This is the first time I’ve heard of mTLS. Sounds interesting, any tutorial recs?
Comment on CalDAV Server Without Exposing Server?
Selfhoster1728@infosec.pub 3 days ago
mTLS with a reverse proxy!
ClownsInSpace2@lemm.ee 3 days ago
Selfhoster1728@infosec.pub 3 days ago
Not any in particular but mTLS is essentially just a reverse proxy (like nginx) asking a client for a certificate to be able to access the service behind it.
There are quite a few guides out there, so choose one for your reverse proxy of choice!
suzune@ani.social 3 days ago
So it’s the good old client certificate authentication?
Selfhoster1728@infosec.pub 3 days ago
yep
In my opinion it’s the best solution because there’s a really low attack surface plus it makes it easy to control which device has access to which services.
cmg@infosec.pub 3 days ago
What caldav clients supports that?
I’d recommend the Tailscale style approach. MTLS is a pain imo without infrastructure and especially on the app layers
Selfhoster1728@infosec.pub 3 days ago
Tailscale is simpler but when you’re accessing from devices behind VPNs like I do mTLS is a lifesaver.
I find mTLS cool too :P