Homelab front door: reverse proxy and SSO gateway #25

New issue

Closed

opened 2026-05-23 20:54:29 +00:00 by coilysiren · 1 comment

coilysiren commented 2026-05-23 20:54:29 +00:00

Owner

Copy link

Originally filed by @coilysiren on 2026-05-22T08:25:52Z - https://github.com/coilysiren/infrastructure/issues/243

Problem - Standard homelab layer Kai skipped past.

Reverse proxy options: Traefik, Caddy, Nginx Proxy Manager. The k3s cluster already has an ingress controller, so this is partly covered.

SSO gateway options: Authelia, Authentik, Pocket ID, tinyauth. One auth layer in front of every self-hosted service so login happens once, not per app.

Recommendation: pick an SSO gateway before the self-hosted app count grows. Authentik is full-featured, Authelia is lighter, Pocket ID is minimal OIDC.

Origin: homelab chat sweep, 2026-05-21.

_Originally filed by @coilysiren on 2026-05-22T08:25:52Z - [https://github.com/coilysiren/infrastructure/issues/243](https://github.com/coilysiren/infrastructure/issues/243)_ **Problem** - Standard homelab layer Kai skipped past. Reverse proxy options: **Traefik**, **Caddy**, **Nginx Proxy Manager**. The k3s cluster already has an ingress controller, so this is partly covered. SSO gateway options: **Authelia**, **Authentik**, **Pocket ID**, **tinyauth**. One auth layer in front of every self-hosted service so login happens once, not per app. Recommendation: pick an SSO gateway before the self-hosted app count grows. Authentik is full-featured, Authelia is lighter, Pocket ID is minimal OIDC. Origin: homelab chat sweep, 2026-05-21.

coilysiren referenced this issue 2026-05-28 13:31:41 +00:00

Deploy path broken: WSL runner can't reach kai-server LAN IP 192.168.0.194 (registry push + k3s API time out) #175

coilysiren commented 2026-05-30 05:43:32 +00:00

Author

Owner

Copy link

Iceboxed in the 2026-05-29 backlog burn-down: reverse-proxy/SSO gateway, partly-covered speculative layer. Reopen anytime if it becomes real.

Iceboxed in the 2026-05-29 backlog burn-down: reverse-proxy/SSO gateway, partly-covered speculative layer. Reopen anytime if it becomes real.

coilysiren closed this issue 2026-05-30 05:43:32 +00:00

coilysiren added the

P4

label 2026-05-31 01:54:49 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dispatch/issue-294

tangled-knot

dispatch/issue-216

No results found.

Labels

Clear labels

  

P0

now / blocking / urgent

  

P1

next / important

  

P2

backlog / will do

  

P3

someday / low

  

P4

icebox / frozen / reopen if it becomes real

No labels

P0

P1

P2

P3

P4

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

coilyco-flight-deck/infrastructure#25

No description provided.