Lem453

@Lem453@lemmy.ca

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Lem453,

This, I used to have a kubernetes setup but how much redudency can you really have at home. Do you have a generator? Multiple Internet lines?

The fact is most hardware is highly reliable. Having good backups to restore from is all you need and you gain a huge improvement in simplicity which adds reliability in and of itself.

Lem453,

Because authentik uses flows, you can insert the 2FA part into any login flow (proxy, oauth, ldap etc)

youtu.be/whSBD8YbVlc

Lem453,

If you have to add a whole other app the match what authentik can do, is authelia really lighter weight?

Im joking because authentik does takes a decent chunk of ram but having all protocols together is nice. You can actually make ldap authentication 2FA if you want.

Lem453,

The above YouTube video shows that you can get authentik to send a 2fa push authentication that requires the phone to hit a button in order to complete the authentication flow.

Lem453,

I also use glutun, works really well. Lots of VPNs are supported. Easy to add any docker container you want to it.

Lem453, (edited )

The primary reason to put authentik in front of arrs is so I don’t have to keep putting in different password for each when logging in. I disable the authentication for each of them in the app itself and then disable the exposed docker port as well so the only way to access it it via traefik + authentik. It has local access only so isn’t directly exposed to the internet.

10 free accounts on duo is very nice but I hate being locked into things (not self hosted). An open source or self hosted alternative to duo would be great.

Lem453, (edited )

You are completely correct…for normal certs. Internal domains require a wild card cert with DNS challenge.

This video explains how to set it up with traefik

youtu.be/liV3c9m_OX8

I’d bet caddy can do something similar.

Basically you have:

  1. Seafile.domain.com -> has it’s own cert
  2. *.local.domain.com -> has its own cert but the * can be anything and the same cert can be used for anything in place of the star as many times as you want and therefore doesn’t need to be internet accessible to verify. That way vaultwarden.local.domain.com remains local only.
Lem453, (edited )

github.com/photown/private-pdf

Self hosted PDF editor sounds great!

I wish it had thr ability to add or remove a password from a document. Other than that it looks perfect.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #