Benny
m0veax@benny my rule of thumb is, if only I need to access it -> vpn.
If I offer the service for someone else, put it behind mfa. Authelia is a great starting point for that.
@m0veax the only use case would be that I can also use it on my Corporate MacBook where I can‘t install Tailscale.
I have recently replaced Authentik with PocketID + TinyAuth. PocketAuth is a „passkey only“ solution.
@benny is just opening the port for your work IP an option?
@m0veax would be an option, but I don‘t know how „fix“ the external IP Adress of the corporate network is. I would assume that there are multiple, why I have to maintain a lot in the beginning.
But I can check it BunkerWeb is supporting mTLS/Client-Side Certificate Authentication.
But I can check it BunkerWeb is supporting mTLS/Client-Side Certificate Authentication.
Kristof@benny have you looked at Pangolin to expose some services? You can protect them with an extra layer + SSO.
@iworx i use a different way: VPS + BunkerWeb + Tailscale.
I have recently posted about it (there is no English version only yet): https://mastodontech.de/@benny/114948440115886951
For SSO, I use PocketID (+ TinyAuth for Traefik Middleware Auth)
Benny (@[email protected])
📰 Just Published! My new post is live: Öffentlicher Zugriff auf Selfhosted Services Check it out here: https://hierl.dev/posts/oeffentlicher-zugriff-auf-selfhosted-services/ #Selfhosting #CloudflareTunnel #Tailscale #BunkerWeb #CrowdSec
tioan@tioan nutze für den öffentlichen Zugriff bereits ein ähnliches Setup: https://hierl.dev/posts/oeffentlicher-zugriff-auf-selfhosted-services/