Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Possibly mTLS, which you'd configure in your reverse proxy. You could email them the certificate and instructions on installing it. I believe for Chromium browsers on Windows you basically just double click the cert and click through the wizard. Firefox I know has a thing in the settings for importing the cert. Android you just tap on the cert and make sure it opens with 'Certificate Installer' if it gives you the option.
I recently did exactly this. Only works with the web UI, no apps support it, but working well and those without the cert just get a 400 error. Not sure if non technical tbh, since you will get warnings when adding your root certificates to any device, and that might scare some who don't understand what it does.
Also set it up through wireguard, so can punch out of double NAT.
Yeah that's true.
It's not a root certificate, and I've never seen any warnings.
You need the web site to use a certificate from the same root authority as your client certificate. Otherwise browsers won't present the certificate to the server. That means either warnings on connect or adding the root cert.
I do think if you are doing it with them in person it is doable to add it.
I'm not sure if I've misunderstood you, but I use Lets Encrypt for the server's TLS, and then my own CA cert (which is only present on the webserver) for the client's mTLS and everything works fine, since it's the client that validates the server's cert and the server that validates the client's cert.
This should be at the top
Not a terrible idea but im not sure rokus or fire sticks or whatever even have this capability.
Yeah, good to do for web ui, but none of my friends and family ever use the web ui. They are all on TVs. VPNs are probably easier to setup than mTLS if you're having people use their computers.