Should I replace NPM?

Submitted ⁨⁨3⁩ ⁨weeks⁩ ago⁩ by ⁨brewery@feddit.uk⁩ to ⁨selfhosted@lemmy.world⁩

I’m currently using NPM and upgrading to a new VPS for my business. I have a public website and am going to host a few more for friends, plus a few other services. Everything is on docker for ease. I use Cloudflare for DNS so would prefer using a DNS challenge. I will change this at some point but not yet ready to!

Should I:

stick with Nginx Proxy Manager which I know well (is it really that insecure or outdated?)
switch to NPM Plus (assuming this is the easiest)
switch to Caddy (seems to be there most recommended but will be a learning curve for me)
Try out Nginx (seems like a massive learning curve so I’m very reluctant)

source

Comments

Sort:hotnew top

cron@feddit.org ⁨3⁩ ⁨weeks⁩ ago
Please don’t confuse the nginx proxy manager (npm) with the node.js packet manager (npm). The latter is frequently in the news regarding security vulnerabilities.

source
- AkatsukiLevi@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  For a moment I was really confuser as to how Caddy could replace nodejs’s package manager
  
  source
- brewery@feddit.uk ⁨3⁩ ⁨weeks⁩ ago
  I might have done exactly this, thanks for pointing it out. Is Nginx proxy manager considered secure enough to use on extremal sites?
  
  source
  - thelittleblackbird@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    Nginx is considered battle tested.
    
    Very few products have this level of puic scrutiny and and a good record of being safe.
    
    Once this is said, the majority of problems come from misconfigurations, so triple check the things
    
    source
  - cron@feddit.org ⁨3⁩ ⁨weeks⁩ ago
    Personally, I would try to avoid publishing nginx proxy manager’s management web ui to the general public.
    
    source
    -> View More Comments
TheFogan@programming.dev ⁨3⁩ ⁨weeks⁩ ago
IMO the learning curve for caddy is almost non existent, and just about anything you might want to selfhost almost certainly has a quick simple caddy configuration you can copy paste with just updating the relevant domain. Personally learning curve for caddy was probably way lower than figuring out the edge cases of apache that I was using before

source
possiblylinux127@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
Minor nitpick: NPM stands for nodejs package manager not Nginx proxy manager

Anyway I personally would recommend that you move to Caddy

source
illusionist@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
I used to use npm. If you know it and you’re happy, use it.

It took me 3 times until I understood and got caddy installed. First, I tried using it via podman and failed. In the end I just installef it via dnf and it worked without any problems. Learning a caddy file is easy. I’ll never look back. It’s so nice and easy. Easier than npm but no gui but that’s not needed

source
roofuskit@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
I’m a nginx user. It looks like more and more tutorials are leaning towards Traefik or Caddy with some using NPM. If you rely on those to deploy new services I would consider that.

source
notquitenothing@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago
I can recommend Caddy myself, it is dead simple to configure

source
irmadlad@lemmy.world ⁨3⁩ ⁨weeks⁩ ago

I use Cloudflare for DNS so would prefer using a DNS challenge. I will change this at some point but not yet ready to!

Since you are already using Cloudflare, and you are moving to an upgraded VPS, why not incorporate Cloudflare’s Tunnel/ZeroTrust? The nice thing about their ZeroTrust Tunnel is that you don’t have to punch holes in your UFW firewall, no port forwarding or NAT on your external firewall/router. It’s just one tunnel that handles your traffic, and Cloudflare takes care of the certs.There is a section that allows you to implement the DNS challenge/verification. You seem experienced so it’s fairly easy to deploy. The caveat is that you have to have a proper domain name, and use the issued Cloudflare nameservers. I picked up a domain name at NamesCheap for $1.75 USD.

source
- brewery@feddit.uk ⁨3⁩ ⁨weeks⁩ ago
  Thanks for this. To be honest it just did not cross my mind! Horserace, I am not sure I want to rely on Cloudflare too much though in case they so something in the future like put those things behind paywalls. My domains are through someone else so can easily switch nameservers to them for DNS. It does sound much easier and safer though so will have to consider it
  
  source
  - irmadlad@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    
    I am not sure I want to rely on Cloudflare too much
    
    Totally understandable. It’s good to be aware of future pitfalls, etc. I realize there are those who frown on Cloudflare, and I can see their point. For me, I’ll use them for the time being, and monitor any policy changes, or future gotchas. Of course, it goes without saying, that we should be doing that anyways even for opensource software. Things change, motivations change, project direction changes.
    
    There are similar alternatives to Cloudflare Tunnels/ZeroTrust. I have not tried every one of them so I cannot vouch for their usability. There is ngrok, which seems to be the most popular of the alternatives, and there is Pagekite, Zrok, Pinggy, Localtunnel. As far as selfhosted options, Nebula, SirTunnel, BoringProxy, Pangolin, and frp come to mind.
    
    If it were me, and these were public facing businesses, I would go with something rock solid like Cloudflare, familiarize myself with the options, then monitor for policy changes.
    
    source
    -> View More Comments
slazer2au@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
If you are using docker have you looked at Traefik to act as your reverse proxy to replace nginx proxy manager?

source
- brewery@feddit.uk ⁨3⁩ ⁨weeks⁩ ago
  To be honest I forgot about it. I tried it two years ago when setting up my lab but struggled compared to NPM. Nowadays it seems like all the talk I used to hear about it is now about caddy.
  
  source
  - Zikeji@programming.dev ⁨3⁩ ⁨weeks⁩ ago
    Even back then caddy was being talked about. I don’t use caddy because, at least back then, it was only free for non commercial use (unless you compile it yourself).
    
    I’ve been using Traefik for even longer though and haven’t ran into any major issues. Definitely recommend it.
    
    source
irmadlad@lemmy.world ⁨2⁩ ⁨weeks⁩ ago
OP, I came across this, thought it might be worth a look see.

dockflare.app

source
ikidd@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
NPM+ didn’t work worth a damn for me. No proxies would forward, I have no clue why and couldn’t figure it out. It was like I was turning knobs that weren’t connected to anything. But YMMV.

source
- brewery@feddit.uk ⁨3⁩ ⁨weeks⁩ ago
  Actually this happened to me about 6 months ago too - I wanted to switch to add crowdsec support but just could not get it to work so gave up and switched back to npm. I just assumed I wasn’t doing it right and never got around to trying again
  
  source
  - ikidd@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    I thought it was pretty weird, so I tried again a while later; same result. I checked through issues and couldn’t see anything, I figured it was just me. I tried because NPM was just full of error logs and was having some sort of shitfit, so I blew it out and rebuilt from scratch, now all is fine. But the NPM+ defeated me. I might have to try again just because.
    
    source