Self-Hosted Main

502 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

[email protected]

Using Google SSO and Cloudflare Tunnel to give access to web app (alien.top)

submitted 11 months ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

My wife and I are making a photos website for our families, she will be making the app itself (next.js and mongoDB) and I'm going to host it on our proxmox server from home. Just to preface I'm aware we could use something like Authelia but I don't want to have to manage a database of accounts/passwords for so many people and don't want people to have to make a new sign in which will undoubtedly end up with unsafe passwords, so we have decided to go the SSO route if we can. I'm just wanting to check I'm on the right track with the following questions:

I understand I can use cloudflare tunnels with google SSO to restrict access to the page, and this will mean we need a list of email accounts that will be able to access the page. Is there any way we can allow users who have access to invite other users to access the website, or is the only option to have people who want access to reach out to us and we add them ourselves? (Our thought is it will reach the extended family, so this will save us a bit of maintenance giving people access)
Will providing access this way allow us to have any userID from the SSO that we can use to facilitate user settings like favourites? Or would this mean moving the google sign in from cloudflare to the site itself?

Thanks in advance!

top 1 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 11 months ago

Is there any way we can allow users who have access to invite other users to access the website, or is the only option to have people who want access to reach out to us and we add them ourselves?

AFAIK, You’ll have to implement SSO in your app and handle what “invite” means there. If you use cloudflare you’ll need to put the list of emails there.

Will providing access this way allow us to have any userID from the SSO that we can use to facilitate user settings like favourites?

Your app will get Cf-Access-Authenticated-User-Emails and Cf-Access-Jwt-Assertion headers for the user. Would that be enough to implement what you need?