caddy-auth-portal VS Nginx Proxy Manager

Caddy Auth Portal. Also has the advantage of providing unified secure 2FA.

I am very happy with the this caddy extension: https://github.com/greenpau/caddy-auth-portal.

Sorts this precise use case for me, need for common login provider. Without the banality of basic auth.

Check out caddy-auth-portal

After dabbling with Caddy's auth-portal, nginx Vouch proxy, Keycloak and Authelia I found Authentik.

Usually with this plugin: https://github.com/greenpau/caddy-auth-portal

There’s caddy-auth-portal which I’ve not used myself, but heard good things about.

I hope this post helps setting up your SSO with Caddy. I'd highly recommend trying it out if you find yourself always needing to authenticate with different services on your domain – and check out caddy-auth-portal's docs for even more advanced features!

This sounds like an XY Problem. It sounds like you're missing a good IAP solution to deal with access controls. Something like oauth2_proxy, Keycloak, Pomerium, etc. Hell, I've even set up a basic IAP with Caddy and Oauth Portal.

I discovered these 3 amazing projects recently:

Cryptpad, essentially google docs/sheets/forms e2e encrypted. It does include collaboration. https://github.com/cryptpad/cryptpad

Immich, google photos self hostable, with share options https://github.com/immich-app/immich

Nginxproxymanager manages certificates and proxies to self hosted stuff through nginx https://github.com/NginxProxyManager/nginx-proxy-manager

Great self hosting stuff!

Nginx Proxy Manager

Take a look at NginxProxyManager. This would give you the opportunity to put everything in the form of service1.domain.com , service2.domain.com ,etc.

Prime example: Nginx Proxy Manager is often recommended in the sub. The latest minor release came with breaking changes (so already ignoring semver). I bet you many people were running on latest and then had broken stuff: https://github.com/NginxProxyManager/nginx-proxy-manager/releases/tag/v2.10.0

I started looking into how to make add dynamic IPs to NPM access lists. I came across a couple of GitHub issues (1, 2) on the topic. It looks like people have solved the problem, but not in a complete way without modifying the NPM docker image. I did not want to do that, so decided looking into writing a separate script.

Here is the (NPM) GitHub issue where the "fork of a fork" image came into existence (lepresidente/nginx-proxy-manager). It has some interesting discussions about the challenges of having NPM and CrowdSec coexist and cooperate.

Agree with this, myQ is such a dumpster fire. It needs to have an the ability to be managed over the local network instead of requiring the garage door and app connect to their server.

My very first experience with myQ was figuring out that their IP blocklist provider, brightcloud, blocks anything with the word "proxy" - including the default "it works" page for Nginx Proxy Manager [1]. And they have no way of overriding this to actually provide service if someone turns out to be a legitimate customer.

[1]: https://github.com/NginxProxyManager/nginx-proxy-manager/dis...

Edit: If you're using Nginx Proxy Manager there seems to be open PR for support for proxy protocol https://github.com/NginxProxyManager/nginx-proxy-manager/pull/1882 however in the comments there's a name of repository with this PR merged.