100%. I go even further and explicitly advise against traefik these days, and I was a huge proponent of it when it launched.

Caddy is just the best reverse proxy, period. When the experiments for using it as a Kubernetes ingress succeed, it’s going to change everything.

https://voidauth.app/#/ProxyAuth-and-Trusted-Header-SSO-Setup

The entire docs are pretty short but cover everything. I stumbled into one issue and worked with the dev to update the docs. It was a breeze.

For your 75 apps, any that doesn’t support OIDC can be protected by VoidAuth’s ProxyAuth. Have your reverse proxy forward the request to the voidauth api and it will use the authenticated user’s group membership to allow or deny access. So in your case you could have a blanket rule covering your entire domain and gradually add more specific paths as needed.

Can’t help with your question unfortunately. But I highly endorse VoidAuth!

It’s beautiful. It took me under an hour to implement. I never got authentik or authelia working, and this is all in one container.

Your ports are not mapped so the host system doesn’t know about them. You only have them exposed, which is for docker communication.

Map your ports and then you’ll be able to access them by host-ip:mapped-port.

Then you can use nginx to proxy to that.