Caddy 2 will be provisioned on Internet Gateways.
It will provide HTTPS support out of the box by automatically generating TLS certificate for any of the configured websites/HTTP endpoints.
For every application self hosted on The Edge a dedicated Caddy 2 domain name configuration will be defined, so that TLS will be terminated on the Internet Gateway and the respective requests and responses will be forwarded to/from Caddy.
This way, a single Caddy 2 server instance can be shared by all applications self hosted on the Edge depending on HTTP communication.
It can also act as a reverse proxy for any number of servers on The Edge.
The diagram below illustrates this technical decision in the context of an exemplary Edge landscape.
The majority of applications that we'd like to self host on The Edge are web applications in nature, so clients (web browsers, API clients, etc.) use HTTP for communication.
How can we forward HTTP requests originating on the Internet to the respective applications self hosted on The Edge and return back to clients the consequent HTTP responses?
We needed a reliable HTTP reverse proxy that was easy to configure. As we wouldn't plan for high traffic, we valued ease of configuration over throughput and extensibility.
No surprise, nginx was our first candidate to evaluate. It's outstanding software. One could find many valuable resources about a variety of use cases on the Internet.
nginx is robust, performant, extensible, available with literally every Linux distro out there and... A bit of a pain in the neck to configure right per application.