Comment on LDAP to UNIX user proxy
kevincox@lemmy.ml 2 months agoBut the problem is that most self-hosted apps don’t integrate well with these. For example qBittorrent, Jellyfin, Metabase and many other common self-hosted apps.
Comment on LDAP to UNIX user proxy
kevincox@lemmy.ml 2 months agoBut the problem is that most self-hosted apps don’t integrate well with these. For example qBittorrent, Jellyfin, Metabase and many other common self-hosted apps.
Shimitar@feddit.it 2 months ago
They actually do, i am down the same path recently and installing authelia was the best choice I made. Still working on it.
But most stvies support either basic auth, headers auth, oidc or similar approaches. Very few don’t.
kevincox@lemmy.ml 2 months ago
How are you configuring this? I checked for Jellyfin and their are third-party plugins which don’t look too mature, but none of them seem to work with apps. qBittorrent doesn’t support much (actually I may be able to put reverse-proxy auth in front… I’ll look into that) and Metabase locks SSO behind a premium subscription.
IDK why but it does seem that LDAP is much more widely supported. Or am I missing some method to make it work
Shimitar@feddit.it 2 months ago
You might use LDAP, but its total overkill.
I have not yet worked jellyfin with authelia, but its more or less the last piece and I don’t really care so far if its left out.
A good reverse proxy with https is mandatory, so start with that one. I mean, from all point of views, not login.
I have all my services behing nginx, then authelia linked to nginx. Some stuff works only with basic auth. Most works with headers anyway, so natively with authelia. Some bitches don’t, so I disable authelia for them. Annoying, but I have only four users so there is not much to keep in sync.
kevincox@lemmy.ml 2 months ago
I do use a reverse proxy but for various reasons you can’t just block off some apps. For example if you want to play Jellyfin on a Chromecast or similar, or PhotoPrism if you want to use sharing links. Unfortunately these systems are designed around the built-in auth and you can’t just slap a proxy in front.
I do use nginx with basic with in front of services where I can. I trust nginx much more than 10 different services with varying quality levels. But unfortunately not all services play well.