g5pw

@g5pw@feddit.it

This profile is from a federated server and may be incomplete. For a complete list of posts, browse on the original instance.

g5pw , (edited )

I use kanidm with oauth2-proxy. No issues so far, it was pretty easy to set up.

Note that the connection to kanidm needs to be TLS even if you have a reverse proxy!

EDIT: currently using 80MB RAM for two users and three Service Providers.

g5pw ,

Yes, it should cover all the use cases you mention!

I use oauth2-proxy as ForwardAuth on Traefik so I can protect apps that do not support OAuth/OIDC login/

g5pw ,

Yeah, sounds like a security feature… I was able to configure Traefik to connect with TLS, verifying the peer certificate.

g5pw ,

I didn’t have any issues, do you see anything in the logs?

g5pw ,

I mean, it is a bit rough, they’re not at 1.0 yet, also: are you looking at the stable or latest docs? That may be the reason the commands do not match with the docs.

g5pw ,

I also moved away my domains and the ones of the hackerspace I manage, mainly to:

  • infomaniak (Switzerland): a bit too pushy with extra services, but not bad
  • openprovider (NL): more geared towards bulk users, have to prepay (min 20€), but okay so far
  • aruba: meh, but free mailboxes are nice

I also use Migadu, they have been great so far!

desec.io for DNS, also great and supported by Traefik for DNS-01 ACME challenge.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • test
  • worldmews
  • mews
  • All magazines
    •