Yeah, sounds like a security feature… I was able to configure Traefik to connect with TLS, verifying the peer certificate.
Yeah, sounds like a security feature… I was able to configure Traefik to connect with TLS, verifying the peer certificate.
Yes, it should cover all the use cases you mention!
I use oauth2-proxy as ForwardAuth on Traefik so I can protect apps that do not support OAuth/OIDC login/
I use kanidm with oauth2-proxy. No issues so far, it was pretty easy to set up.
Note that the connection to kanidm needs to be TLS even if you have a reverse proxy!
EDIT: currently using 80MB RAM for two users and three Service Providers.
Hey there! I’m also a fellow Reddit expat, deleted my logins in the day the API limits went into effect. I’m also coming from a long pause in activity, I’m planning to try some SOTA once the weather gets a bit warmer. I’m the proud owner of a IC-706mk2G with a couple of blown caps (I really hope the FETs are okay) and a bunch of handhelds. 73 de IV3BSI
I think you can create a group for friends and a group for family. If you want more separation I think Authentik handles multi-tenancy as well
Saving this for all my future pro-systemd flames, thank you!
It’s a bit chaotic, and they try to force you to pay for other stuff in the process, but the prices were not that far off from other registrars. Note that I use DeSEC for the actual nameservers though.
I’ve moved mine to Infomaniak (Switzerland), no complaints so far!
Maybe you could try tryton? It’s modular and you can add a lot of useful functionality for businesses, like stocks/orders etc
I’m also leaving, migrates to infomaniak as a registrar, DeSec as DNS provider and Migadu for email… no regrets!
Sure, but it’s a question of principle. I try to use and support FLOSS software if possible.
Aw man… and I was just thinking about deploying Nomad in my homelab…
I use sops
, usually with exec-env
Huh, that’s actually way better than my current setup of spamming me on Telegram every time there’s an update
Exactly this. In a federated network, the instance with the majority of users could dictate the protocol, forcing the smaller issues to continually adapt or die. See this post for a very real example of this.
Yeah, I was registering my domains there because they are in Europe and had some extra services, I’ll be taking my business elsewhere now
Yeah, that’s a solid choice! I’ve used their proxy service and was pretty solid.
The only alternative I know of that goes close to what FreeIPA does (minus the cert part) is kanidm. It does:
I just noticed they have a beta for multimaster replication, which is nice.
I use it at home. Note, though, that it does not do any hand-holding, and all configuration is done through CLI. Also note, there are docs for the stable or dev branch and there sometimes are big differences between the two.