There have been a few Reddit, Lemmy and Youtube posts over the past week or so about Nginx Proxy Manager and their shortfalls, mostly towards CVEs and other security issues.
The problem is that unlike Traefik, NGINX Proxy Manager is actually easy to use. And before you recommend Caddy, that also has no GUI.
What do you use, if you have stuff exposed to the outside?
If you are going to programmatically manage the reverse proxy, traefik is much better than NPM.
You can make NPM’s manager only accessible internally or from a certain IP to reduce your attack surface. I use both.
Obviously I’m not going to expose the NPM control panel to the outside, I’m not insane. Tbf I really only expose Jellyfin because other family members use it, otherwise I would be VPNing in all the way.
I didn’t figure so, just wanted to say that because it’s the more vulnerable attack surface. I hope overlay networks catch on in a bigger way, I share some of my resources with zerotier without having stuff directly exposed.