This is an automated archive made by the Lemmit Bot.
The original was posted on /r/selfhosted by /u/-elmuz- on 2024-09-26 21:30:32+00:00.
Hello hosters!
I am moving from a local network self-hosted system into a publicly exposed one for a limited group of services. They’re going to be a single-user scenario (only me).
Now, when in public, being protected will become crucial and I am planning this carefully. In particular:
- I am using SWAG reverse proxy. In LAN it only does reverse proxy. Now I am pairing it with Authelia so that every proxied service will force a login (same credentials for all services, which is nice for my setup). Also 2FA available, cool.
- Some services have already a login mechanism (healthchecks, nextcloud to name a couple). Some also offer already 2FA.
- Most of the these login-equipped services won’t let you bypass the login mechanism. The might “remember you”, but that’s another story.
Now my question is:
- would you selectively apply Authelia only to some services?
- would you run it an all the services (maybe you trust authelia more) resulting in double login procedure for some of them?
- Is there a cleaner solution?
You must log in or register to comment.