I thought I was going to use Authentik for this purpose but it just seems to redirect to an otherwise Internet accessible page. I’m looking for a way to remotely access my home network at a site like remote.mywebsite.com. I have Nginx proxy forwarding with SSL working appropriately, so I need an internal service that receives the traffic, logs me in, and passes me to services I don’t want to expose to the Internet.

My issue with Authentik is if I need to access questionable internal websites I have to make an Internet accessible subdomain. I don’t want authentik.mywebsite.com to redirect to totallyillegal.mywebsite.com. I want it to redirect to 10.1.1.30:8787.

Is there anything that does that?

  • herrfrutti@lemmy.worldEnglish
    2·
    7 months ago

    You need a wildcard cert for ypur subdoman:

    *.legal.example.com

    Then point that record to 127.0.0.0. This will not resolve for anyone. But you’ll have an internal dns enty (useig pihole/adguard/unbound) that redirects to your reverse proxy.

    You could also point to your revers proxy internal address instead of 127.0.0.0.

    This video could help you: https://www.youtube.com/watch?v=qlcVx-k-02E

  • shrugal@lemm.eeEnglish
    1·
    7 months ago

    I just set up a Vouch-Proxy for this yesterday. It uses the nginx auth_request directive to authenticate users with an SSO server, and then stores the token in a domain-wide cookie, so you’re logged in across all subdomains. Works pretty well so far, you don’t even notice it when you’re logged in to your SSO provider.

    But you do have to tell the proxy where you want to redirect a request somehow, either by subdomain (illegal.yourdomain.com) or port (yourdomain.com:8787) or path (yourdomain.com/illegal). I’m not sure if it works with raw IPs as hosts, but you can add additional restrictions like only allowing local client IPs.

    In my special case I’m using the local Synology SSO server, and I have to spin up an additional nginx server because the built-in one doesn’t support auth_request.