Caddy?
Comment on VoidAuth Release v1.6.0 - Optimization and 1k Stars Celebration 🎉
irmadlad@lemmy.world 21 hours ago
I’ve always wanted a SSO, however, at this point with over 75 apps, I would have to integrate them somehow.
VoidAuth does NOT provide https termination itself, but it is absolutely required. This means you will need a reverse-proxy with https support in front of VoidAuth, as well as your other services.
How would that work in an evil Cloudflare Tunnel/Zero Trust setup?
kurikai@lemmy.world 21 hours ago
irmadlad@lemmy.world 20 hours ago
Well, I’m not sure if the evil Cloudflare Tunnel/Zero Trust, Tailscale, would play nice with Caddy in the mix. I used to use Caddy a long time ago and it is a very capable piece of software. Cloudflare Tunnel/Zero Trust handles pretty much what Caddy does, so I’m unsure if it would create conflict.
AmbiguousProps@lemmy.today 20 hours ago
There’s always caddy-cloudflare: github.com/CaddyBuilds/caddy-cloudflare
This works perfectly with Cloudflared tunnels. I use it for full https (validated) in completely internal endpoints.
irmadlad@lemmy.world 20 hours ago
Hmmmm, I did not know that existed. I’ll check it out.
notquitenothing@sh.itjust.works 20 hours ago
I think technically you might actually not need https termination anymore, it was required when the session cookies were set
securemanually but now they should be set automatically if the request protocol was https. You can give it a try just using http or self-signed certs, if you do let me know if it works!You should be aware though that if you are not using https your password and other secrets will be transmitted unencrypted on that layer, so make sure that your setup is secured/encrypted in some other way like wireguard/Cloudflare tunneling.
irmadlad@lemmy.world 20 hours ago
be aware though that if you are not using https
Most definitely using https. I’ll give it a go and see what shakes out. Thanks for the help. I’ll report back.
CHOPSTEEQ@lemmy.ml 21 hours ago
For your 75 apps, any that doesn’t support OIDC can be protected by VoidAuth’s ProxyAuth. Have your reverse proxy forward the request to the voidauth api and it will use the authenticated user’s group membership to allow or deny access. So in your case you could have a blanket rule covering your entire domain and gradually add more specific paths as needed.
Can’t help with your question unfortunately. But I highly endorse VoidAuth!
kurikai@lemmy.world 20 hours ago
Got any documentation you could point me to to learn about that. As that sounds Interesting.
CHOPSTEEQ@lemmy.ml 20 hours ago
voidauth.app/#/ProxyAuth-and-Trusted-Header-SSO-S…
The entire docs are pretty short but cover everything. I stumbled into one issue and worked with the dev to update the docs. It was a breeze.
kurikai@lemmy.world 18 hours ago
Thanks
irmadlad@lemmy.world 20 hours ago
Ok well that’s helpful. Thanks for the input. I have seen a lot of people recommend VoidAuth so there has to be something to it. LOL