Homelab front door: reverse proxy and SSO gateway #25
Labels
No labels
burndown-2026-06
coherence-core
consult
headless
interactive
P0
P1
P2
P3
P4
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
coilyco-flight-deck/infrastructure#25
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally filed by @coilysiren on 2026-05-22T08:25:52Z - https://github.com/coilysiren/infrastructure/issues/243
Problem - Standard homelab layer Kai skipped past.
Reverse proxy options: Traefik, Caddy, Nginx Proxy Manager. The k3s cluster already has an ingress controller, so this is partly covered.
SSO gateway options: Authelia, Authentik, Pocket ID, tinyauth. One auth layer in front of every self-hosted service so login happens once, not per app.
Recommendation: pick an SSO gateway before the self-hosted app count grows. Authentik is full-featured, Authelia is lighter, Pocket ID is minimal OIDC.
Origin: homelab chat sweep, 2026-05-21.
Iceboxed in the 2026-05-29 backlog burn-down: reverse-proxy/SSO gateway, partly-covered speculative layer. Reopen anytime if it becomes real.