I thought I was going to use Authentik for this purpose but it just seems to redirect to an otherwise Internet accessible page. I’m looking for a way to remotely access my home network at a site like remote.mywebsite.com. I have Nginx proxy forwarding with SSL working appropriately, so I need an internal service that receives the traffic, logs me in, and passes me to services I don’t want to expose to the Internet.
My issue with Authentik is if I need to access questionable internal websites I have to make an Internet accessible subdomain. I don’t want authentik.mywebsite.com to redirect to totallyillegal.mywebsite.com. I want it to redirect to 10.1.1.30:8787.
Is there anything that does that?
Why not run a wire guard server? If you need to access internal things connect to your wire guard server.
You need a wildcard cert for ypur subdoman:
*.legal.example.com
Then point that record to 127.0.0.0. This will not resolve for anyone. But you’ll have an internal dns enty (useig pihole/adguard/unbound) that redirects to your reverse proxy.
You could also point to your revers proxy internal address instead of 127.0.0.0.
This video could help you: https://www.youtube.com/watch?v=qlcVx-k-02E
This is the way. This is the video I followed.
https://www.youtube.com/watch?v=liV3c9m_OX8
I use traefik as reverse proxy. I have externally accessible domains for and then extra secure internal only domains that require wireguard connection first as an extra layer of security.
Authentik can be used as a forward auth proxy and doesn’t care if it’s an internal or external domain.
Apps that don’t have good login or user management just get Authentik proxy for single sign on (sonarr, radar etc).
Apps that have oAuth integration get that for single sign on (seafile, immich, etc)
To make it work the video will talk about adding both the internal and external domains to the local DNS so that if you access it from outside it works and if you access from wireguard or inside the lan it also works.
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=liV3c9m_OX8
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
The only catch is that some ISP or workplaces filler public DNS entries that point to private IPs because they can be indications of certain attacks.
But does this matter if you just want this to be locally accessible and you’re running your own dns?
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=qlcVx-k-02E
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Does the nginx proxy server not support authentication?
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| DNS | Domain Name Service/System |
| HTTP | Hypertext Transfer Protocol, the Web |
| IP | Internet Protocol |
| SSO | Single Sign-On |
| VPN | Virtual Private Network |
| nginx | Popular HTTP server |
[Thread #751 for this sub, first seen 16th May 2024, 06:35] [FAQ] [Full list] [Contact] [Source code]
You can try setting up a VPN, eg headscale/tailscale with your home server being an exit node, and then just set up your questionable services on a domain that only resolves locally - and then you don’t need to use authentik for authorisation to those services.
This is what I have been trying recently, and seems to work well.
