So I think my understanding of this is evolving, thankfully. Unlike traefik, there's no automatic configuration so using nginx as a proxy you're specifying virtual hosts manually, right? I've heard comments about nginx not handling restarts as well, with some of those comments implying it's due to the random IP assignment, but they're so few and far between I'm guessing that if you define the virtual hosts in your compose you'd be fine even after restarts?
If that's all right then so far so good. I guess I'm still unclear on how nginx-proxy-manager doesn't need the socket. Is it because they use docker-gen and that doesn't need it the same way traefik or haproxy do?
Sorry for all the questions, but I'm easily 40 hours into my attempts to get a basic setup working that can reverse proxy requests from my semi-protected IOT/DMZ network to local containers and some others via SSL to a media server in my guest network in a way that isn't unsat from the start due to accessing docker-socket in a way (e.g. traefik mounting docker.sock) that exposes the entire stack to RCE if the proxy is exploited.
I need a super secure reverse proxy to docker containers and maybe it will all have to live on that host because I'm too early in my journey, but I can't even get that fundamental necessity running properly. So frustrating...