Wrote up how my homelab proxying strategy evolved over four phases โ from port forwarding with DDNS to a VPS running nothing but HAProxy for L4 passthrough.
The key insight: keep the VPS dumb. SNI inspection, encrypted passthrough, nothing else. TLS termination belongs on hardware you control.
Comparison table of L7-on-VPS vs L4-passthrough vs direct port forwarding, plus thoughts on Traefik for automatic Docker service discovery.
https://blog.dpinkerton.com/posts/evolving-reverse-proxy-strategy/
#selfhosting #homelab #haproxy #caddy #traefik #reverseproxy
The key insight: keep the VPS dumb. SNI inspection, encrypted passthrough, nothing else. TLS termination belongs on hardware you control.
Comparison table of L7-on-VPS vs L4-passthrough vs direct port forwarding, plus thoughts on Traefik for automatic Docker service discovery.
https://blog.dpinkerton.com/posts/evolving-reverse-proxy-strategy/
#selfhosting #homelab #haproxy #caddy #traefik #reverseproxy
63โค๏ธ5๐ฅ2๐1๐1๐ค1
