WingNews logo WingNews
top | item 39335246

(no title)

alex3305 | 2 years ago

Recently I looked into having a relatively simple SSO setup for my homelab. My main objective is that I could easily login with Google or GitHub auth. At my previous job I used both JetBrains Hub [1] and Keycloak but I found both of them a bit of a PITA to setup.

JetBrains Hub was really, really easy to get going. As was my previous experience with them. The only thing that annoyed me was the lack of a latest tag on their Docker registry. Don't get me wrong, pinned versions are great, but for my personal use I mostly just want to update all my Docker containers in one go.

On the other hand I found Keycloak very cumbersome to get going. It was pretty easy in dev mode, but I stumbled to get it going in production. AFAIK it had something to do with the wildcard Let's Encrypt cert that I tried to use. But after a couple of hours, I just gave up.

I finally went with Dex [2]. I had previously put it off because of the lack of documentation, but in the end it was extremely easy to setup. It just required some basic YAML, a SQLite database and a (sub)domain. I combined Dex with the excellent OAuth2 Proxy and a custom Nginx (Proxy Manager) template for an easy two line SSO configuration on all of my internal services. I also created an Dex Docker template for unRAID [4].

In addition to this setup, I also added Cloudflare Access and WAF outside of my home to add some security. I only want to add some CrowdSec to get a little more insights.

1. https://www.jetbrains.com/hub/

2. https://dexidp.io/

3. https://github.com/oauth2-proxy/oauth2-proxy

4. https://github.com/alex3305/unraid-docker-templates

discuss

order

mnming|2 years ago

I use obligator with ephemeral storage, no db, 100% code driven setup.

In my opinion this is the simplist option.

https://github.com/lastlogin-io/obligator

alex3305|2 years ago

Great addition. I remember that I also looked at Obligator and saved it to my bookmarks. But I decided against it because IMHO the project was just a bit too young. Normally I tend to ignore that, but I really didn't want to switch auth/SSO solutions in a couple of months time because of a lack of maintenance or something like that.

apitman|2 years ago

What features does oauth2-proxy provide that Dex is missing?

alex3305|2 years ago

Dex only acts as a federated identity provider. Unlike oauth2-proxy which acts as a service provider for services that don't have authentication themselves.