Blog by Marco
A blog about tech & coding

Use Authelia for single-sign on with Caddy as a reverse proxy

By Marco on Tue Oct 05 20211 min readself-hosting

For self-hosting enthusiasts, exposing web applications to the internet for private or public use is a recurring problem to solve. Sometimes you might want to expose web applications for just yourself, but don't want the entire world to use those services. A common way of solving this is by using a VPN. However, a VPN is not perfect either because you always have to connect to VPN to be able to use the web service.

A good alternative would be to secure your web applications use a single sign-on portal. Using this method, you can access your private web applications over the internet without need for a VPN, but still have a secure layer in front of the application to restrict access.

Authelia is a popular open-source single sign-on portal that you can easily host yourself.  It works by default with reverse proxies such nginx, Traefix or HAProxy. However, my favourite reverse proxy is Caddy and that one is missing from the list of supported reverse proxies. Luckily, we can easily solve this problem by putting Traefik as a reverse proxy for secure applications behind Caddy (reverse proxy behind a reverse proxy).

Simply create an entry in your Caddyfile for the domains you want to be secured (including the domain for Authelia), and forward all those domains to Traefik. In my case, Caddy is in the same network as Traefik so I can simply forward all requests to the https://traefik:443.

authelia.mydomain.com, veryprivateservice.mydomain.com, anotherprivateservice.mydomain.com {
  reverse_proxy {
    to https://traefik:443
    transport http {
      tls_insecure_skip_verify
    }
  }
}

A few things to notice here:
1. Internal traffic must be https encrypted because Authelia is not able to set secure cookies without.
2. The tls_insecure_skip_verify flag is added to avoid insecure certificate errors. Normally this is not recommended in production, but since our traffic will be encrypted using HTTPS externally, it's not a problem.

Now proceed to configure Authelia according to the documentation, and enjoy your secured web applications!

Tags

self-hostinghow totips & tricks

Simple network performance measurements with iperf

iperf is free open-source command-line utility for measuring network performance. It is available for Linux, Windows and macOS. It can be used in both client and server mode. Install iperf * Ubuntu: sudo apt-get install -y iperf * macOS: brew install iperf * Windows: download here Server mode To run iperf in server mode, run the following command: iperf -s It listens to TCP port 5001 by default. You change this by specifying the -p parameter. If you are doing wireless network perform

Fri Jan 21 2022

Using pyenv for Python version management

Python is currently the 2nd most used programming language in the world. Development tools are increasing in quality as well, making life as a Python developer much easier (shoutout to Visual Studio Code, poetry, black and flake8). Most of the time you use only the Python version installed in your operating system. However, projects can require different Python versions, sometimes even made explicit thanks to poetry. pyenv is a cli-utility that solves this problem by making it easy to manage Py

Mon Nov 16 2020