WebUI Login Security by Authentik or Token

gurucomputing / headscale-ui

A web frontend for the headscale Tailscale-compatible coordination server

BSD 3-Clause "New" or "Revised" License

1.79k stars 128 forks source link

WebUI Login Security by Authentik or Token #127

Closed masterwishx closed 9 months ago

masterwishx commented 10 months ago

Using Lasted version of HeadScale in Docker + headscale-ui + Nginx Proxy Manager. is any way to secure login to webUI maybe by Authentik or some Token? i tryed but cant make it work behind Authentik.

routerino commented 10 months ago

Yes in the sense that you can secure any web application via an oauth proxy. No in that it is not necessary. See https://github.com/gurucomputing/headscale-ui/blob/master/SECURITY.md#authentication-and-authorization

masterwishx commented 10 months ago

Yes in the sense that you can secure any web application via an oauth proxy. No in that it is not necessary. See https://github.com/gurucomputing/headscale-ui/blob/master/SECURITY.md#authentication-and-authorization

Thanks, i got it. Also i saw its using local storage of browser , its not a big problem but tried to proxy access to /web page by Authentik. but it seems not working in regular way like for other apps are working ... using Nginx Proxy Manager + Authentik.

masterwishx commented 10 months ago

Also interesting ,in docs says for NPM i should set container port 443 and in dockerfile exposed 443 , but for now im using:
ports:

9943:80 and all working fine. is it important to set port 443 in Nginx Proxy Manager ? if its still protected by https in Proxy ? Using hs.mysite.com/web

masterwishx commented 10 months ago

can be return 301 https://$host/web; added to /admin location in Nginx Proxy Manager ,is it safe ?

routerino commented 9 months ago

Closing due to no replies within 30 days and as a general cleanup