undefined | Better HN

0 pointsrrdharan9y ago0 comments

I love that thing - I use it with nginx to secure access to stuff running on my home machine that I want to expose publicly (e.g. the Transmission Web UI).

0 comments

StavrosK9y ago

Wouldn't something like Caddy's multipass[1] be easier and with less third-party approval?

That said, I just use Caddy to proxy all my home's internal services with basic auth. At work I use the same setup, except it authenticates against our LDAP server.

[1]: https://caddyserver.com/docs/multipass

brazzledazzle9y ago

That's a great use for it I hadn't considered. Thanks for the idea.

chayesfss9y ago

What types of webservices? Just pure L7 stuff that has forms on it? Is that oauth2proxy just an authenticated reverse proxy or can it add some security context to the internal interface?

roque9y ago

We use it in conjunction with kubernetes service proxy https://github.com/pedro-r-marques/k8s-service-proxy to access all of our internal services and debug ports deployed in the k8s/GKE cluster. oauth2 proxy authenticates, service discovery in k8s means that we can keep publishing apps. We don't use fine grain ACLs... But i guess that we could if we wanted to.

j / k navigate · click thread line to collapse