www.youtube.com/watch?v=YhuWay9XJyw
You really should not expose stuff to the internet willy nilly. If you must you need to have extensive monitoring and security controls plus you should understand the application at a deep level.
Comment on Just created my own zero trust network!
tux7350@lemmy.world 3 weeks agoOooo ya know I actually don’t know about these. I’ve done both A and B for my homelab and C for work.
Any good resources / insight into mTLS? I appreciate the response btw!
possiblylinux127@lemmy.zip 2 weeks ago
tux7350@lemmy.world 2 weeks ago
Ahhh interesting video! I appreciate the post. I see the mTLS is more about authenticating who the client is outside the application.
Don’t worry, Im not just exposing thing willy nilly 🤣 For client-side authentication I use Authentik combined with 2FA, Duo, and fail2ban. Authentik provides identity management through LDAP to jellyfin and any sign in request goes to MFA and you get a Duo notification to approve. You can do other MFA, i just havent set it up.
Ive got a lot of family who use my server. Asking them to install a TSL cert on every machine would be impossible. My method also monitors all sign in requests. Setting up Authentik was a hugggeee game changer for me.
RunningInRVA@lemmy.world 3 weeks ago
Google?
tux7350@lemmy.world 3 weeks ago
Well ya know this is a forum and I was trying to engage in a friendly conversation to learn about something you brought up.
But yeah I know how to fucking Google lol
RunningInRVA@lemmy.world 3 weeks ago
Yes it’s a forum. But just because I corrected your error doesn’t mean I am obligated to do a whole fucking write up for you or go to google myself for you. Grow up.
CybranM@feddit.nu 2 weeks ago
Then why reply at all? Zero effort is to avoid commenting, maximum effort is trying to answer, “Google?” is wasted effort