Skip to content

ADR-003 — Caddy over HAProxy (and NPM)

Date: 2026-03-19 Status: Accepted

Decision

Replace Nginx Proxy Manager with Caddy as the reverse proxy. HAProxy was the original candidate.

Why

  • NPM requires manual UI configuration — not IaC-compatible
  • HAProxy has no built-in HTTPS/Let's Encrypt — would require separate cert management
  • Caddy is config-file driven (single Caddyfile in git), handles Let's Encrypt automatically, and supports TCP proxying via the layer4 plugin

Trade-offs

Traefik was also considered. It auto-discovers services via Docker labels, making it better suited for dynamic container environments. For a stable homelab with a fixed service set, a centralized Caddyfile is simpler and easier to audit.