I’ll throw in SWAG as another option which I found was easiest to setup, albeit it on a VPN/local only setup. It supports certbot for SSL and pre-defined proxy configs for various services (mostly linuxserver.io containers but there are others) and it’s easy to edit them to make your own configs. I’m not sure about portainer support as I’m not familiar with that.

Traefik really shines when you have an orchestrator like k8s/nomad automatically driving its config via labels.

Everyone has an opinion, and at the end of the day, whatever works best for you is what you should stick with.

I like Traefik because you can mount /var/run/docker.sock:/var/run/docker.sock:ro to Traefik, then it can read labels from containers, and automatically wire up new instances based on labels on them. I’m sure there’s equivalent in other reverse proxy solutions, but as I said, it works for me and I like it.

I give that container my Cloudflare origin certificate, everything gets encrypted in transit to Cloudflare, and then Cloudflare handles all the SSL management for me, as well as provide extra layer of DDOS protection.

As someone who’s used pretty much every solution out there at some point, I have thoughts on the main contenders:

• Traefik is great if you’ve got a purely docker setup. It’s extremely powerful and the dashboard is quite nice, but it’s quite complex and it’s got a lot of moving parts. Docker integration works great but the whole label configuration thing is clunky, and the documentation can be confusing.
• Caddy ingests a dead simple config and just works. Can easily handle cert renewal behind the scenes without you even having to think about it, drop the dynamic DNS one in and you basically have it all covered. There’s even one that gives it Traefik-like capabilities, although I can’t speak for how well it works in practice.
• NPM works great if you’re more of a GUI person, very straightforward and impossible to screw up but a bit more annoying to go off the beaten path imo

I personally favor Caddy these days, but they’re all solid choices.

I have a setup very similar to what you described in terms of having several web geegaws hiding behind a proxy, with Docker to manage them all. Foundry is even part of my setup as well (speaking of which, join https://lemmy.ml/c/FoundryVTT it’s still pretty dead in there but one of the reddit mods came over and while they’re not promoting things they’re keeping an eye on them).

The proxy server of choice is very much matter of taste.

• I use Caddy, which is very modern, simple to configure, and automatically handles letsencrypt cert setup out of the box.
• Nginx is almost as modern, more flexible/powerful, IMO less beginner-friendly to setup, and has letsencrypt automation but not out of the box. Nginx is probably most common these days.
• I know less about traefik, I feel like that’s most often employed as a kubernetes ingress… but maybe people use it for other stuff and I just haven’t encountered it. I do feel like outside of k8s, it’s MUCH less common than nginx.
• Good ole apache is great if you know how to use it. It’s a bit archaic to configure compared to nginx or caddyz and though it is supremely capable, I do not recommend it unless you’re already steeped in its ways.

There’s a hundred other options as well, but it’s really just preference for a toy setup like ours. I’ve used many of these things and prefer Caddy for my homelab stuff cause it’s dreamily simple to configure. If I wasn’t using Caddy, I’d be using nginx just because it’s so commonly used that you can find help/instructions for anything you can imagine.

NPM is great! I even use it in a production environment at work for a small service and it works beautifully

I use NPM which is also a docker image and has automatic let’s encrypt and a nice interface. Nginx Proxy Manager.