I recently figured out reverse proxies and I have several apps that I want to expose for ease of use for family members. I have found authelia and thought I could set that up as an extra protection against suspicions activity but after thinking about it a bit more I realized that the apps I want to expose already have user accounts and passwords so it would make things a bit more annoying when logging in. plus would authelia even work if the user is using a phone app instead of the web browser?

What are your ways of keeping your servers safe from suspicious activity or even monitoring them for suspicious activity ?

Before this post gets blasted with “just use a VPN” Yes I already have wireguard up and running but trying to get family members setup with a vpn that are technology illiterate is a nightmare

  • xardoniak@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I used to use Nginx Proxy Manager for exposing services but generally you end up exposing the login page for that particular app and you have a different login per app which is a pretty shitty solution for non-IT folk. I’ve tried to set up Authelia and other similar things and found them to be very annoying to set up / configure. Maybe I’m just an idiot though!

    I would suggest having a think about what you want to expose and whether there’s a better way (eg overseerr instead of exposing radarr/sonarr)

    CloudFlare tunnels are also great - they obfuscate your public IP and can have a login form in front of them. You provide a list of email addresses that can log in to Cloudflare and only those users can access the website. I have mine set up to auth through Google accounts for example but you can use GitHub, office and I believe Discord. Not managing user accounts has been a life saver for me… You can also block access from outside of your country.