Self-Hosted Main

515 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

communick@selfhosted.forum

Is Authentik too much for a HomeLab? (alien.top)

submitted 1 year ago by lockstock27@alien.top to c/main@selfhosted.forum

7 comments fedilink hide all child comments

I've got 2 hosts. A slightly more powerful sff tower running my media stuff and arr services. VPN gateway that the arr's route through etc. I have a raspberry pi that's running my Adblocker, reverse proxy, Wireguard some stuff for a small business I run... So a website platform and invoice/time logging system.

Anyway these various services are mostly secured by password. Only the website is accessible externally. Any other service is only accessible internally or via Wireguard VPN.

Just at that stage asking myself "where do I draw the line?"

Would be nice to centrally manage logins but I suspect the mismash of services I run wont all support SSO.

I think In today it must be near 25-30 services / containers.

Authentik looks good. But wondering whether it's just going to be something I only use a fraction of and "a bit overkill" for my needs?

top 7 comments

sorted by: hot top controversial new old

[–] LeftBus3319@alien.top 1 points 1 year ago

I do run Authentik and even for applications I don't expose to the internet, for the sole reason of multiple accounts. I have friends who use my server so it's not just a single user environment. Thus, complete control of authentication is a must for me. Might be worth considering if this might apply to you too!

[–] pimenteldev@alien.top 1 points 1 year ago

I use Authentik exclusively for Immich and I have no regrets. The application is wonderful and I can use for other things if needed.

Immich is the only service that I host and expose that contains important data, so having the SSO (which I also have 2FA) already adds a lot of comfort to my mind.

[–] VIDGuide@alien.top 1 points 1 year ago

The whole point of a homelab is traditionally overkill, so I don’t think there is such a line :)

[–] Azelphur@alien.top 1 points 1 year ago

I think it depends on your use case.

If you live alone, or maybe with one other person, the people staying at your house don't change, then why bother with SSO?

If you're like me, have 4 people living in the house, 2 are lodgers, sometimes people come and stay for a while and need home assistant access, different people need different privileges, you need to provision wireguard for everyone, etc.

[–] Feahnor@alien.top 1 points 1 year ago

Too much for a home lab?

Is this a challenge? People here have better equipment at home than my isp does. Don’t challenge this sub lol

[–] thecomputerguy7@alien.top 1 points 1 year ago

I was actually looking at Keycloak myself due to needing something more “professional looking” and something more “enterprise-y” which translates to our security guy hearing more about keycloak than authentik. They all should work somewhat the same though, and have the same end functionality.

I’m not sure of the technical stuff, but I believe you could use something like Oauth2 Proxy in front of your services, but that may or may not be more trouble than it’s worth, assuming it works the way I think it does. I could be wrong.

[–] SnooDoubts2008@alien.top 1 points 11 months ago

Based on your setup, you might find ZITADEL (https://zitadel.com/docs/self-hosting/deploy/overview) a great fit for centralized login management. It's versatile enough to handle a variety of services and containers, making it ideal even for mixed environments like yours. It'll also be worth watching this video for a demo on how to set up SSO - https://www.youtube.com/watch?v=1T1uxKW06Vs