Hello everyone,

I have a Traefik installation and I wish to increase the security of my setup.

I plan to deploy a crowdsec bouncer, but I also have stumbled upon Authentik and Authelia, and I am not sure I totally understand their purpose.

From what I understand, those services would allow to only allow Traefik to redirect the user to the appropriate service if correctly authenticated, is that correct?

Also, using either Authentik or Authelia, user can use SSO to register/login ? How can I control who can register?

Finally, assuming my understanding of those services is correct, I suspect that using a web browser to access the services, the login UI will be prompted, but what if I use a mobile application? For instance I use immich to backup my pictures, so in the immich mobile app server settings I have : immich.mydomain.com, how would that works out if I use either Authentik or Authelia?

I thank you in advance for your answers.

  • ElevenNotes@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    How about accessing your selfhosted applications that only you use only via VPN? Exposing your selfhosted applications to the world is only needed if, well, you need the whole or a part of the world to access it? Authentik works great for authentication, but that’s about it, and you are right, most apps don’t work anymore if you add an authentication layer that does not natively exist on it.