WebUI Login Security by Authentik or Token

gurucomputing / headscale-ui

A web frontend for the headscale Tailscale-compatible coordination server

BSD 3-Clause "New" or "Revised" License

1.59k stars 113 forks source link

WebUI Login Security by Authentik or Token #127

Closed masterwishx closed 4 months ago

masterwishx commented 6 months ago

Using Lasted version of HeadScale in Docker + headscale-ui + Nginx Proxy Manager. is any way to secure login to webUI maybe by Authentik or some Token? i tryed but cant make it work behind Authentik.

routerino commented 6 months ago

Yes in the sense that you can secure any web application via an oauth proxy. No in that it is not necessary. See https://github.com/gurucomputing/headscale-ui/blob/master/SECURITY.md#authentication-and-authorization

masterwishx commented 6 months ago

Yes in the sense that you can secure any web application via an oauth proxy. No in that it is not necessary. See https://github.com/gurucomputing/headscale-ui/blob/master/SECURITY.md#authentication-and-authorization

Thanks, i got it. Also i saw its using local storage of browser , its not a big problem but tried to proxy access to /web page by Authentik. but it seems not working in regular way like for other apps are working ... using Nginx Proxy Manager + Authentik.

masterwishx commented 6 months ago

Also interesting ,in docs says for NPM i should set container port 443 and in dockerfile exposed 443 , but for now im using:
ports:

9943:80 and all working fine. is it important to set port 443 in Nginx Proxy Manager ? if its still protected by https in Proxy ? Using hs.mysite.com/web

masterwishx commented 6 months ago

can be return 301 https://$host/web; added to /admin location in Nginx Proxy Manager ,is it safe ?

routerino commented 4 months ago

Closing due to no replies within 30 days and as a general cleanup