Missing at least these:

1. Load balancers/Reverse peoxies - Caddy, Traefik.
2. Missing DNS server “blocky” which I find way better than Pi-Hole.

Nice list, but could have more. :)

Yeah. I just wrote something similar. 😅 https://lemmy.world/comment/1330730

Here is the example docker-compose.yml:

services:
  caddy:
    image: caddy
    container_name: caddy
    volumes:
      - ./caddy/data:/data
      - ./caddy/config:/config
      - ./caddy/Caddyfile:/etc/caddy/Caddyfile
    ports:
      - 80:80/tcp
      - 443:443/tcp
      - 443:443/udp
    restart: always

  lemmy:
    image: lemmy
    container_name: lemmy
    ...

Before executing, create a new directory caddy i working directory, then create new file Caddyfile in it (lemmy is a container name):

mydomain.com {
    reverse_proxy lemmy:<lemmy_container_http_port>
    encode zstd gzip
}

Then fix your UDP Buffer size, so it’s compatible with QUIC: https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes

And that’s it. tcp80, tcp443 and udp443 should be reachable from anywhere, as Caddy out of the box uses ACME to retrieve TLS certificates for your domain.

Give it a try. Honestly Traefik is shit for a simple load balancer. It’s more suited for large enterprises and kubernetes services, but it also has numerous issues, such as basic auth performance issues, lack of headers customization as well as in overall somewhat difficult configuration. Caddy makes it straightforward & simple, which is perfect for simple users who love to self-host.

I tried using Traefik in big corporation, 20+ different load balancer and reverse proxy (all with TLS termination) rules.

Caddy not just worked, but also worked faster and was WAY simplier to setup (using Caddyfile and reverse_proxy directives) than Traefik.

Intel NUC. Myself I prefer Proxmox as the first layer (so I can do stuff remotelly), and Alpine Linux VM as a second layer.

This been rock stable for me for the past 1 year or so.