this post was submitted on 16 May 2024
22 points (89.3% liked)

Selfhosted

40083 readers
624 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
22
Secure portal between Internet and internal services (lemmy.world)
submitted 5 months ago by johnnixon@lemmy.world to c/selfhosted@lemmy.world
19 comments fedilink hide all child comments
 

I thought I was going to use Authentik for this purpose but it just seems to redirect to an otherwise Internet accessible page. I'm looking for a way to remotely access my home network at a site like remote.mywebsite.com. I have Nginx proxy forwarding with SSL working appropriately, so I need an internal service that receives the traffic, logs me in, and passes me to services I don't want to expose to the Internet.

My issue with Authentik is if I need to access questionable internal websites I have to make an Internet accessible subdomain. I don't want authentik.mywebsite.com to redirect to totallyillegal.mywebsite.com. I want it to redirect to 10.1.1.30:8787.

Is there anything that does that?

you are viewing a single comment's thread
view the rest of the comments
[–] Lem453@lemmy.ca 3 points 5 months ago (1 children)

This is the way. This is the video I followed.

https://www.youtube.com/watch?v=liV3c9m_OX8

I use traefik as reverse proxy. I have externally accessible domains for and then extra secure internal only domains that require wireguard connection first as an extra layer of security.

Authentik can be used as a forward auth proxy and doesn't care if it's an internal or external domain.

Apps that don't have good login or user management just get Authentik proxy for single sign on (sonarr, radar etc).

Apps that have oAuth integration get that for single sign on (seafile, immich, etc)

To make it work the video will talk about adding both the internal and external domains to the local DNS so that if you access it from outside it works and if you access from wireguard or inside the lan it also works.

[–] PipedLinkBot@feddit.rocks 1 points 5 months ago

Here is an alternative Piped link(s):

https://www.piped.video/watch?v=liV3c9m_OX8

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.