Posting this to get some feedback. Based on @rich-agency-14084 's article, we're considering moving the default proxy to Traefik. By running MQ behind Traefik, we can make it reachable over 443, which will reduce firewall problems in some environments. It also reduces the number of exposed ports overall, and makes the architecture more simple (entire application is reachable over 443, except for WireGuard ports): https://medium.com/@panda1100/a-solution-to-use-port-443-for-client-certificate-authentication-of-netmaker-v0-14-0-455777589b12 Does anyone have objection to this? I know we've been with Caddy for quite a while, but since it's dockerized, sticking in Traefik should be relatively simple. There is also the option to use Caddy based on @rich-agency-14084 's latest guide, but it is much more complicated and based on an experimental module, which is not ideal: https://medium.com/@panda1100/how-to-setup-layer-4-reverse-proxy-to-multiplex-tls-traffic-with-sni-routing-a226c8168826