I went down a very similar path with my constantly bombarded Gitea server… iterating from IP blocking to Traefik rate limiting to finally settling on the nuclear option of Anubis. It’s so worth it.

Why does a worker-owned coop need to grow? Are you presuming they take outside investment / capital?

Yeah, pretty neat!

Not entirely true. You lose tickets and PRs in that scenario.

Close… I’ll download the HTML for an eBay search results page, and then a script splits it up into separate entries and feeds each listing’s HTML chunk to the LLM. I don’t bother with individual listing pages. (This falls down on some edge cases like listings that include multiple variants via a pull-down selection only found on the individual listing page. Maybe a future area of improvement.)

Self host. Just Ollama running on a machine without a GPU! I never said it was fast. :D

Made a product search script that sorts eBay listings based on total per unit price (including shipping). Good for finding the cheapest multi-pack, lot, bundle, etc. by unit. Using Qwen 3 4B and feeding it a single listing at a time to parse.

Same! Okay, not without problems, because running a mailserver isn’t maintenance-free. But Mailu has been generally solid and it works with Docker. (And Podman, unofficially.)

I went down this very same twisty road a while back with rootless Podman. I tried several of the solutions you mentioned. None of them worked. The actual working solution I finally settled on was using Proxy Protocol to pass the original client IP from the host into a container. In my particular case, I’m running a very basic HAProxy config on the host that’s talking Proxy Protocol to Traefik running in a container. And it works great; actual client IPs show up in the logs as expected.

In your particular case, you could probably run HAProxy on the host and have that talk Proxy Protocol to Caddy running in a container.

You can do calendar and contacts separate from email. Try Radicale. I’ve been using it for years.

Another container-based alternative in that space is Mailu.

You don’t even need a star cert… The DNS challenge works for that use case as well.

I use Traefik as my main reverse proxy as well for the same reason—container niceties. But then I actually also use nginx… inside container images, like for containers that just serve static files for example.

Use the right tool for the job!

I use Ansible to meet this need. Whenever I want to deploy to one or more remote hosts, I run Ansible locally and it connects via SSH to the remote host(s). There, it can run Docker Compose, configure services, lay down files on the host, restart things, etc.

The site links to a site that accepts payment data. So because the author’s site is http, a MITM attacker could change the payment links from lulu.com to site-that-actually-steals-your-credit-card.com.

That’s one huge thing https provides over http… assurance of unadulterated content, including links to sites that actually deal in sensitive data.

I haven’t used an out-of-the-box self-hosted solution for this, but I agree with others that blog or static site generator software could work. I think the main challenges you’ll find though are: 1. Formatting the content/site for long-form readability, and 2. Adding a table of contents and previous/next chapter links without a bunch of manual work.

Fortunately blog and static site software have plugins that can add missing functionality like this. Here’s one for WordPress (that I have no first-hand experience with): https://wordpress.org/plugins/book-press/

I also want to ask: What’s your plan for discovery/marketing? Because one of the benefits of the non-self-hosted web novel sites is that readers can theoretically discover your story there. But if you instead just post it on your own site, how will readers ever find it?

That’s unfortunate about NPM and Proxy Protocol, because plain ol’ nginx does support it.

I hear you about Traefik… I originally came from nginx-proxy (not to be confused with NPM), and it had pretty clunky configuration especially with containers, which is how I ended up moving to Traefik… which is not without its own challenges.

Anyway, I hope you find a solution that works for your stack.

I struggled with this same problem for a long time before finding a solution. I really didn’t want to give up and run my reverse proxy (Traefik in my case) on the host, because then I’d lose out on all the automatic container discovery and routing. But I really needed true client IPs to get passed through for downstream service consumption.

So what I ended up doing was installing only HAProxy on the host, configuring it to proxy all traffic to my containerized reverse proxy via Proxy Protocol (which includes original client IPs!) instead of HTTPS. Then I configured my reverse proxy to expect (and trust) Proxy Protocol traffic from the host. This allows the reverse proxy to receive original client IPs while still terminating HTTPS. And then it can pass everything to downstream containerized services as needed.

I tried several of the other options mentioned in this thread and never got them working. Proxy Protocol was the only thing that ever did. The main downside is there is another moving part (HAProxy) added to the mix, and it does need to be on the host. But in my case, that’s a small price to pay for working client IPs.

More at: https://www.haproxy.com/blog/use-the-proxy-protocol-to-preserve-a-clients-ip-address

I can’t comment on that, but actual Docker Compose (as distinct from Podman Compose) works great with Podman.

Maybe…? I’m not familiar with that router software, but it looks plausible to me…