traefik-forward-auth VS selfhosted-apps-docker

BTW also keycloak and other similar products offer the oauth-proxy capability, I even used the original oauth2-proxy https://github.com/oauth2-proxy/oauth2-proxy for a while, but it was getting too difficult to maintain for me. I used for a while https://github.com/thomseddon/traefik-forward-auth that was a smart hack configuring a single upstream provider, but it look abandoned. So I was considering authentik but apparently it's just oauth2-proxy embedded in it, at that point why not use oauth2-proxy directly.

It seems there are some more recently updated forks.

Traefik Forward Auth

One way I got this to work (for another app that doesn’t go through cloudflare) was to use Traefik with forward-auth and this: https://github.com/thomseddon/traefik-forward-auth

In front of all of my private dashboards, I use Traefik Forward Auth to limit who can access them.

Hm, interesting. I have worked with traefik-forward-auth before, but I didn't know there is a fork. Are you using the fork? Would you happen to know if this issue from the original project still exists or if it's fixed in the fork?

https://github.com/thomseddon/traefik-forward-auth (just another option if everyone accessing already has a google account)

Traefik ingress + forward auth middleware + traefik-forward-auth does the trick.

Hey have u setup a forward auth? https://github.com/thomseddon/traefik-forward-auth

Heres documentation how I run mine. You need to learn a bit of docker, but its easy.

Heres the way I deployed it in docker using S6 image. Maybe try that if theres a change.

WD=/opt/rustdesk #rm $WD/ -R mkdir -p $WD/{setup,data,web} cd $WD/setup cat << 'EOF' >docker-compose.yaml version: '3.7' #Links #https://hub.docker.com/r/rustdesk/rustdesk-server/tags #https://rustdesk.com/docs/en/self-host/rustdesk-server-oss/docker/ #https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/rustdesk #https://github.com/rustdesk/rustdesk-server#s6-overlay-based-images #https://rustdesk.com/docs/en/self-host/rustdesk-server-pro/relay/ #https://rustdesk.com/docs/en/dev/build/web/ services: rustdesk_server: container_name: rustdesk_server hostname: rustdesk_server image: ${SERVER_IMAGE} # network_mode: host networks: - rustdesk_net ports: - 21115:21115 - 21116:21116 - 21116:21116/udp - 21117:21117 - 21118:21118 - 21119:21119 volumes: - type: bind source: /opt/rustdesk/data/ target: /data environment: - 'TZ=${TZ}' - 'RELAY=${RELAY}' - 'ENCRYPTED_ONLY=${ENCRYPTED_ONLY}' - 'KEY_PUB=${KEY_PUB}' - 'KEY_PRIV=${KEY_PRIV}' rustdesk_web: container_name: rustdesk_web hostname: rustdesk_web image: pmietlicki/rustdesk-web-client:latest # network_mode: host networks: - rustdesk_net ports: - 5000:5000 volumes: #docker cp rustdesk_web:/app . #sed -i -e 's/supportdesk.itportaal.nl/sub.domain.com/g' ./app/build/web/main.dart.js #sed -i -e 's/OvYPJS8I5xV+d6sx3a7Ce9TVakfKdT3Zy3T7C1jjx+A=/PUBKEY/g' ./app/build/web/main.dart.js - type: bind source: /opt/rustdesk/web/app/ target: /app - type: bind source: /opt/rustdesk/data/ target: /root environment: - 'TZ=${TZ}' networks: rustdesk_net: driver: bridge EOF

I tested several reverse proxy setups, the one I like the best is Caddy for its simplicity while being very feature rich. Here is a guide with examples how to setup Caddy. It includes even monitoring who connects from where.

I used plain wireguard on dockerhost for a while, now I am running wg-easy.

This guide could be useful.

Here is some basic setup to get the idea.

This repo should generally be useful, there is speedrun to hosting shit in docker in it...

This is bookstack compose I use.

prometheus + grafana + loki for monitoring, this could help