Dual reverse proxy: Nginx edge + Traefik internal

Decision

Nginx handles edge SSL termination and static sites. Traefik v3.6 routes container traffic internally via Docker labels. Stream SNI block in Nginx passes *.arjtech.in TLS to Traefik.

Rationale

Single proxy cannot efficiently handle both static content and dynamic Docker container routing. Nginx excels at edge/SSL/static. Traefik excels at Docker-native auto-discovery. Stream SNI block allows Traefik to handle its own SSL for container subdomains.

Alternatives Rejected

Rejected: (1) Traefik-only — poor static site handling, (2) Nginx-only — requires manual upstream config for every container, (3) Caddy — less Docker-native than Traefik

Outcome

Pending

Second Brain

Explorer

Dual reverse proxy: Nginx edge + Traefik internal

Dual reverse proxy: Nginx edge + Traefik internal

Decision

Rationale

Alternatives Rejected

Outcome

Graph View

Table of Contents