williamstein
commented
2 months ago I looked deeper.
- The automatic ssl setup is via "caddy" -- https://caddyserver.com/ -- "he Ultimate Server with Automatic HTTPS", which is a Go web server with very good lets encrypt integration.
- The Auth & 2-factor is done via a stack based on https://zitadel.com/, and that stack is NOT fully open source, since it seems to depend on Cockroachdb, which uses the "business source license". However, definitely zitadel can instead be used with postgresql, which is open source.
haraldschilly
I just ran through the quickstart for on prem netbird, and it installs open source free on prem Zitadel as part of the process. Interestingly, this fully configures and sets up 2-factor authentication... which is pretty cool! Since this can clearly easily be done for free with open source, we should also do it with cocalc. Currently the only 2-factor option for our users is via a third party login provider such as Google.
CON TO THIS: people lose their codes and we have to deal with it...
And this is longterm. I'm mainly just recording some links here, since I was really impressed. Another thing that surprised me is that netbird's on prem open source install somehow has a non-self-signed https cert. That's impressive that it is also automated.