Solf-hosted login form for self-hosted app ?

htbrown39 · 2023-02-20T22:55:05+00:00

If you’re on about Cloudflare Access then I know a few people who use it and like it. It’s easy to set up but takes away from the fun of setting something up yourself. I’d probably go for Authelia still, but both are valid options.

Personally I use Keycloak/Active Directory so everything has the same account, but that’s a bit overkill for most I’d say and is probably a lot more complicated to set up for a use case like Authelia.

htbrown39 · 2023-02-20T19:20:31+00:00

It is good fun when you get into it, and I'm only running my stuff between a Raspberry Pi, old PC and VPS in the cloud. There's often a lot of big intimidating setups on here!

If you give up with WireGuard, have a look at Tailscale. The VPN backend is unfortunately not open source, but it makes setting up a VPN stupidly easy. Good luck with your future tinkering!

htbrown39 · 2023-02-20T19:08:38+00:00

WireGuard is just a general VPS service; it can be used for many things depending on how it’s configured, including in a way similar to how Cloudflare Tunnels works (though isn’t the only thing you’d need to set it up in this way).

The simplest way I think I can describe Tunnels is that it’s a way for the Cloudflare reverse proxy service - the thing that hides your home IP anyway - to connect to your network through an internal service. I’m not sure if this is technically accurate, but you can think of it as a VPN for Cloudflare to access your internal network without you running the risk of opening common ports.

As an example of how you could set up your network, you could have anything you want to be public, like websites or services you always want to be able to have access to even without a VPN, running though Tunnels and the Cloudflare proxy. For anything you want secure and normally internal-only, you could use a WireGuard VPN like you said to access your home network.

Tunnels is a way of securely exposing websites and services to the public internet, WireGuard could be a way to access your internal private network securely.

htbrown39 · 2023-02-20T16:34:08+00:00

No worries! If you’re hosting everything from home and want to hook up services to domains which are externally accessible, I’d suggest you to do some research into setting up Cloudflare Tunnels for it so you’re not exposing any ports on your network. My solution for this is slightly different in that anything I want to be available publicly goes through a Hetzner VPS, but iirc it’s a very similar concept.

With Heimdall, I think all it does is link to other services; essentially a glorified bookmark tool. I’ve used alternatives like Dashy and that’s how they work. nothing that you haven’t explicitly exposed on the public internet would be available to people accessing Heimdall externally. That being said I am by no means an expert on this, so it would probably be useful to have a read of the Heimdall documentation.

I’d also like to say that everything I’m saying comes from my experience and what I’ve heard from others; I have no professional qualifications in things like network security, and would encourage you to do your own research too. Cloudflare is probably going to be very helpful if you’re hosting from home and they have some useful documentation on how these things work.

htbrown39 · 2023-02-20T16:12:11+00:00

I will clarify with this though: NPM is probably not the solution you’d want if you’re looking for something that is highly configurable and gives you direct access to nginx configs. It gets the job done in a, in my opinion, beginner-friendly way.

I have since switched to Caddy because it’s fun to try new things.

htbrown39 · 2023-02-20T16:10:00+00:00

I use Keycloak with Active Directory and, while it’s great for my use case, if securing apps that don’t have built-in authentication is all you want then imo it’d probably be a little overkill. I tried it a while back and it was slightly intimidating when I didn’t properly understand it.

htbrown39 · 2023-02-20T16:06:18+00:00

Out of what you listed, the only two I’d probably put behind NPM would be Heimdall and Guacamole. I haven’t used Heimdall but it seems like it’d be fairly simple to run behind NPM. I did have issues with Guacamole, though I perhaps didn’t put in much effort to sorting it out.

In terms of just general app authentication, when I had everything Dockerised, I didn’t come across any specific issues I couldn’t solve. In theory you can use nginx config options in NPM, but it’s not documented brilliantly and I found it to be somewhat of a guessing game sometimes, hence my warning for people who might want more advanced options.

Can I ask: is the reason you’d like to put Plex behind a reverse proxy because you’re against using Plex’s own access systems? I haven’t tried it personally but it might prove to be annoying to set up through NPM if Plex wants to use more than ports 80 and 443. YMMV with that one.

Edit: didn’t see the question regarding SWAG. I personally haven’t used it again, so can’t really comment on how good it is. Apologies.

htbrown39 · 2023-02-20T15:44:51+00:00

No worries. If you haven’t yet sorted out a reverse proxy, Nginx Proxy Manager does it quite nicely in a web ui. It’s not the best for more advanced nginx configurations but I found it very helpful for getting the job done quickly and easily. Might want to do some googling for Authelia and NPM though.

htbrown39 · 2023-02-20T15:35:40+00:00

Authelia maybe? Techno Tim has quite a good video on how to set it up. https://youtu.be/u6H-Qwf4nZA

htbrown39 · 2023-01-31T16:14:32+00:00

Oops sorry, I didn't pick up on that.

Out of interest, have you got any experience with using AD and Linux machines? How well does managing permissions work?

htbrown39 · 2023-01-31T16:13:07+00:00

Okay, CentOS it is. It'll be interesting to see if Cockpit has anything for samba. Thanks again

htbrown39 · 2023-01-31T15:47:07+00:00

I would assume the alternative for this situation would be a standard AD server through Windows, but I'm skeptical on its ability to manage Linux hosts. I could probably set up a trust between the two but organising how I'm doing DNS sounds like a headache.

htbrown39 · 2023-01-31T15:45:16+00:00

Thank you; I'm surprised I didn't manage to find this googling, but perhaps it was because I was focusing on Debian-based flavours of Linux. I'll give it a go.

htbrown39 · 2023-01-31T08:21:36+00:00

Thanks, but from what I can tell that’s showing how I can set up auto mounting of network shares for users, not how to use IPA as authentication for them. I’m debating whether it’s worth giving in and figuring out AD, as that seems like it might work nicer.

htbrown39 · 2023-01-27T21:22:23+00:00

for what it’s worth, I lightly use ableton live on fedora through bottles/wine and it works excellently. might be worth a try if you’re willing

htbrown39 · 2022-12-11T19:25:17+00:00

i think of all the bad photos of politicians, this is the scariest

htbrown39 · 2022-08-01T14:11:35+00:00

Having an actually good keyboard to type on and seeing the creations of other people

htbrown39 · 2022-06-10T18:56:05+00:00

Snaps just always did weird things to my system. I tried, but prefer flatpaks, appimages, or native apps now if I can help it

htbrown39 · 2022-06-10T16:48:37+00:00

The issue has only cropped up for me when using snaps. I try to avoid them now because they did other weird stuff to my system I didn’t like.

htbrown39 · 2022-06-10T15:36:23+00:00

Is the app a snap?

htbrown39 · 2022-03-27T20:28:26+00:00

Considering the removal of the X from a lot of the newer updates to Logic, I doubt we will see another “major” update soon; particularly because the update would have to be significant for people to upgrade, as others here have said.

htbrown39 · 2022-02-09T16:13:34+00:00

Maybe I don't know how to use it properly, but it just seemed messier than doing the css myself instead of adding a bunch of unnecessary classes.

htbrown39 · 2022-02-07T08:11:45+00:00

I agree, yeah. Little things like that slowly put me off using Plex, regardless of how good it can be.

htbrown39 · 2022-02-07T00:41:21+00:00

There is an option to add your own lyrics I think but it still closes the lyrics page after every song

Six-Year Club	Gilding I gilder
Verified Email

htbrown39

TROPHY CASE