I Replaced Nginx Proxy Manager with Traefik in My Home Lab and It Changed Everything
I have been using Nginx Proxy Manager (NPM) for quite some time now, a few years from what I remember. It is a great solution and one that I point many to who are just starting out with their Docker learning journey and want to have a quick and easy way to stand up proper certificates for their Dockerized services. However, I have recently made a push to get all of my services migrated over to Traefik. Let me detail why I made the switch between Nginx Proxy Manager vs Traefik and reasons why you might decide to do the same.
What this is not
First of all, this is not a bash session on Nginx Proxy Manager. In fact, I love NPM. It is a great first step into controlling certificates for docker environments, especially for beginners. However, once you move into more infrastructure as code approaches to your home lab, this is where it falls short. Keep this in mind. We are just defining the differences between Nginx Proxy Manager vs Traefik that make a difference when you go this direction.
Traefik lets you configure SSL in code
The more I started to scale my home lab in code and automate things, the more of a challenge that Nginx Proxy Manager became since it was essentially something “outside” my code that I had to configure for all my services. For me the question of “Why switch from Nginx Proxy Manager to Traefik” came mostly down to this area.
With NPM you log in to the web interface, click through a few menus and request a Let’s Encrypt certificate. It works very well, but its tied to the web UI of the solution. With Traefik, SSL is just part o fyour infrastructure as code. You define your Let’s Encrypt resolver, cert settings, and then you add “labels” to your Docker Compose services that Traefik uses to know how to route things.
It means that everything is stored as text and you can version control it in your Git repo. It means that you can essentially take your same Docker Compose code and spin it on another host and you would get all of your containers provisoned, AND, your SSL certs that go along with them. You don’t have to click around in a UI, etc or export settings from one to another.
SSL config is in the same place as Docker-Compose
This ties in closely with the first point. Rather than your configuration being inside another solution that is outside the Docker-compose of your dockerized services, the Traefik config is in the same file. Again, if you tear it down and rebuild everything, it comes back exactly like it was. If you need consistency and automation, you can’t do this effectively with NPM. It is just not designed for that.
NPM development is sporadic
Another frustration that I have with NPM is that development feels like it is sporadic at best. Updates are not necessarily frequent and sometimes months apart. Issues with NPM can sit there unresolved for quite some time.
Comparing this with Traefik reverse proxy for Docker, it has a very active community and regular release cadence. The releases contain new features, bug fixes and also security patches that are needed. For something that sits on the edge of my network and handles traffic and SSL, I want a project thatโs healthy and active.
Infrastructure as Code (IaC) friendly
As I have seen my home lab grow, one of the things that I have had as my goal is automation. I want everything in Git and have everthing reproducible and portable. Traefik, again, fits this mindset. All of its configuration with its routing rules, middleware, entrypoints, certs, providers and more are all described in its YAML configuration or the Docker labels for your services. With NPM, by design, it is tied to its database and GUI. You “can” back it up, but it doesn’t flow nearly as nicely as Traefik in a pipeline of IaC.
First-class Docker and Swarm support
Another cool thing to note about Traefik is that it automatically discovers containers, inspects lables, and routes traffic without you needing to log into a UI or reload configs. This comes in very handy, even more so with Swarm mode.
I can scale services up or down, move them between nodes, and Traefik just keeps routing without needing to change the config manually. With NPM, these types of changes require going back into the interface. If you only have a couple of services, that is generally fine. But once you get dozens of containers across multiple hosts, Traefik’s dynamic discovery makes life much easier. It is built for it, and it shows.
Advanced routing
One of the things that makes Traefik stand out when you compare it with NPM is that it supports advanced routing capabilities. It has things like:
- authentication
- redirects
- path rewrites
- headers
- rate limiting
- IP whitelisting
- plugins
NPM is great for the basics, but Traefik outpaces it when it comes to advanced routing. With NPM you will find yourself hitting walls with lack of advanced routing features.
Better observability and metrics
Monitoring features are critical. Traefik has a dashboard out of the box that you can turn on to see live routes, services, and the backends they connect to. You can also integrate it with Prometheus and Grafana for even more observability features.
NPM has a simple web UI, but this UI doesn’t give you much visibility with what is going on underneath the hood. Traefik shows you which requests are hitting which backends and you can tie this into your existing monitoring stack.
High availability and scaling
For single Docker hosts, this point may not matter too much. But once you decide you want to step into multi-node environments, Traefik definitely is a solution that is built for this kind of architecture. You can deploy it on a single node, or multiple nodes like Docker Swarm, or Kubernetes.
It will scale out while managing SSL and routing across multiple nodes. NPM feels much more tied to a single node setup. So when looking at Nginx Proxy Manager vs Traefik in this area, Traefik wins.
Community and plugins
NPM has quite a bit of buzz around it as well. But Traefik feels like it has a better community around it. Of course it has the commercial backing from Traefik Labs, and a huge ecosystem of plugins and integrations that NPM doesn’t have. For me, having an active community means better documentation, more examples to learn from, and quicker help when things go wrong. Also with the commercial backing, it has the momentum you would expect from a solution that is used in the enterprise.
Traefik also has a healthy plugin ecosystem that allows you to extend the functionality of the reverse proxy with many additonal features and capabilities.
Fewer moving parts
It seems to me as well that Traefik has fewer moving parts. It is lighter weight since it runs as a single container
Finally, Traefik is simply lighter weight. It runs as a single container without requiring an external database. Nginx Proxy Manager, on the other hand, requires a MariaDB database alongside the app. Thatโs more containers, more complexity, and more things to keep running. In my environment, fewer moving parts equals fewer headaches.
Wrapping up
I found that the more I scaled my home lab and moved projects into Docker Swarm and Kubernetes, as well as started automating my infrastructure, NPM was holding me back. Thatโs when I decided to switch over to Traefik, and I havenโt looked back. Donโt get me wrong, Nginx Proxy Manager is still a fantastic project. If youโre just starting out, or if you only have a handful of services, NPM might be the perfect choice, especially for beginners. However for me, as I leaned more into automation, and wanted everything in code, Traefik is the clear choice. What are your thoughts in Nginx Proxy Manager vs Traefik? Let me know, which reverse proxy are you using in your home lab? Are you using NPM, Traefik, or something else?
