BennyAug 13, 2025

Installed #karakeep in my #HomeLab — moving my #Notion links collection over. Loving the #AI auto-tagging. Now stuck on whether to make the service public so I can access it without a VPN or keep it locked down 🤔

#selfhosted

Show threadm0veax

@benny my rule of thumb is, if only I need to access it -> vpn.

If I offer the service for someone else, put it behind mfa. Authelia is a great starting point for that.

Aug 13, 2025 at 6:12amWeb
Show threadBennyAug 13, 2025

@m0veax the only use case would be that I can also use it on my Corporate MacBook where I can‘t install Tailscale.

I have recently replaced Authentik with PocketID + TinyAuth. PocketAuth is a „passkey only“ solution.

Show threadm0veaxAug 13, 2025
@benny is just opening the port for your work IP an option?
Show threadBennyAug 13, 2025
@m0veax would be an option, but I don‘t know how „fix“ the external IP Adress of the corporate network is. I would assume that there are multiple, why I have to maintain a lot in the beginning.
But I can check it BunkerWeb is supporting mTLS/Client-Side Certificate Authentication.