BunkerWeb VS lldap

Keep in mind that integrating a WAF can render certain apps not working if the security configuration is set too paranoid. There are a lot of examples for apps that might be affected, though.

Its documentation is nice as well. You can also find them on Discord and the GitHub repo is also pretty clean and have many example configurations there.

This also effectively allows your killswitch to be Nginx on the VPS while still allowing local network traffic at home. You can take it a step further and geoblock countries and more with https://github.com/bunkerity/bunkerweb.

I know you asked about Nginx vs Caddy but to throw another one into the mix have a look at BunkerWeb. I only started using it within the last couple of months but it's based on Nginx with a tonne of usability and security improvements. I now use BunkerWeb to expose services externally and Traefik internally.

Creating a new discussion here doesn't seem to be an option (doesn't allow me to do so) so I came here.

There's also a security optimized NGINX image called BunkerWeb. It has a WAF builtin and an optional web interface.

Right now I'm doing a similar setup but I want to use NGINX with integrated WAF.

Bunkerised nginx comes me in mind here https://github.com/bunkerity/bunkerized-nginx

Good to hear, I think it'll make many users happy. For me, I've migrated back to Authelia. I moved to authentik because at the time Authelia had no user management. After all of authentik's sharp edges, I've found lldap[0], and was able to implement a pilot in a few hours. I haven't looked back, since everything was converted.

[0]: https://github.com/lldap/lldap

I wrote LLDAP (https://github.com/lldap/lldap) after struggling to install and configure openLdap on my homelab.

I've recently installed and configured LLDAP (Lightweight LDAP) - More details here if you've never heard of it before: GitHub - lldap/lldap: Light LDAP implementation

I've an LLDAP instance running to make managing users easier.

I'm trying to integrate LDAP into my small homelab but I'm extreme noobie in it. So far I've tried: 1. OpenLDAP - not so resource heavy but I found it difficult go get working correctly with NextCloud, Keycloak and Jellyfin. Maybe someone could recommend an easy to follow guide? 2. LLDAP - honestly it's almost prefect. Nice clean UI, great guides how to setup with everything I need, but it's a read-only LDAP, so I cannot create or manage users with Keycloak or NC, that's about the only downside and probably bugs me more than it should. 3. 389ds - has everything I need (and probably some more), super easy to setup with this guide but the elephant in the room is that it uses 700MiB of RAM (whereas LLDAP uses only 7-8MiB). That's a big difference which really makes me question whether I want to use this particular solution.

Note that if you want to use KeyCloak for the OpenID but want to still have a LDAP source of truth, you can use LLDAP + KeyCloak together, with LLDAP as the source of truth and KeyCloak giving you the fancy features: https://github.com/lldap/lldap/blob/main/example_configs/key...

To be fair, their respective documentations (here and here) are pretty comprehensive.