This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/-elmuz- on 2024-09-26 21:30:32+00:00.

Hello hosters!

I am moving from a local network self-hosted system into a publicly exposed one for a limited group of services. They’re going to be a single-user scenario (only me).

Now, when in public, being protected will become crucial and I am planning this carefully. In particular:

• I am using SWAG reverse proxy. In LAN it only does reverse proxy. Now I am pairing it with Authelia so that every proxied service will force a login (same credentials for all services, which is nice for my setup). Also 2FA available, cool.
• Some services have already a login mechanism (healthchecks, nextcloud to name a couple). Some also offer already 2FA.
• Most of the these login-equipped services won’t let you bypass the login mechanism. The might “remember you”, but that’s another story.

Now my question is:

1. would you selectively apply Authelia only to some services?
2. would you run it an all the services (maybe you trust authelia more) resulting in double login procedure for some of them?
3. Is there a cleaner solution?