I’ve been using Caddy instead of nginx for years now. As long as your port forwarding is already setup, it’ll pull TLS certs for every domain in the config automatically and keep it up-to-date forever.
It’s also super easy to use as a reverse proxy, so you can run one caddy server for all your sites on the same machine pretty easily.
I recommend adding
hostname: app-name
lines for each container then you can just use the hostname and the native port (even if you don’t pass it through with aport:
line).It’s super useful if you want to expose any apps with a reverse proxy like Caddy. That way the ONLY way to access an apps web interface is via the reverse proxy. Then look at filter rules to deny access unless the client has a LAN IP.
Poof, you’ve got SSL and custom subdomains for all your apps, but still only on your LAN or personal VPN (like Wireguard or Tailscale).