I can tell you we are not fans of portainer from a deployment perspective, though we find it OK for monitoring. Yacht is near and dear to us as the dev is a member of our discord and works closely with us. I’ve never personally heard of caprover.
We have an app that handles 1 and 2, so it’s unlikely we would go seek or recommend anything trying to “do it all” you can, of course, reverse proxy yacht and add in SSO/mfa via our SWAG container and authelia.
I will add, these kinds of questions are definitely better in a discussion format, such as our discord, in our #lounge or #linux-chat areas.
Not to necro this thread (Sorry in advance if it’s against the rules but I didn’t see it in the community guidelines).
For Yacht, disable authentication and use SWAG with Authelia to enable SSO via your reverse proxy. It’s going to be hard for me to keep up with adding new authentication methods when Authelia already does such a great job of this and integrates nicely with SWAG.