Should I replace NPM?
from brewery@feddit.uk to selfhosted@lemmy.world on 01 Nov 15:30
https://feddit.uk/post/38844824

I’m currently using NPM and upgrading to a new VPS for my business. I have a public website and am going to host a few more for friends, plus a few other services. Everything is on docker for ease. I use Cloudflare for DNS so would prefer using a DNS challenge. I will change this at some point but not yet ready to!

Should I:

  1. stick with Nginx Proxy Manager which I know well (is it really that insecure or outdated?)
  2. switch to NPM Plus (assuming this is the easiest)
  3. switch to Caddy (seems to be there most recommended but will be a learning curve for me)
  4. Try out Nginx (seems like a massive learning curve so I’m very reluctant)

#selfhosted

threaded - newest

roofuskit@lemmy.world on 01 Nov 15:37 next collapse

I’m a Nginx(SWAG) user. It looks like more and more tutorials are leaning towards Traefik or Caddy with some using NPM. If you rely on those to deploy new services I would consider that.

illusionist@lemmy.zip on 01 Nov 15:49 next collapse

I used to use npm. If you know it and you’re happy, use it.

It took me 3 times until I understood and got caddy installed. First, I tried using it via podman and failed. In the end I just installef it via dnf and it worked without any problems. Learning a caddy file is easy. I’ll never look back. It’s so nice and easy. Easier than npm but no gui but that’s not needed

cron@feddit.org on 01 Nov 16:11 next collapse

Please don’t confuse the nginx proxy manager (npm) with the node.js packet manager (npm). The latter is frequently in the news regarding security vulnerabilities.

AkatsukiLevi@lemmy.world on 01 Nov 17:01 next collapse

For a moment I was really confuser as to how Caddy could replace nodejs’s package manager

brewery@feddit.uk on 01 Nov 19:16 collapse

I might have done exactly this, thanks for pointing it out. Is Nginx proxy manager considered secure enough to use on extremal sites?

thelittleblackbird@lemmy.world on 01 Nov 19:23 next collapse

Nginx is considered battle tested.

Very few products have this level of puic scrutiny and and a good record of being safe.

Once this is said, the majority of problems come from misconfigurations, so triple check the things

cron@feddit.org on 01 Nov 21:27 collapse

Personally, I would try to avoid publishing nginx proxy manager’s management web ui to the general public.

brewery@feddit.uk on 03 Nov 10:09 collapse

That is not published externally - I only forward ports 80 and 443, and only access the admin interface locally or through a vpn to my router. Would this be ok? Thanks for your input

cron@feddit.org on 03 Nov 11:06 collapse

Yes, that is exactly what I meant.

TheFogan@programming.dev on 01 Nov 16:13 next collapse

IMO the learning curve for caddy is almost non existent, and just about anything you might want to selfhost almost certainly has a quick simple caddy configuration you can copy paste with just updating the relevant domain. Personally learning curve for caddy was probably way lower than figuring out the edge cases of apache that I was using before

slazer2au@lemmy.world on 01 Nov 16:24 next collapse

If you are using docker have you looked at Traefik to act as your reverse proxy to replace nginx proxy manager?

brewery@feddit.uk on 01 Nov 19:15 collapse

To be honest I forgot about it. I tried it two years ago when setting up my lab but struggled compared to NPM. Nowadays it seems like all the talk I used to hear about it is now about caddy.

Zikeji@programming.dev on 01 Nov 20:26 collapse

Even back then caddy was being talked about. I don’t use caddy because, at least back then, it was only free for non commercial use (unless you compile it yourself).

I’ve been using Traefik for even longer though and haven’t ran into any major issues. Definitely recommend it.

irmadlad@lemmy.world on 01 Nov 22:17 next collapse

I use Cloudflare for DNS so would prefer using a DNS challenge. I will change this at some point but not yet ready to!

Since you are already using Cloudflare, and you are moving to an upgraded VPS, why not incorporate Cloudflare’s Tunnel/ZeroTrust? The nice thing about their ZeroTrust Tunnel is that you don’t have to punch holes in your UFW firewall, no port forwarding or NAT on your external firewall/router. It’s just one tunnel that handles your traffic, and Cloudflare takes care of the certs.There is a section that allows you to implement the DNS challenge/verification. You seem experienced so it’s fairly easy to deploy. The caveat is that you have to have a proper domain name, and use the issued Cloudflare nameservers. I picked up a domain name at NamesCheap for $1.75 USD.

brewery@feddit.uk on 03 Nov 10:13 collapse

Thanks for this. To be honest it just did not cross my mind! Horserace, I am not sure I want to rely on Cloudflare too much though in case they so something in the future like put those things behind paywalls. My domains are through someone else so can easily switch nameservers to them for DNS. It does sound much easier and safer though so will have to consider it

irmadlad@lemmy.world on 03 Nov 14:10 collapse

I am not sure I want to rely on Cloudflare too much

Totally understandable. It’s good to be aware of future pitfalls, etc. I realize there are those who frown on Cloudflare, and I can see their point. For me, I’ll use them for the time being, and monitor any policy changes, or future gotchas. Of course, it goes without saying, that we should be doing that anyways even for opensource software. Things change, motivations change, project direction changes.

There are similar alternatives to Cloudflare Tunnels/ZeroTrust. I have not tried every one of them so I cannot vouch for their usability. There is ngrok, which seems to be the most popular of the alternatives, and there is Pagekite, Zrok, Pinggy, Localtunnel. As far as selfhosted options, Nebula, SirTunnel, BoringProxy, Pangolin, and frp come to mind.

If it were me, and these were public facing businesses, I would go with something rock solid like Cloudflare, familiarize myself with the options, then monitor for policy changes.

brewery@feddit.uk on 03 Nov 18:30 collapse

Thank you, I really appreciate the responses and other options.

notquitenothing@sh.itjust.works on 02 Nov 14:16 next collapse

I can recommend Caddy myself, it is dead simple to configure

ikidd@lemmy.world on 03 Nov 05:19 next collapse

NPM+ didn’t work worth a damn for me. No proxies would forward, I have no clue why and couldn’t figure it out. It was like I was turning knobs that weren’t connected to anything. But YMMV.

brewery@feddit.uk on 03 Nov 10:07 collapse

Actually this happened to me about 6 months ago too - I wanted to switch to add crowdsec support but just could not get it to work so gave up and switched back to npm. I just assumed I wasn’t doing it right and never got around to trying again

ikidd@lemmy.world on 03 Nov 14:57 collapse

I thought it was pretty weird, so I tried again a while later; same result. I checked through issues and couldn’t see anything, I figured it was just me. I tried because NPM was just full of error logs and was having some sort of shitfit, so I blew it out and rebuilt from scratch, now all is fine. But the NPM+ defeated me. I might have to try again just because.

possiblylinux127@lemmy.zip on 03 Nov 15:29 next collapse

Minor nitpick: NPM stands for nodejs package manager not Nginx proxy manager

Anyway I personally would recommend that you move to Caddy.

Another option would be Nginx/Apache with ACME.sh

irmadlad@lemmy.world on 05 Nov 20:58 collapse

OP, I came across this, thought it might be worth a look see.

dockflare.app