Pomerium VS Nginx Proxy Manager

Option 3: Pomerium might be an alternative as well.

That is not how you do Zero Trust. You want to use an Identity Aware Proxy. There are lots of ways you can implement this with Google as your core auth. For example Pomerium or oauth2-proxy.

I’m really surprised this sub has no love for Pomerium. I feel like it’s as simple as Caddy with all the security benefits of Traefik.

I am not sure if I understand how Pomerium works (or any identity-aware proxy).

Pomerium sidecar.

Just want to drop https://www.pomerium.com/ here. We use it at our company with ~1500 people with many apps behind the proxy. It also supports JWT for the backend, so you can integrate your apps easily without having to worry about the OAuth flow and also your apps are protected from random internet attacks.

You’ve got to protect. Anonymity is not going to work. Pomerium is another option in addition to those already suggested. https://github.com/pomerium/pomerium

I am currently looking at Wireguard/Tailscale (Wireguard based) options - early days for me so far. Also planning to look at something like Pomerium for a zero trust approach. https://www.pomerium.com/

I discovered these 3 amazing projects recently:

Cryptpad, essentially google docs/sheets/forms e2e encrypted. It does include collaboration. https://github.com/cryptpad/cryptpad

Immich, google photos self hostable, with share options https://github.com/immich-app/immich

Nginxproxymanager manages certificates and proxies to self hosted stuff through nginx https://github.com/NginxProxyManager/nginx-proxy-manager

Great self hosting stuff!

Nginx Proxy Manager

Take a look at NginxProxyManager. This would give you the opportunity to put everything in the form of service1.domain.com , service2.domain.com ,etc.

Prime example: Nginx Proxy Manager is often recommended in the sub. The latest minor release came with breaking changes (so already ignoring semver). I bet you many people were running on latest and then had broken stuff: https://github.com/NginxProxyManager/nginx-proxy-manager/releases/tag/v2.10.0

I started looking into how to make add dynamic IPs to NPM access lists. I came across a couple of GitHub issues (1, 2) on the topic. It looks like people have solved the problem, but not in a complete way without modifying the NPM docker image. I did not want to do that, so decided looking into writing a separate script.

Here is the (NPM) GitHub issue where the "fork of a fork" image came into existence (lepresidente/nginx-proxy-manager). It has some interesting discussions about the challenges of having NPM and CrowdSec coexist and cooperate.

Agree with this, myQ is such a dumpster fire. It needs to have an the ability to be managed over the local network instead of requiring the garage door and app connect to their server.

My very first experience with myQ was figuring out that their IP blocklist provider, brightcloud, blocks anything with the word "proxy" - including the default "it works" page for Nginx Proxy Manager [1]. And they have no way of overriding this to actually provide service if someone turns out to be a legitimate customer.

[1]: https://github.com/NginxProxyManager/nginx-proxy-manager/dis...

Edit: If you're using Nginx Proxy Manager there seems to be open PR for support for proxy protocol https://github.com/NginxProxyManager/nginx-proxy-manager/pull/1882 however in the comments there's a name of repository with this PR merged.