this post was submitted on 25 Jul 2023
58 points (96.8% liked)

Selfhosted

60177 readers
703 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
58
Is it possible to set up 2FA on my self-hosted services? (ttrpg.network)
submitted 2 years ago by Gutless2615@ttrpg.network to c/selfhosted@lemmy.world
26 comments fedilink hide all child comments
 

I have a suite of services exposed using a reverse proxy (npm) protected with passwords, but I'm always a bit nervous that username/passwords aren't enough -- is there a way to set up 2FA either on Nginx Proxy Manager side or on, e.g., the 'arr suite of apps?

you are viewing a single comment's thread
view the rest of the comments
[–] dotslashme@infosec.pub 25 points 2 years ago (4 children)

You could look into apps like authelia, keycloak, authentic, etc.

[–] Gutless2615@ttrpg.network 10 points 2 years ago (1 children)

authelia

Ah that sounds like exactly what I'm looking for, actually. Thanks. Any tutorial you have that you can recommend?

[–] wedge_film@lemmy.dbzer0.com 9 points 2 years ago (2 children)

I usually recommend this one. There's a section for NPM you'll find useful.

[–] Gutless2615@ttrpg.network 4 points 2 years ago

Dope, thanks

[–] kzs@feddit.ch 3 points 2 years ago

Yeah, I think Ibracorp is great, found it useful in some detail questions Let me however recommend this link from Smart Home Beginner: I set up my server based on this one, with Authelia and Duo for 2FA

[–] FancyGUI@lemmy.fancywhale.ca 5 points 2 years ago (2 children)

Yep! Authentik is my choice there, and it works flawlessly for my use-cases. The only thing that keeps me on my toes is still the celery dependency on redis that makes it not HA. They're working on it and making me happy :)

[–] vDzn34WWr2@programming.dev 3 points 2 years ago (2 children)

HA?

[–] Zikeji@programming.dev 3 points 2 years ago

Highly available. For example, being able to run multiple instances of it and if one server goes down the other picks up slack.

[–] FancyGUI@lemmy.fancywhale.ca 2 points 2 years ago

HighAvailability

[–] Lem453@lemmy.ca 3 points 2 years ago

This is the way, look up techno Tim's "ssl everywhere" video to get traefik with wildcard ssl for Internet facing and local services then set up authentik and you will have a solid setup that will last for years with a solid foundation.

[–] mhzawadi@lemmy.horwood.cloud 2 points 2 years ago

I use keycloak for all by services that dont have any 2FA, I use an oauth proxy to front the service

[–] kratoz29@lemmy.world 2 points 2 years ago (1 children)

I have a Synology NAS (my humble server) would that work with it too??? For example the DSM page (which I don't have exposed).

[–] Pfosten@feddit.de 2 points 2 years ago (1 children)

Synology's DSM has built-in MFA support, though it also has some features for external identity management. I don't think Keycloak and so on would be compatible though.

[–] kratoz29@lemmy.world 1 points 2 years ago

Yeah you are right, they already support 2FA.