I thought I was going to use Authentik for this purpose but it just seems to redirect to an otherwise Internet accessible page. I’m looking for a way to remotely access my home network at a site like remote.mywebsite.com. I have Nginx proxy forwarding with SSL working appropriately, so I need an internal service that receives the traffic, logs me in, and passes me to services I don’t want to expose to the Internet.
My issue with Authentik is if I need to access questionable internal websites I have to make an Internet accessible subdomain. I don’t want authentik.mywebsite.com to redirect to totallyillegal.mywebsite.com. I want it to redirect to 10.1.1.30:8787.
Is there anything that does that?
Does the nginx proxy server not support authentication?
Cloudflare tunnel is an option, you can even scrap your own nginx
deleted by creator
You can try setting up a VPN, eg headscale/tailscale with your home server being an exit node, and then just set up your questionable services on a domain that only resolves locally - and then you don’t need to use authentik for authorisation to those services.
This is what I have been trying recently, and seems to work well.
You need a wildcard cert for ypur subdoman:
*.legal.example.com
Then point that record to 127.0.0.0. This will not resolve for anyone. But you’ll have an internal dns enty (useig pihole/adguard/unbound) that redirects to your reverse proxy.
You could also point to your revers proxy internal address instead of 127.0.0.0.
This video could help you: https://www.youtube.com/watch?v=qlcVx-k-02E
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=qlcVx-k-02E
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol VPN Virtual Private Network nginx Popular HTTP server
3 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.
[Thread #751 for this sub, first seen 16th May 2024, 06:35] [FAQ] [Full list] [Contact] [Source code]
The exact setup can be achieved by tailscale, a not really known feature is you can point your domain to the, tailscale IP (new ip assigned by tailscale), and it will act just like a normal hosting setup.
Advantage, any device or someone who you do not pre approve can’t see anything if they go to the domain and subdomain. They only work if you are connected and authenticated to tailscale network. I have a similar setup, if you need more pointers please ping me.
Why not run a wire guard server? If you need to access internal things connect to your wire guard server.
New Lemmy Post: Secure portal between Internet and internal services (https://lemmyverse.link/lemmy.world/post/15450931)
Tagging: #SelfHosted(Replying in the OP of this thread (NOT THIS BOT!) will appear as a comment in the lemmy discussion.)
I am a FOSS bot. Check my README: https://github.com/db0/lemmy-tagginator/blob/main/README.md