I don’t want to manage my mTLS. That’s why I’m looking for a better solution.
Comment on Is there a self hosted mTLS manager?
glizzyguzzler@piefed.blahaj.zone 4 weeks ago
If you feel up for answering, what is your use case for wanting to manage your own mTLS?
possiblylinux127@lemmy.zip 4 weeks ago
glizzyguzzler@piefed.blahaj.zone 4 weeks ago
Gotchya, so at the reverse proxy stage you have a pathway for “if they have the mTLS certificate, allow in” to let you access your stuff from outside your local network?
bear@slrpnk.net 4 weeks ago
My main use case is using it to protect my exposed Home Assistant instance in a way that doesn’t require a VPN that family can screw up. I can just install the cert into the app for them and it Just Works. I also use it for my own Gotify notifications.
As a more general rule, I apply it to anything I want to expose but can’t easily protect using OIDC logins.
glizzyguzzler@piefed.blahaj.zone 4 weeks ago
I’ve found Authentik’s proxy will break things that don’t support it (like a Jellyfin app; afaik no app supports hitting an Authentik proxy login first). Do you have a way around that? Or are the friends/fam web-browser only unless they get around to the certificate?
tux7350@lemmy.world 4 weeks ago
You can use Authentik to setup an LDAP outpost then use a jellyfin LDAP plug-in to sync everything up.
github.com/jellyfin/jellyfin-plugin-ldapauth?tab=…