this post was submitted on 28 Sep 2023
44 points (97.8% liked)

Selfhosted

40198 readers
780 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'd like to set up my identity and authentication service for my self hosted applications but it is not a beginner friendly subject.

I'm aware of the various tools available; authentik, authelia, LLDAP, keycloak, etc and see lots of useful discussions on them which is great.

But I can't seem to find a beginner friendly introduction to setting up one or more of these tools that helps me understand the core concepts at the same time. Does such a thing exist?

I'd like to try out LLDAP and Authelia on my home lab and then possibly roll this out to my production services.

But every tutorial I've come across seems to assume a fair amount of knowledge that I don't think I have.

For instance if I deploy LLDAP what should I use as my base DN? And how can I seperate a homelab directory from a seperate production directory?

Any pointers gratefully received.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago

I don't have a simple guide, but it's probably a good idea to reduce the number of moving parts if you're trying to keep stuff simple. So pick something that has all the features in-one (user management, authentication, authorization, ...). They might not be the best at ever single thing (they almost certainly won't), but doing it all usually means that it's easier to configure and you don't need to wire multiple things together.

I've recently moved from Authelia to Authentik due to some features that I was missing/wishing for, but between those two I'd definitely say Authenlia is easier to get running initially (and you don't need external LDAP for it, as others have mentioned).

You'll probably still need a proxy that can do proxy auth because not all services can do OICD/OAuth2. I'm using Traefik, but heard that Caddy is easier to set up initially (can't compare myself).