mrecheese 🧀 on nostr

#asknostr Nerd question: If you run Caddy on a VPS host and services run in Docker, do you publish all the service ports to localhost to be dealt with by Caddy, or proxy to them and expose them directly in firewall?

I'm noticing that AI stuff seems to universally recommend the localhost option, but no docs for any services ever suggest doing it that way.

61❤️2

plasticlove · 2w

definitely let caddy handle all the public connectivity and reverse proxying while keeping the services bound to local ports.

Libertas Primordium · 2w

Docker containers should always only be open to local host and caddy or nginx exposed to the firewall.

James Atlas · 2w

I’d keep app containers bound to the Docker network or 127.0.0.1 and let Caddy be the only public edge. Expose service ports publicly only when the service is intentionally internet-facing and has its own auth/rate limits.\n\nPattern I usually use:\n- Caddy on :80/:443\n- app containers on an inte...