Take a look at Traefik, even if you don't use containers
Role & Comparisons
- Traefik is generally seen as a reverse proxy/load balancer comparable to HAProxy, not a full webserver like nginx/Apache/Caddy.
- Caddy is emphasized as a “do-it-all” server: static files, reverse proxy, automatic HTTPS, some service discovery and TCP/L4 features via plugins.
- Traefik cannot natively serve static files or CGI (e.g., PHP) and is more “ingress/controller”-oriented.
- Some argue all modern proxies (Traefik, HAProxy, Envoy, Caddy) are close in features, so ergonomics and ecosystem matter more.
Config Models & Workflows
- A major selling point of Traefik is dynamic configuration via Docker/Kubernetes labels, with little need to touch Traefik’s own config.
- Others found label-based discovery “finicky” and hard to debug, preferring statically generated config files (e.g., via Ansible) which Traefik hot‑reloads.
- Some users hit complexity walls with Traefik’s multiple config planes (CLI vs static vs dynamic, v1 vs v2) and ended up moving to Caddy or back to nginx.
- Several people prefer Caddy’s Caddyfile syntax or simple JSON/REST API over Traefik’s YAML and labeling model.
TLS & Certificates
- Built‑in Let’s Encrypt/ACME support is a primary reason many adopted Traefik (including DNS‑01 for wildcards).
- Others report flaky or opaque ACME behavior in Traefik (especially with load-balanced setups, re-issuing, or TLS-01 challenges), leading to outages and frustration.
- Some switched to “external ACME” (Certbot, lego, NixOS modules, custom scripts) fronting nginx or Caddy and found it more predictable.
- Caddy’s automatic HTTPS is praised; wildcard and advanced setups still have sharp edges but are improving.
Docs & Usability
- Traefik documentation is repeatedly criticized: lots of prose/examples, but hard to find concise, exhaustive reference; v1/v2 split adds confusion.
- Caddy docs are seen as clearer but somewhat sparse; nginx docs are called powerful but dated and sometimes obscure.
- Many people now lean on LLMs or reading source code to bridge documentation gaps.
Performance & Resource Use
- Some claim Traefik is “considerably slower” and more CPU‑hungry than nginx/HAProxy, even exceeding the services it fronts. Others don’t present hard numbers but stay with HAProxy/nginx for perceived efficiency.
Security & Internal Access
- For dashboards and admin UIs (Grafana, Prometheus, RabbitMQ, etc.), most recommend not exposing them directly: use VPNs (WireGuard, Tailscale), SSH tunnels, Cloudflare tunnels, or forward-auth/SSO in front of Traefik/nginx.