I host a few docker containers and use nginx proxy manager to access them externally since I like to have access away from home. Most of them have some sort of login system but there are a few examples where there isn’t so I currently don’t publicly expose them. I would ideally like to be able to use totp for this as well.

  • Uninvited Guest
    link
    fedilink
    English
    29 months ago

    How does this work for you when using an app (E.g. Nextcloud, home assistant, etc) where log in isn’t handled by a browser that can redirect, but instead expects username and password credentials entered in-app?

    • chiisana
      link
      fedilink
      English
      29 months ago

      I don’t use the two you’ve called out, so I cannot guarantee my Google results are accurate, but the principle is similar…

      If the app supports external authentication (usually, looking for things like OIDC, SAML, or SSO in the documentation), then I’d configure the app to do that and skip the Traefik middleware piece.

      This is what I’d do based on what I’m seeing on this article for NextCloud. That is, when all is said and done, I’d go https://nexcloud.myunexistent.deployment/ and be greeted with the next cloud login screen, where the external authentication option is shown on screen.

      A similar setup might be achieved with Home Assistant’s commandline authentication provider to delegate authentication out via command line setup. Alternatively, use hass-auth-header plugin along with trusted proxy to delegate authentication out to the reverse proxy.

      Hope this points to a relevant direction for you!