yes, there are professional third party cybersecurity auditors you can hire, but I doubt anyone here would ever need them.

Please people, stop being paranoid about your security. close up all unnecessary ports, and that’s what you can do on your end. whatever else, if the service binding to an open port has security vulnerabilities you don’t know, the project team may very well be unaware of it either, and there’s nothing you could do.

also, if you have multiple users using your service, then it’s their password strength that you should be worrying the most, not your infrastructure.

From my point of view, most things related to software config is hierachical, meaning that a tree like structure is the most intuitive in understanding them. YAML is tree based, while TOML is section based. I find YAML much easier to keep track of. And I have great experience with Python, so the indentation is pretty straight forward for me.

But I’m not picking sides and defying the other. It’s purely personal mind set related. Actually I do find some workflow very suited for TOML, like build systems, where each task is in its own section, shouting clear cut domain and dependency boundaries.

It is a simple layer 7 proxy and nothing more. It is the simplest so it works. As a comparison, almost all other reverse proxies can handle layer 4 traffic.

and I don’t miss the label feature of traefik at all. centralized config for an entrance gateway is so much easier to maintain and find security flaws. I think labeling would be useful only in production clusters with thousands of microservices that you absolutely need the reverse of control to get away from dependency hell. Otherwise, I advice against using such feature, not even with a caddy plugin. (I mean if you really need it, why not just use traefik…)