catch on in a bigger way, I share some of my resources with zerotier without having stuff directly exposed.