momsi

joined 1 year ago
sorted by: new top controversial old
Dashboard - but for users in c/selfhosted@lemmy.world
[–] momsi@lemmy.world 2 points 1 year ago

I had authentik before but I found it to be unnecessarily complicated. Its really a nice one stop shop, doing authentication, authorization, even reverse proxing, but the setup/UI is just ... Not very well designed. Or it's so advanced that it's very far from the no it background hobbyist user

Dashboard - but for users in c/selfhosted@lemmy.world
[–] momsi@lemmy.world 1 points 1 year ago

Would be nice if each user could add their own bookmarks so they could use the dashboard as new tab default.

Dashboard - but for users in c/selfhosted@lemmy.world
[–] momsi@lemmy.world 2 points 1 year ago (1 children)

And how do you disable the editing/configuration in Heimdall?

Dashboard - but for users in c/selfhosted@lemmy.world
[–] momsi@lemmy.world 1 points 1 year ago (1 children)

I just played around a little, and even got it playing nice with authelia quick. But I find it to loaded for me. No bad, it's looking awesome, but I really just want a few nice looking bookmarks for when the wife forgets what that one service was called again ;)

How is the Recipient the Only One Able to Decrypt End to End Encryption? in c/explainlikeimfive@lemmy.world
[–] momsi@lemmy.world 2 points 1 year ago

By no means an expert, bit I'll try: One technique would b asymmetric encryption. Every participant has two keys, a public and a private one. When I want to send you an encrypted message, I encrypt the message with your public key. This key you can make available in any way, it can't be used in a harmful way. The message I encrypted with you public, you can decrypt using your private key, and only with that. Like this, you only need to exchange public keys used only for encryption. So no useful information for an attacker. And private keys never need to leave your hands.

Access local cockpit instance without port forwarding in c/selfhosted@lemmy.world
[–] momsi@lemmy.world 1 points 1 year ago

This would tell the peer with this configuration to send all traffic for the whole 192.168.1.0/24 through the tunnel, not sure that is what OP wants. (Didn't look at the link though)

Access local cockpit instance without port forwarding in c/selfhosted@lemmy.world
[–] momsi@lemmy.world 4 points 1 year ago (2 children)

Probably it would be much easier for you to setup tailscale. Just install it on the system you host the other services, install on the other end and use the tailscale ip. It should require minimal effort to set up with the added benefit of not having ports open, and way easier maintaining.

As for wireguard, the allowed up section tells what ips should be routed through the tunnel, it's not that difficult, but hard to wrap your head around at first. A friend of mine also used to use the Fritzbox Implementation of wireguard and I remember you need to specifically setup what clients you want the tunnel to have access to.

Have a look at tailscale.

noob-proof reverse proxy with auth in c/selfhosted@lemmy.world
[–] momsi@lemmy.world 0 points 1 year ago (1 children)

Well yeah, basic auth is surely the easiest method ... though I rather like to go the oauth2/OIDC route.

view more: ‹ prev next ›