This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/quiteCryptic on 2025-01-12 03:20:40+00:00.

I know why its not as popular - many client appls simply don’t support it!

The biggest downside, and why it is not more common in the general world at large is (I believe) because distributing the certificates to users can be cumbersome for large organizations and such… but most self hosted people only have a few users at most (family/friends) who need access to their network.

I prefer it over using a VPN because you 1. don’t have to install vpn client software and 2. don’t have to remember to turn on your vpn before trying to connect (or leave an always on VPN connection).

To clarify mTLS is when you authenticate by providing a certificate in your requests. The server then takes that certificate to verify it before allowing you access. Most people have this as a authorization at the reverse proxy level, so if you don’t have a valid certificate you can never even reach the applications at all.

Usage is dead simple, move a cert onto your device and click/tap it to install onto your device. When using an application that supports it, it will prompt you once to select which cert to use and then never need to ask again. Voila you can access your self hosted app, and no one else can unless you gave them a self signed cert (that only you can generate)