I host a ton of services running behind my nginx reverse proxy (basic auth + lets encrypt). On the whole it works really well with nearly everything I throw at it. Lately, there's been a lot of gradio/websocket/python stuff coming from the AI community like the local llama and stable diffusion stuff. Not sure what's causing it but there's always weird issues when I try to reverse proxy them.
Does anyone have some magic settings that "just work" with these weirdo web apps?
Can't talk about anything but SD (using various UIs, mostly AUTOMATIC1111's and other variants of the official) but they "just work" behind traefik. Traefik does the SSL termination and figures out which service (ip + port) to talk to based on its config. By default it does ACME (Let's Encrypt) for you and handles passing websockets without the special config lines like you need in nginx (though that should be as easy as this). As long as the application is well written (which is not always the case in the ML world, haha) and uses relative URLs for links, most everything should "just work" behind a reverse proxy, or need a config flag or two telling them they can trust the proxied SSL/IP and stuff like that.
+1 for Traefik. I got tired of all of nginx's quirks. It's really powerful and I'm sure the combinations of achievable results are infinite with nginx... so for some use cases it makes sense. But seriously... almost every container I'm likely to deploy follows a fairly simple model and traefik to just "works" with everything I've tried so far. I have ALL the traefik config in docker compose labels so every single configuration element I need to spin up a container a second time or on a new host is in ONE place.